malware wont work or internet

cattch08 · 07-15-2009, 10:30 AM

Hi hope someone can help. I am in safe mode as this is the only way i can get on the net. I downloaded a fake codec and got infected now i can not run internet explorer or any spyware/malware to detect it,i have tried running malware from the net but wont let me open its as if it knows what im doing.I even downloaded malwarebytes to memory stick then loaded it but still wont run.When im in normal mode i can open maybe one item then the computer freezes.Dont want to reformatt if possible but ive been told thats the only solution can any of you clued up cookies help. When i run AVG it finds som trojans but when i click to remove it says folder not big enough. Now i have something called WINIFIGHTER which i have downloaded trying to fix this and it pops up all over the place thanks Allison was asked to do again with logs and other thread closed

im on win xp
DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Al at 17:11:28.37 on 15/07/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1684 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPRV10.EXE
E:\CCleaner\CCleaner.exe
C:\Documents and Settings\Al\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {206e52e0-d52e-11d4-ad54-0000e86c26f6} - e:\freshdownload\fdcatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [setup2.exe] c:\windows\system32\setup2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoRecentDocsNetHood = 01000000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\spybot~1\SDHelper.dll
Trusted Zone: antimalwareguard.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\peggle\images\armhelper.ocx
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
TCP: NameServer = 85.255.112.92,85.255.112.104
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll
Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-20 108552]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2006-6-24 86784]
S1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2007-4-15 4064]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-20 335752]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-20 27784]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-20 298776]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-7-14 128240]
S2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-2-17 598856]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-10-18 826112]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C4.tmp [2009-7-15 5760]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 uxddrv;Dynamically loaded UxdDrv;\??\d:\diagnose\wsteng\uxddrv.sys --> d:\diagnose\wsteng\uxddrv.sys [?]

=============== Created Last 30 ================

2009-07-15 08:15 10,312 a------- c:\windows\system32\155cz9r14.exe
2009-07-15 07:26 5,760 -------- c:\windows\system32\C4.tmp
2009-07-14 23:43 250,544 a------- c:\windows\system32\KeyHelp.ocx
2009-07-14 23:43 <DIR> --d----- c:\program files\common files\Scanner
2009-07-14 23:43 111,856 a------- c:\windows\system32\wbem\canvprov.dll
2009-07-14 23:43 6,552 a------- c:\windows\system32\wbem\canvprov.mof
2009-07-14 23:43 <DIR> --d----- c:\program files\CA
2009-07-14 23:41 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\CA
2009-07-14 22:52 443,051 ac------ C:\20091407_224411_Al july 09.nbi
2009-07-14 22:47 <DIR> -cd----- C:\20091407_224411_Al july 09
2009-07-14 19:21 389,120 a------- c:\windows\system32\CF24530.exe
2009-07-14 17:46 <DIR> --d----- c:\program files\WiniFighter Software
2009-07-14 16:54 11,307 a------- c:\windows\system32\6zc8spyware1959.cpl
2009-07-13 21:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 21:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 21:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 18:20 52,224 a------- c:\windows\system32\MSIVXfecgftvltylgewidpnpvrabuvdxlxiqw.dll
2009-07-13 18:20 22,528 a------- c:\windows\system32\MSIVXrpqmrrtvsiymbfniwuctetkoxjplqjrn.dll
2009-07-13 18:20 4 a------- c:\windows\system32\MSIVXcount
2009-07-13 17:59 0 a------- c:\windows\AoADVDRipper.INI
2009-07-13 17:59 4,455 a------- c:\windows\system\Winaspi.dll
2009-07-13 17:59 3,535 a------- c:\windows\system\Wowpost.exe
2009-07-13 17:59 3,082 a------- c:\windows\system32\affv9553p6now.sys
2009-07-13 15:51 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-07-13 15:51 <DIR> --d----- c:\docume~1\al\applic~1\AVS4YOU
2009-07-13 15:49 <DIR> --d----- c:\program files\common files\AVSMedia
2009-07-13 15:49 974,848 a------- c:\windows\system32\mfc70.dll
2009-07-13 15:49 487,424 a------- c:\windows\system32\msvcp70.dll
2009-07-13 15:49 24,576 a------- c:\windows\system32\msxml3a.dll
2009-07-13 15:49 <DIR> --d----- c:\program files\AVS4YOU
2009-07-13 15:40 <DIR> -cd----- C:\TempDVD
2009-07-13 15:39 <DIR> --d----- c:\program files\dvdSanta
2009-07-13 06:00 15,576 a------- c:\windows\system32\29399viru572z.exe
2009-07-13 04:24 13,496 a------- c:\windows\system32\25329not9a-viruszd5.bin
2009-07-12 11:43 <DIR> --d----- c:\program files\VSO
2009-07-12 11:38 <DIR> --d----- c:\program files\Pro Imaging Powertoys
2009-07-12 11:35 <DIR> --d----- c:\windows\system32\URTTEMP
2009-07-11 16:01 16,542 a------- c:\windows\9z258not-a-virus37b.dll
2009-07-11 15:42 11,284 a------- c:\windows\2195adzwar51150.exe
2009-07-11 11:18 8,743 a------- c:\windows\system32\518bthreat255z19.exe
2009-07-11 09:01 14,959 a------- c:\windows\289zaddwa9e5321.cpl
2009-07-10 08:19 11,972 a------- c:\windows\4994threat15z04.exe
2009-07-06 05:52 3,221 a------- c:\windows\system32\2536stealz944.bin
2009-07-05 21:57 3,788 a------- c:\windows\system32\1241z5ac9tool69e.bin
2009-07-05 20:04 15,118 a------- c:\windows\system32\4e2fback5oor9z02.cpl
2009-07-05 17:01 3,408 a------- c:\windows\system32\38e9ack5zor3044.dll
2009-07-05 00:53 9,298 a------- c:\windows\system32\3549ste5l219z.exe
2009-07-03 20:44 3,372 a------- c:\windows\system32\16z77spambo95eb.ocx
2009-07-01 15:04 8,528 a------- c:\windows\15321worm59z.ocx
2009-06-27 20:50 9,321 a------- c:\windows\system32\5caad9wzloader1559.ocx
2009-06-27 06:07 15,463 a------- c:\windows\system32\72z35roj249.exe
2009-06-27 01:46 10,880 a------- c:\windows\system32\9z145acktool509.ocx
2009-06-26 21:28 11,393 a------- c:\windows\235cvir9z9.cpl
2009-06-26 14:16 13,146 a------- c:\windows\z852virus75a9.dll
2009-06-26 10:52 7,797 a------- c:\windows\system32\375hacztool659.cpl
2009-06-24 23:04 10,023 a------- c:\windows\system32\1b09sp5wzre1972.dll
2009-06-24 14:16 <DIR> --d----- c:\program files\iPod
2009-06-24 14:16 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-24 14:15 <DIR> --d----- c:\program files\Bonjour
2009-06-23 04:42 13,193 a------- c:\windows\system32\1138h9cktool57z.exe
2009-06-22 23:40 11,411 a------- c:\windows\62f5sparze52159.cpl
2009-06-21 16:18 3,929 a------- c:\windows\55z14spamb9t407.cpl
2009-06-21 13:01 8,700 a------- c:\windows\5358addware915z.cpl
2009-06-20 21:32 9,602 a------- c:\windows\system32\1945spyware69z.cpl
2009-06-20 21:19 13,532 a------- c:\windows\system32\458bsteal948z.cpl
2009-06-20 16:06 15,892 a------- c:\windows\232z29p5mbot568.cpl
2009-06-19 11:02 12,069 a------- c:\windows\9257t9ojz55.ocx
2009-06-18 07:11 8,507 a------- c:\windows\236659ac5tooz328.cpl
2009-06-17 08:19 13,903 a------- c:\windows\5796wor9z05.dll
2009-06-16 18:28 15,101 a------- c:\windows\system32\54329no9-a-virusz4.ocx
2009-06-16 17:45 2,901 a------- c:\windows\z9881worm5005.exe
2009-06-15 20:16 <DIR> -cd----- C:\.jagex_cache_32

==================== Find3M ====================

2009-07-15 01:58 1,984 a------- c:\windows\system32\d3d9caps.dat
2009-07-14 17:45 351,744 a------- c:\windows\system32\setup2.exe
2009-07-13 23:18 2,268 a------- c:\windows\system32\tmp.reg
2009-07-03 08:44 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 09:09 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-15 09:31 3,323 a------- c:\windows\3cz9s5yware629.exe
2009-06-12 23:14 13,162 a------- c:\windows\13954spaz9ot7d6.exe
2009-06-10 09:19 7,396 a------- c:\windows\system32\2z065py7f9.bin
2009-06-10 03:51 8,949 a------- c:\windows\system32\545badzw5re295.exe
2009-06-04 03:47 13,634 a------- c:\windows\system32\1bczthi95421.bin
2009-06-03 20:01 8,209 a------- c:\windows\551bzteal996.dll
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-06-01 01:50 11,464 a------- c:\windows\30eaaddw59e9z8.exe
2009-05-24 13:43 8,510 a------- c:\windows\system32\25474worm69ez.bin
2009-05-22 03:10 17,967 a------- c:\windows\51z9hief2085.dll
2009-05-20 07:28 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-18 01:32 15,270 a------- c:\windows\system32\44a5downlo5d9r812z.bin
2009-05-17 16:11 18,174 a------- c:\windows\594cthr5az420.bin
2009-05-16 10:42 7,893 a------- c:\windows\system32\5591vizus393.exe
2009-05-13 21:17 13,652 a------- c:\windows\2582spzmb5t9b3.bin
2009-05-12 16:12 10,330 a------- c:\windows\system32\5a73add5are29z2.dll
2009-05-12 01:39 16,789 a------- c:\windows\2597thief1z61.exe
2009-05-11 22:29 15,794 a------- c:\windows\system32\637dzt5al3679.bin
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-04 21:35 5,631 a------- c:\windows\system32\11764hac9z5ol34f.dll
2009-05-02 23:36 9,800 a------- c:\windows\2961spzwa5e174.dll
2009-04-29 05:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 05:46 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-27 02:26 17,670 a------- c:\windows\185z2s9y3345.bin
2009-04-25 05:57 13,423 a------- c:\windows\system32\5e9athrzat229375.exe
2009-04-24 18:06 5,970 a------- c:\windows\system32\300z3hackt9ol4b5.exe
2009-04-23 20:24 123,572 ac------ C:\MGlogs.zip
2009-04-19 18:19 6,890 a------- c:\windows\30420v9rus258z.exe
2009-04-18 09:55 3,276 a------- c:\windows\system32\3944spambotz6f5.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 11:36 7,632 a------- c:\windows\90f5stezl2115.exe
2008-12-30 13:34 61,480 a------- c:\documents and settings\al\GoToAssistDownloadHelper.exe
2008-11-09 19:56 67,296 ac------ c:\docume~1\al\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 17:11:57.34 ===============

CatByte · 07-15-2009, 03:07 PM

Hi and Welcome,

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted.
Please DO NOT run any scans or fix items without my direction.

Download Combofix from either of the links below. You must rename it before saving it.
Save it to your desktop.

**Note: In the event you already have Combofix - delete it (right click the icon > delete) this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".

Link 1
Link 2

During the download, rename Combofix to Combo-Fix as follows:

--------------------------------------------------------------------

It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.

-----------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

cattch08 · 07-15-2009, 04:06 PM

hi had to run combo fix with avg still enabled i was not able to get into avg as i was in safe mode as that is the only way i could get on the net thnx allison

ComboFix 09-07-14.08 - Al 15/07/2009 22:49.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1607 [GMT 1:00]
Running from: c:\documents and settings\Al\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Al\Start Menu\Programs\AlfaHD
c:\documents and settings\Al\Start Menu\Programs\AlfaHD\Uninstall.lnk
c:\windows\100995rz4d5.dll
c:\windows\1059hzef3202.cpl
c:\windows\1093not-a-vi5us6z0.dll
c:\windows\1122zvir5s65d9.dll
c:\windows\11325h5ckzoo9170.dll
c:\windows\115519pzmbot77e.ocx
c:\windows\118z4v5rus779.ocx
c:\windows\11d9thiez905.exe
c:\windows\12z87hacktool59.ocx
c:\windows\13137zpambot9a5.cpl
c:\windows\13892spa5b9tzb.exe
c:\windows\13954spaz9ot7d6.exe
c:\windows\13z95spy4a5.cpl
c:\windows\14033spa5bot659z.bin
c:\windows\143095zy448.exe
c:\windows\1466not-a-v5zu9142.cpl
c:\windows\15321worm59z.ocx
c:\windows\15465spz9bot57b.bin
c:\windows\15634spz39c.dll
c:\windows\15685troj5a9z.dll
c:\windows\15726s594z.bin
c:\windows\15729szyc39.bin
c:\windows\15797zroj7e1.cpl
c:\windows\15890zot-a-virus455.dll
c:\windows\15950s5y2z.ocx
c:\windows\15953zro929e.exe
c:\windows\15e3zir12709.bin
c:\windows\15easpywzre259.bin
c:\windows\165z8sp59df.cpl
c:\windows\16658zir5s393.dll
c:\windows\1728zhac9t5ol345.exe
c:\windows\17501vi9us4z0.bin
c:\windows\1764z9pa5bot567.dll
c:\windows\17755vz9us7d5.cpl
c:\windows\17z16tr9557e.cpl
c:\windows\185z2s9y3345.bin
c:\windows\1888backdoor15z9.dll
c:\windows\1902s5951z.dll
c:\windows\19306not-a-vz5us49c.dll
c:\windows\19515hack95ol1z3.dll
c:\windows\19541s5amzot589.cpl
c:\windows\19658vir5sz5b9.dll
c:\windows\1979zvir5s627.cpl
c:\windows\19925not-a-virus47z5.cpl
c:\windows\19955ackzoor1353.ocx
c:\windows\19960sp5z1a.cpl
c:\windows\19b75pywzre2577.ocx
c:\windows\19e95zr851.dll
c:\windows\19z51spambo9d1.cpl
c:\windows\1cz5backdoor9107.dll
c:\windows\206z5tr9j575.bin
c:\windows\20919z5j604.cpl
c:\windows\209879z5d.dll
c:\windows\213025ackt9ol5z.cpl
c:\windows\21359zru5393.cpl
c:\windows\21524w9rm518z.cpl
c:\windows\21525t9zj7d9.bin
c:\windows\21715not-a-virus195z.bin
c:\windows\2175hief1890z.dll
c:\windows\2195adzwar51150.exe
c:\windows\2297s5yz8.cpl
c:\windows\23235pyza9.bin
c:\windows\232z29p5mbot568.cpl
c:\windows\235cvir9z9.cpl
c:\windows\236659ac5tooz328.cpl
c:\windows\23892s5y94dz.exe
c:\windows\23adown9oader27z5.bin
c:\windows\25169v9rzs35.exe
c:\windows\2523n9t-azvirusd5.exe
c:\windows\2535ztroj389.exe
c:\windows\25458no9-a-viruz56c.dll
c:\windows\257125ot-a-virzs659.dll
c:\windows\2582spzmb5t9b3.bin
c:\windows\25844not-a-z5r9s73.dll
c:\windows\259269roj5z1.cpl
c:\windows\2597thief1z61.exe
c:\windows\26358spzm59t60a.ocx
c:\windows\26519noz-a-virus97.cpl
c:\windows\26615wzrm599.cpl
c:\windows\26655not-a-v9rus4zf.cpl
c:\windows\26z98spy4825.ocx
c:\windows\27153hackt9oz3a8.exe
c:\windows\2756a9dware129z.bin
c:\windows\278sz9mbot5e9.bin
c:\windows\278zb59kdoor2184.exe
c:\windows\27e6b5ckd9or98z.exe
c:\windows\28023t9ojz95.ocx
c:\windows\285945ozm1119.cpl
c:\windows\289845or9189z.bin
c:\windows\289zaddwa9e5321.cpl
c:\windows\2917stezl5265.cpl
c:\windows\2961spzwa5e174.dll
c:\windows\296839zckt5ol2cc.dll
c:\windows\297d5zdware182.dll
c:\windows\298955roj39z.bin
c:\windows\29916hzc9tool39b5.exe
c:\windows\2998wzr97455.bin
c:\windows\29c9bac5door620z.dll
c:\windows\2b9fs9yzare2295.cpl
c:\windows\2bbf9tea51385z.dll
c:\windows\2bc5d5wnzoader2589.ocx
c:\windows\2c48zteal2509.ocx
c:\windows\2cd59parsz2917.bin
c:\windows\2e50dow9zoader1583.ocx
c:\windows\2e9fspar5z2152.ocx
c:\windows\2ec9th5eat196z0.ocx
c:\windows\2z001v9r5s336.bin
c:\windows\2z3565ir9s4c2.ocx
c:\windows\2z495hac5toolfe.bin
c:\windows\2z89thief1195.bin
c:\windows\2z91d9wnloader5328.dll
c:\windows\2z975vi59s5db.cpl
c:\windows\30267not-a-v5ruzae9.ocx
c:\windows\30420v9rus258z.exe
c:\windows\3053backdoor9z6.exe
c:\windows\305z0worm9595.dll
c:\windows\306z6spam5ot29a.cpl
c:\windows\307825zr97c.dll
c:\windows\30c0st5al2z79.dll
c:\windows\30eaaddw59e9z8.exe
c:\windows\311z8ha5kto9l207.cpl
c:\windows\31z55hackt9ol501.exe
c:\windows\31z5895rme1.bin
c:\windows\32517wor91z5.exe
c:\windows\3310sp9waze3135.ocx
c:\windows\3417vir509z.ocx
c:\windows\3458s5y92z.cpl
c:\windows\3590downl5azer1529.ocx
c:\windows\36265p9mbot477z.exe
c:\windows\37199irz55.exe
c:\windows\37f3spa5ze9429.cpl
c:\windows\3825zormb59.bin
c:\windows\388viz25699.cpl
c:\windows\3959trzj4d3.dll
c:\windows\39650spambotzb3.exe
c:\windows\3970zroj55b.dll
c:\windows\39f5back5ooz1950.cpl
c:\windows\3b1aba9kdoo5117z.bin
c:\windows\3b90threa51097z.bin
c:\windows\3b999ddwaz51461.bin
c:\windows\3bd3addwzr92515.bin
c:\windows\3bz59ddware2124.exe
c:\windows\3cz9s5yware629.exe
c:\windows\3dd5t9reaz1485.bin
c:\windows\3e1dviz15959.bin
c:\windows\3ebz9ir566.bin
c:\windows\3f40b9ckd5or1z75.dll
c:\windows\3z7down5oader2199.ocx
c:\windows\3zat9reat25451.bin
c:\windows\4100n5tza-viru929a.exe
c:\windows\4119viru957az.cpl
c:\windows\41dste951173z.ocx
c:\windows\4294back5ozr369.cpl
c:\windows\4309s5ywarz3011.bin
c:\windows\4335zot-a-v59us717.exe
c:\windows\43a9th5eat3035z.dll
c:\windows\43cspywa5e594z.dll
c:\windows\4485downlzade92028.exe
c:\windows\44z6spa9bot415.bin
c:\windows\4538spazse93.cpl
c:\windows\453f5tea958z.dll
c:\windows\459zthief572.exe
c:\windows\45zdb9ckdoor472.cpl
c:\windows\47caa9dwzre305.cpl
c:\windows\4889zot5a-9irus2de.cpl
c:\windows\494bzpy5are1216.cpl
c:\windows\4994addzare2250.bin
c:\windows\4994threat15z04.exe
c:\windows\4b97backdoo5156z.exe
c:\windows\4dc9spywzre13245.exe
c:\windows\4f21spars92z57.bin
c:\windows\4ffbz95al1144.cpl
c:\windows\501e5ownloazer379.exe
c:\windows\501zsp9w5re2902.bin
c:\windows\505519pazbot7f0.ocx
c:\windows\509addzare1293.bin
c:\windows\50c3spzw9re707.bin
c:\windows\51359zrus35d.exe
c:\windows\51z9hief2085.dll
c:\windows\5216hac9toolbaz.bin
c:\windows\5240zparse15419.bin
c:\windows\5288spy9zre1352.exe
c:\windows\529zir2592.ocx
c:\windows\52f3a9dwarez954.ocx
c:\windows\5353t5re9t17z30.exe
c:\windows\5358addware915z.cpl
c:\windows\535zst5al1949.ocx
c:\windows\537z9pambot242.cpl
c:\windows\5382backz95r3186.dll
c:\windows\539cspars511z9.exe
c:\windows\53b3addwzre9476.dll
c:\windows\53cczhief5997.exe
c:\windows\53z37hacktoo9497.exe
c:\windows\5401vzr12975.ocx
c:\windows\542at9reat75z4.cpl
c:\windows\546zbackdoo9834.exe
c:\windows\54705hre9z2883.bin
c:\windows\54f9sparse154z.dll
c:\windows\551bzteal996.dll
c:\windows\5552vir1z09.exe
c:\windows\55558n9t-a-viruz22c.cpl
c:\windows\55bcszeal1964.bin
c:\windows\55d4spy9arez610.cpl
c:\windows\55z14spamb9t407.cpl
c:\windows\5606sza9bot439.cpl
c:\windows\5754zn9t-a-virus678.ocx
c:\windows\575d9ackdzor2842.cpl
c:\windows\5796wor9z05.dll
c:\windows\57aspar9e1z94.bin
c:\windows\57z93worm92.cpl
c:\windows\582thief90z5.exe
c:\windows\5838a9zware2055.dll
c:\windows\5885bz9kdoor1110.ocx
c:\windows\58c6spywar592z3.bin
c:\windows\5928azdwar59900.exe
c:\windows\594cthr5az420.bin
c:\windows\598cstezl19095.dll
c:\windows\5996wormz95.dll
c:\windows\59ddszywa9e2105.dll
c:\windows\5a91spa5sz8589.bin
c:\windows\5a96threat51z15.bin
c:\windows\5a9vzr30269.cpl
c:\windows\5adzdownl9ader2755.exe
c:\windows\5afzs5arse16219.exe
c:\windows\5bc7add59rz1959.bin
c:\windows\5c39down9oader5z2.ocx
c:\windows\5df9spyza5e2614.exe
c:\windows\5e4avir199z.dll
c:\windows\5eccthre5t1016z9.exe
c:\windows\5ed5spzrs91558.dll
c:\windows\5ef9steaz2565.bin
c:\windows\5ff6t9rezt31391.ocx
c:\windows\5z29d5ware2926.cpl
c:\windows\5z577worma9.dll
c:\windows\5z9d5hief890.ocx
c:\windows\60559eal11z4.bin
c:\windows\6170az9war52696.cpl
c:\windows\62f5sparze52159.cpl
c:\windows\64895ddware4z7.cpl
c:\windows\6588sp9rse1z63.ocx
c:\windows\663zst95l431.exe
c:\windows\66a6d5wnloade936z.ocx
c:\windows\678z5ac9tool3a2.bin
c:\windows\67f7do5nl9aderz276.exe
c:\windows\6816spa59e2457z.dll
c:\windows\6839backdooz5434.dll
c:\windows\687dspar5z9955.dll
c:\windows\695bsteal3217z.bin
c:\windows\6bf2dow5loazer960.exe
c:\windows\6c0czh9ef205.cpl
c:\windows\6cad9pywa5ez193.cpl
c:\windows\6fb9t5izf843.dll
c:\windows\6z01sp9mbo57a1.dll
c:\windows\6z20spam9ot534.ocx
c:\windows\7086spz5a9e1352.cpl
c:\windows\715zspy249.cpl
c:\windows\74azthief1459.ocx
c:\windows\7519szy1655.cpl
c:\windows\752fthiefz978.dll
c:\windows\753e5i99z9.exe
c:\windows\7542vir319z.exe
c:\windows\75995hiez3.bin
c:\windows\759fspywaze541.cpl
c:\windows\76305ackto9l5zd.ocx
c:\windows\7645hacktool39z.ocx
c:\windows\76579ddware1z735.bin
c:\windows\7700v5918z3.dll
c:\windows\7765troj9z2.bin
c:\windows\7798sparse2958z.dll
c:\windows\78b0addz9re8095.cpl
c:\windows\79449ownloader15z8.ocx
c:\windows\7a79oznloader5892.exe
c:\windows\7c80stez95290.ocx
c:\windows\7ce9spyza5e1041.cpl
c:\windows\7e8zbackdoor5995.exe
c:\windows\7eb5vir2909z.dll
c:\windows\7z759ownloader2575.dll
c:\windows\7zes9yware6015.dll
c:\windows\805spz9bot6e7.dll
c:\windows\82z2sp95bot6b6.exe
c:\windows\8639zy56.bin
c:\windows\8955spy608z.dll
c:\windows\8995spambzt518.ocx
c:\windows\8d4addwaze9582.dll
c:\windows\90f5stezl2115.exe
c:\windows\90f5thiefz56.ocx
c:\windows\90z6not-a-95rus5d3.cpl
c:\windows\91591tro52dz.bin
c:\windows\92437no5-a-zirus3a9.bin
c:\windows\9257t9ojz55.ocx
c:\windows\93807wzrm575.cpl
c:\windows\94553wzrm250.bin
c:\windows\95072szambot206.dll
c:\windows\951zvir1284.bin
c:\windows\95389t5oz2c5.bin
c:\windows\9548thzef2466.ocx
c:\windows\954thief1z39.ocx
c:\windows\9551vir1602z.exe
c:\windows\957bvirz181.exe
c:\windows\95827hac5tooz45e.cpl
c:\windows\959b5ir1649z.dll
c:\windows\9605ztroj50d.bin
c:\windows\96383troj5zc.dll
c:\windows\96525worm7z8.cpl
c:\windows\9656th5zat4779.bin
c:\windows\96654hacktool5z4.cpl
c:\windows\9754worm5z5.bin
c:\windows\98z1threat25331.cpl
c:\windows\993a5dzare2417.ocx
c:\windows\9940sparse2z56.dll
c:\windows\9959wzrm2949.bin
c:\windows\99768zorm5e7.cpl
c:\windows\9a9aspar5e920z.ocx
c:\windows\9af4addzare5591.dll
c:\windows\9cf6s5ywaze3114.cpl
c:\windows\9ecthre5t9z158.dll
c:\windows\9f51spywa5e325z.cpl
c:\windows\9fb5zhief2914.exe
c:\windows\9z01downloader7805.cpl
c:\windows\9z1vi9us165.ocx
c:\windows\9z258not-a-virus37b.dll
c:\windows\9z795s5y81.exe
c:\windows\c13ste9l590z.cpl
c:\windows\c9zspywar51259.exe
c:\windows\CouponPrinter.ocx
c:\windows\d08thre9z323995.cpl
c:\windows\d2dsz9ware11195.exe
c:\windows\e9avir5197z.ocx
c:\windows\Installer\10c72c45.msp
c:\windows\Installer\10c72c4b.msp
c:\windows\Installer\10c986cf.msp
c:\windows\Installer\10c986d5.msp
c:\windows\Installer\10f3811.msp
c:\windows\Installer\10f3817.msp
c:\windows\Installer\10f381d.msp
c:\windows\Installer\10f3823.msp
c:\windows\Installer\10f3829.msp
c:\windows\Installer\10f382f.msp
c:\windows\Installer\111ffde1.msp
c:\windows\Installer\111ffde7.msp
c:\windows\Installer\1155a51.msp
c:\windows\Installer\1155a57.msp
c:\windows\Installer\1155a5d.msp
c:\windows\Installer\1309722c.msp
c:\windows\Installer\13097232.msp
c:\windows\Installer\13a40893.msp
c:\windows\Installer\13a40899.msp
c:\windows\Installer\15442cf.msp
c:\windows\Installer\15442d5.msp
c:\windows\Installer\1567407.msp
c:\windows\Installer\156740d.msp
c:\windows\Installer\15ed7152.msp
c:\windows\Installer\15ed7158.msp
c:\windows\Installer\15efecf0.msp
c:\windows\Installer\15efecf6.msp
c:\windows\Installer\1646a997.msp
c:\windows\Installer\1646a99d.msp
c:\windows\Installer\17454622.msp
c:\windows\Installer\17454628.msp
c:\windows\Installer\1745462e.msp
c:\windows\Installer\18312b99.msp
c:\windows\Installer\18312b9f.msp
c:\windows\Installer\1849fd9a.msp
c:\windows\Installer\1849fda0.msp
c:\windows\Installer\18c97b0d.msp
c:\windows\Installer\18c97b13.msp
c:\windows\Installer\1acc92a.msp
c:\windows\Installer\1acc938.msp
c:\windows\Installer\1ad2c0a.msp
c:\windows\Installer\1ad2c10.msp
c:\windows\Installer\1cef9697.msp
c:\windows\Installer\1cef969d.msp
c:\windows\Installer\204aaae.msp
c:\windows\Installer\204aac8.msp
c:\windows\Installer\204aade.msp
c:\windows\Installer\204aaf4.msp
c:\windows\Installer\204ab0a.msp
c:\windows\Installer\204ab1f.msp
c:\windows\Installer\24ebbd8.msp
c:\windows\Installer\24ebbde.msp
c:\windows\Installer\2b8a3d8.msp
c:\windows\Installer\2b8a3de.msp
c:\windows\Installer\34c1d.msp
c:\windows\Installer\34c23.msp
c:\windows\Installer\3503e7.msp
c:\windows\Installer\35e28e4.msp
c:\windows\Installer\35e28ea.msp
c:\windows\Installer\366e603.msp
c:\windows\Installer\366e609.msp
c:\windows\Installer\3797f3e.msp
c:\windows\Installer\3797f44.msp
c:\windows\Installer\38bbe53.msp
c:\windows\Installer\38bbe59.msp
c:\windows\Installer\3969bf0.msp
c:\windows\Installer\3969bf6.msp
c:\windows\Installer\3f0b109.msp
c:\windows\Installer\3f0b10f.msp
c:\windows\Installer\3fadd0a.msp
c:\windows\Installer\3fadd10.msp
c:\windows\Installer\42ff226.msp
c:\windows\Installer\42ff22c.msp
c:\windows\Installer\50bd30.msp
c:\windows\Installer\5ba83b.msp
c:\windows\Installer\5ba842.msp
c:\windows\Installer\5c975e.msp
c:\windows\Installer\5c9764.msp
c:\windows\Installer\5c976a.msp
c:\windows\Installer\61311a.msp
c:\windows\Installer\613120.msp
c:\windows\Installer\622e598.msp
c:\windows\Installer\67a49aa.msp
c:\windows\Installer\67a49b0.msp
c:\windows\Installer\67cd641.msp
c:\windows\Installer\67cd647.msp
c:\windows\Installer\6d312ab.msp
c:\windows\Installer\6d312b1.msp
c:\windows\Installer\6d412a7.msp
c:\windows\Installer\6d412ad.msp
c:\windows\Installer\76cf58.msp
c:\windows\Installer\76cf5e.msp
c:\windows\Installer\76cf64.msp
c:\windows\Installer\7750922.msp
c:\windows\Installer\7750928.msp
c:\windows\Installer\7ef022b.msp
c:\windows\Installer\7ef0231.msp
c:\windows\Installer\88d36a8.msp
c:\windows\Installer\88d36ae.msp
c:\windows\Installer\8ae4a4.msp
c:\windows\Installer\8bcc027.msp
c:\windows\Installer\8bcc02d.msp
c:\windows\Installer\9168923.msp
c:\windows\Installer\9168929.msp
c:\windows\Installer\921bc53.msp
c:\windows\Installer\921bc59.msp
c:\windows\Installer\956a5bc.msp
c:\windows\Installer\956a5c2.msp
c:\windows\Installer\a596fad.msp
c:\windows\Installer\a596fb3.msp
c:\windows\Installer\adc2103.msp
c:\windows\Installer\adc210a.msp
c:\windows\Installer\afbeae4.msp
c:\windows\Installer\afbeaea.msp
c:\windows\Installer\b360c6c.msp
c:\windows\Installer\b360c72.msp
c:\windows\Installer\b6b6066.msp
c:\windows\Installer\b6b606c.msp
c:\windows\Installer\ba0b867.msp
c:\windows\Installer\ba0b86d.msp
c:\windows\Installer\ba329b5.msp
c:\windows\Installer\ba329bb.msp
c:\windows\Installer\be4c3d6.msp
c:\windows\Installer\be4c3dc.msp
c:\windows\Installer\bf9e840.msp
c:\windows\Installer\bf9e846.msp
c:\windows\Installer\d5acf6c.msi
c:\windows\Installer\dc46ada.msp
c:\windows\Installer\dc46ae0.msp
c:\windows\Installer\de3232c.msp
c:\windows\Installer\de32332.msp
c:\windows\Installer\e53d3d.msp
c:\windows\Installer\e53d43.msp
c:\windows\Installer\e53d49.msp
c:\windows\Installer\e7caa94.msp
c:\windows\Installer\e7caa9a.msp
c:\windows\Installer\fc888f.msp
c:\windows\system32\1095viru555z9.cpl
c:\windows\system32\11188zot-a9vi5us23b.bin
c:\windows\system32\1138h9cktool57z.exe
c:\windows\system32\11764hac9z5ol34f.dll
c:\windows\system32\1190spzr5e2735.exe
c:\windows\system32\11911t5oz4ff.exe
c:\windows\system32\11z219pambot1b5.ocx
c:\windows\system32\11zhie918945.cpl
c:\windows\system32\1241z5ac9tool69e.bin
c:\windows\system32\12559not9a-virus2bz.ocx
c:\windows\system32\12714spy579z.exe
c:\windows\system32\13328troj75z9.bin
c:\windows\system32\1370s9ealz758.ocx
c:\windows\system32\14399hac9t5oz666.bin
c:\windows\system32\14z37w5r9338.exe
c:\windows\system32\14z78s5y797.cpl
c:\windows\system32\1508zparse24965.dll
c:\windows\system32\150z39pambota4.ocx
c:\windows\system32\152cvir2z99.ocx
c:\windows\system32\1552zworm9a7.bin
c:\windows\system32\1555ztroj5f9.dll
c:\windows\system32\1558threatz946.exe
c:\windows\system32\155cz9r14.exe
c:\windows\system32\15770sza5bo9e8.bin
c:\windows\system32\15929wozm445.exe
c:\windows\system32\15970wz5m9c9.exe
c:\windows\system32\15cezhief998.exe
c:\windows\system32\15d9bazk5oor2480.exe
c:\windows\system32\160cspy5aze30299.bin
c:\windows\system32\16248ha9ktoolz1a5.dll
c:\windows\system32\16551virus389z.exe
c:\windows\system32\1690worz1895.cpl
c:\windows\system32\16915hacktool5z7.exe
c:\windows\system32\16989s5yz88.ocx
c:\windows\system32\16z77spambo95eb.ocx
c:\windows\system32\17561not-a-5iru97z2.dll
c:\windows\system32\176dthiez5729.exe
c:\windows\system32\17931spy1z95.dll
c:\windows\system32\17dcbz5kdoor649.dll
c:\windows\system32\1850959zj598.ocx
c:\windows\system32\186289irus45cz.bin
c:\windows\system32\189zth5eat29338.dll
c:\windows\system32\18d8sparz9725.cpl
c:\windows\system32\1933ztro5e3.dll
c:\windows\system32\19399tr9j15z.dll
c:\windows\system32\194449azktoo577b.cpl
c:\windows\system32\1945spyware69z.cpl
c:\windows\system32\194969or54z3.cpl
c:\windows\system32\194z5spyb4.ocx
c:\windows\system32\19681spy53z.ocx
c:\windows\system32\19746spambot15az.dll
c:\windows\system32\19919not5azvirus1dd.exe
c:\windows\system32\19a7spars958z.bin
c:\windows\system32\19b7st9al10z15.cpl
c:\windows\system32\19ezv5r926.bin
c:\windows\system32\19z78t9oj559.exe
c:\windows\system32\19zfthie919155.cpl
c:\windows\system32\1b09sp5wzre1972.dll
c:\windows\system32\1b5es9ywa5z3038.bin
c:\windows\system32\1bcdownlo5derz0649.bin
c:\windows\system32\1bczthi95421.bin
c:\windows\system32\1c6bad5zare1539.bin
c:\windows\system32\1c9dow9zoader5887.exe
c:\windows\system32\1cbtzreat319599.dll
c:\windows\system32\1dd8thief2905z.cpl
c:\windows\system32\1eb7thief295z.bin
c:\windows\system32\1z491worm2a5.ocx
c:\windows\system32\1z617viru930d5.dll
c:\windows\system32\1z73spars59524.exe
c:\windows\system32\1z995wo9m544.bin
c:\windows\system32\1z99tr5j750.ocx
c:\windows\system32\20297hacztoo549f.exe
c:\windows\system32\2033zd59are512.exe
c:\windows\system32\20492t5zj207.dll
c:\windows\system32\20959wor5az.bin
c:\windows\system32\210095acktool1ez.cpl
c:\windows\system32\21355spz1a19.bin
c:\windows\system32\215859ac5zool15.cpl
c:\windows\system32\21e6s5ywaze89.cpl
c:\windows\system32\21ecad5waz93047.exe
c:\windows\system32\225z39orm79a.cpl
c:\windows\system32\229159ot-azvirus450.ocx
c:\windows\system32\22960h5ckto9l117z.dll
c:\windows\system32\24811h9ck5zol43d.exe
c:\windows\system32\2495threaz50732.exe
c:\windows\system32\25139spam5oz66b.cpl
c:\windows\system32\25329not9a-viruszd5.bin
c:\windows\system32\2536stealz944.bin
c:\windows\system32\25474worm69ez.bin
c:\windows\system32\254fspaz9e933.bin
c:\windows\system32\255z9tr9j2c5.ocx
c:\windows\system32\259519ot-a-vz5us73e.exe
c:\windows\system32\259athreat1z7819.exe
c:\windows\system32\25d5downlzader2199.ocx
c:\windows\system32\25z2s9ycd.exe
c:\windows\system32\2632znot-a9virus345.ocx
c:\windows\system32\26555viru9424z.cpl
c:\windows\system32\26592s5ambotz779.ocx
c:\windows\system32\265d9hr5zt14874.exe
c:\windows\system32\2669hackz5ol4b5.ocx
c:\windows\system32\266abazkd9or2054.ocx
c:\windows\system32\27095not-a-v9rzs2b95.exe
c:\windows\system32\27320haz5tool249.bin
c:\windows\system32\274159pz1c0.ocx
c:\windows\system32\278209acktoolz5d.exe
c:\windows\system32\27851s9am5oz293.cpl
c:\windows\system32\28453vi9us3z9.bin
c:\windows\system32\28597hazkto9l6a.ocx
c:\windows\system32\286z9wo9m1835.bin
c:\windows\system32\28968h9ck5ozl749.exe
c:\windows\system32\290005ot-a-vizus3a6.bin
c:\windows\system32\2905notza-virus44f.bin
c:\windows\system32\29091zpy5f5.bin
c:\windows\system32\29399viru572z.exe
c:\windows\system32\29516spy9z5.cpl
c:\windows\system32\2996tzief325.dll
c:\windows\system32\29b4z5r3049.cpl
c:\windows\system32\2a70thre5919z96.exe
c:\windows\system32\2ae9spazse15075.dll
c:\windows\system32\2d9threat56z54.dll
c:\windows\system32\2e51sparsz919.cpl
c:\windows\system32\2z065py7f9.bin
c:\windows\system32\2z500hackt9ol415.bin
c:\windows\system32\2z61addw5r935.ocx
c:\windows\system32\300z3hackt9ol4b5.exe
c:\windows\system32\30957n9t-a-5iruz2c8.ocx
c:\windows\system32\30bazpywar59072.dll
c:\windows\system32\30z945pambot59.dll
c:\windows\system32\31129spambot5fz9.dll
c:\windows\system32\31555hack9zol4a7.ocx
c:\windows\system32\31955w9r579z.ocx
c:\windows\system32\31964hac9too54bz.cpl
c:\windows\system32\31csza5se9290.exe
c:\windows\system32\31z43wor57b9.cpl
c:\windows\system32\3375addza9e987.bin
c:\windows\system32\34509ownloadez111.exe
c:\windows\system32\3475thief8z59.cpl
c:\windows\system32\3549ste5l219z.exe
c:\windows\system32\35615trzj797.dll
c:\windows\system32\35b5spywzre29759.cpl
c:\windows\system32\35bb9tea5z847.bin
c:\windows\system32\35dczhre5t19584.ocx
c:\windows\system32\3628hacztool5829.bin
c:\windows\system32\367not-z9virus507.cpl
c:\windows\system32\375hacztool659.cpl
c:\windows\system32\384espzware5893.dll
c:\windows\system32\3865thief1299z.bin
c:\windows\system32\3869do5nloaderz428.cpl
c:\windows\system32\3895not-a-viruszcd.dll
c:\windows\system32\38e9ack5zor3044.dll
c:\windows\system32\3907backdoz51419.bin
c:\windows\system32\3944spambotz6f5.dll
c:\windows\system32\39687wozm548.exe
c:\windows\system32\39d2spzrse995.bin
c:\windows\system32\3az3spyw9r51041.ocx
c:\windows\system32\3c1fb9c5zoor1439.dll
c:\windows\system32\3c77add9zre2185.ocx
c:\windows\system32\3d72st5a988z.dll
c:\windows\system32\3d95thzeat31495.bin
c:\windows\system32\3dz9vir2075.exe
c:\windows\system32\3e54zackdoor1229.exe
c:\windows\system32\3e5ed9wnloaderz005.ocx
c:\windows\system32\3f1d9iz5107.dll
c:\windows\system32\3z195teal1779.ocx
c:\windows\system32\3z4eba5kdoo92408.cpl
c:\windows\system32\3z59spyware1857.cpl
c:\windows\system32\3z5dspywa9e1104.cpl
c:\windows\system32\3ze49ir3915.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\4149wozm5f.bin
c:\windows\system32\41z9sparse9533.cpl
c:\windows\system32\4345hack9oo569z.exe
c:\windows\system32\438fdowzloa59r207.ocx
c:\windows\system32\4459thief1853z.cpl
c:\windows\system32\44a5downlo5d9r812z.bin
c:\windows\system32\458bsteal948z.cpl
c:\windows\system32\4592thiefz56.bin
c:\windows\system32\45c1addw9re22z9.bin
c:\windows\system32\4659do9nzoad5r876.exe
c:\windows\system32\468b95eal263z.bin
c:\windows\system32\479edownlozd5r430.ocx
c:\windows\system32\47bcspywaz59755.cpl
c:\windows\system32\4935addwarz956.ocx
c:\windows\system32\49c5steal26z0.cpl
c:\windows\system32\4a8ddo9nlza5er1701.bin
c:\windows\system32\4a9edown9oadzr1556.exe
c:\windows\system32\4ad79azkdoor25295.exe
c:\windows\system32\4c4threa5z1729.bin
c:\windows\system32\4d28sp59are465z.cpl
c:\windows\system32\4e2fback5oor9z02.cpl
c:\windows\system32\4e3t5reaz16139.bin
c:\windows\system32\500c5ackdoo9860z.cpl
c:\windows\system32\502bbackdzor2859.ocx
c:\windows\system32\50935pyware2854z.ocx
c:\windows\system32\509dzackdoor690.cpl
c:\windows\system32\51239v9rus255z.exe
c:\windows\system32\5139sp56z6.cpl
c:\windows\system32\518bthreat255z19.exe
c:\windows\system32\51a5s9yware942z.bin
c:\windows\system32\526d9wnloadzr495.ocx
c:\windows\system32\529faddwarez0689.exe
c:\windows\system32\52eaztea915245.bin
c:\windows\system32\53118s9yza.bin
c:\windows\system32\5339addware16z9.exe
c:\windows\system32\5389threat8z44.cpl
c:\windows\system32\53b1adz5a9e451.cpl
c:\windows\system32\53c8thiez959.bin
c:\windows\system32\53z59orm13b.bin
c:\windows\system32\53z91spy13c.bin
c:\windows\system32\54329no9-a-virusz4.ocx
c:\windows\system32\545badzw5re295.exe
c:\windows\system32\5497zpywa9e53.cpl
c:\windows\system32\549fstz9l2259.cpl
c:\windows\system32\54b9spar5e171z.exe
c:\windows\system32\54cfspyware10z99.bin
c:\windows\system32\5515threa9z5271.cpl
c:\windows\system32\55374spzmbot9ca.bin
c:\windows\system32\5545vi9912z.ocx
c:\windows\system32\5591vizus393.exe
c:\windows\system32\55fb9hief29z.cpl
c:\windows\system32\55fdzteal1169.bin
c:\windows\system32\56472zorm3f9.dll
c:\windows\system32\569e9pyware55z.ocx
c:\windows\system32\5725wzrm69e.exe
c:\windows\system32\57d0ste9lz195.bin
c:\windows\system32\5843hack9ool55dz.exe
c:\windows\system32\5854worz924.dll
c:\windows\system32\59486trzj5ea.exe
c:\windows\system32\5955not-z-virusdd.ocx
c:\windows\system32\596z8troj1d1.dll
c:\windows\system32\59784vizus7b6.exe
c:\windows\system32\5982tzoj8a.dll
c:\windows\system32\59ez9ddware905.exe
c:\windows\system32\5a73add5are29z2.dll
c:\windows\system32\5ae85owz9oader420.cpl
c:\windows\system32\5az3add9are2105.ocx
c:\windows\system32\5b5zb9ckdoor1505.bin
c:\windows\system32\5caad9wzloader1559.ocx
c:\windows\system32\5e9athrzat229375.exe
c:\windows\system32\5ed5sparse44z9.exe
c:\windows\system32\5ezasteal1395.ocx
c:\windows\system32\5ezdt5ief26019.exe
c:\windows\system32\5f00spy9aze1626.dll
c:\windows\system32\5fc1backdoor2729z.bin
c:\windows\system32\5fczs5yware9275.cpl
c:\windows\system32\5z1ethie513519.bin
c:\windows\system32\5z5fstea52569.ocx
c:\windows\system32\5z66v9r1125.bin
c:\windows\system32\5zc2thi591634.ocx
c:\windows\system32\6049not-9-v5zus4ae.ocx
c:\windows\system32\604daddwaz59743.cpl
c:\windows\system32\6057downlzad9r575.ocx
c:\windows\system32\60a9azdwar5659.cpl
c:\windows\system32\6168spa5boz9f0.dll
c:\windows\system32\616bvi52709z.cpl
c:\windows\system32\62zethreat24995.dll
c:\windows\system32\6331steal1z859.dll
c:\windows\system32\637dzt5al3679.bin
c:\windows\system32\64e7th5zat92341.ocx
c:\windows\system32\66e5sparse2981z.bin
c:\windows\system32\66zespa9se5291.bin
c:\windows\system32\67zbst9al95.ocx
c:\windows\system32\68zbt9reat92115.bin
c:\windows\system32\6985z9eal15.exe
c:\windows\system32\69ac5ddwzre3177.cpl
c:\windows\system32\6a025hrea944z0.bin
c:\windows\system32\6b605t9al8z0.dll
c:\windows\system32\6d049owzloader5932.exe
c:\windows\system32\6d67spars5z0659.cpl
c:\windows\system32\6e3zdownl9ader5325.exe
c:\windows\system32\6e469pars52906z.ocx
c:\windows\system32\6z7daddw9re5880.cpl
c:\windows\system32\6zc8spyware1959.cpl
c:\windows\system32\7157zd9ware876.cpl
c:\windows\system32\71bdownloa9er3250z.ocx
c:\windows\system32\72z35roj249.exe
c:\windows\system32\7328v9r5sz9b.exe
c:\windows\system32\733295zeat11111.dll
c:\windows\system32\7393zpy3305.bin
c:\windows\system32\74079pywzre2753.dll
c:\windows\system32\7409ad5wa9e949z.ocx
c:\windows\system32\759bzhreat13453.dll
c:\windows\system32\765a5ir1z9.bin
c:\windows\system32\7717zr5j6bb9.dll
c:\windows\system32\77f59pzware1459.bin
c:\windows\system32\7827d9wnl5ader250z.cpl
c:\windows\system32\78c9hr5at13959z.bin
c:\windows\system32\7920no9-a-virzs795.dll
c:\windows\system32\794dadz5are2107.dll
c:\windows\system32\794zsteal356.ocx
c:\windows\system32\7971sp5warez272.cpl
c:\windows\system32\79839hie51z17.bin
c:\windows\system32\79a1vi51691z.dll
c:\windows\system32\7a0spzw9r5190.bin
c:\windows\system32\7a98downzoader385.exe
c:\windows\system32\7ae5s5arse92z7.exe
c:\windows\system32\7b93zackd5or1939.bin
c:\windows\system32\7d29zpyw5re730.bin
c:\windows\system32\7z2espyw5re17099.cpl
c:\windows\system32\8096s9azbot61a5.dll
c:\windows\system32\84bdowzloader5945.exe
c:\windows\system32\8659acktool6z.ocx
c:\windows\system32\87395py2cz.cpl
c:\windows\system32\89z5ha5ktoo9248.ocx
c:\windows\system32\8z7st5al7859.cpl
c:\windows\system32\90251vizus573.exe
c:\windows\system32\9104dzwnloader1357.ocx
c:\windows\system32\9131hack5ool3za.ocx
c:\windows\system32\92356not-a-viru56f3z.exe
c:\windows\system32\92676sp537z.ocx
c:\windows\system32\92f5spyzare592.dll
c:\windows\system32\93615hacktooz2e45.dll
c:\windows\system32\945z6spy745.dll
c:\windows\system32\94zthreat211785.cpl
c:\windows\system32\9528v5rz191.exe
c:\windows\system32\979aspyza5e496.cpl
c:\windows\system32\979cspy5arz2257.dll
c:\windows\system32\98bviz1105.ocx
c:\windows\system32\99b2t5rezt29419.exe
c:\windows\system32\9c00spyza5e2201.cpl
c:\windows\system32\9cb45pyware1317z.dll
c:\windows\system32\9cf9sparsez845.ocx
c:\windows\system32\9edcszeal2305.cpl
c:\windows\system32\9f24dowzloader2565.exe
c:\windows\system32\9z145acktool509.ocx
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\azfs5eal26519.cpl
c:\windows\system32\b59ddware1350z.bin
c:\windows\system32\c5edowzlo5der2909.cpl
c:\windows\system32\d1bdownloa5zr6199.ocx
c:\windows\system32\drivers\ESQULltewcdovrdlxymitbqqowksrummaswux.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\e975pywarz1582.ocx
c:\windows\system32\ee1downz59der1945.cpl
c:\windows\system32\ESQULbwwxohqfyaodgakhflnnsiltscrnkolv.dll
c:\windows\system32\ESQULqvdvaptclkdxybrifrlkymefhaiyfviq.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXfecgftvltylgewidpnpvrabuvdxlxiqw.dll
c:\windows\system32\MSIVXrpqmrrtvsiymbfniwuctetkoxjplqjrn.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SelfDel.bat
c:\windows\system32\setup2.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\z1395wo956ec.cpl
c:\windows\system32\z1425te9l354.bin
c:\windows\system32\z1570troj2779.dll
c:\windows\system32\z1905spy5ab.cpl
c:\windows\system32\z2e9spyw9r52182.dll
c:\windows\system32\z2ethie59110.cpl
c:\windows\system32\z356thre9t20808.ocx
c:\windows\system32\z41abackd59r56.dll
c:\windows\system32\z503troj291.cpl
c:\windows\system32\z57609pambot5e8.cpl
c:\windows\system32\z6d19i518.cpl
c:\windows\system32\z8c9vi5459.cpl
c:\windows\system32\z9315spambo5b7.exe
c:\windows\system32\z9512hac9t5ol1c3.cpl
c:\windows\system32\z9897not-a-virus7b65.exe
c:\windows\system32\z9956worm172.ocx
c:\windows\system32\z9dfba5kdoor563.cpl
c:\windows\system32\z9e5vir2351.ocx
c:\windows\system32\ze5ds9arse3043.dll
c:\windows\system32\zf23backdoo9325.cpl
c:\windows\system32\zf8vir51019.cpl
c:\windows\z0286tro9351.exe
c:\windows\z059spambo51cd.exe
c:\windows\z061sp9r5e483.dll
c:\windows\z264h9cktool5c25.ocx
c:\windows\z2fbdownl5ader9219.exe
c:\windows\z2fc9ir29165.exe
c:\windows\z3127sp935a.ocx
c:\windows\z419sparse1535.cpl
c:\windows\z45dsp9ware1968.exe
c:\windows\z5119not9a5virus7f8.exe
c:\windows\z5349ddware1695.ocx
c:\windows\z554spyw5r992.exe
c:\windows\z5715spy93a.exe
c:\windows\z5942not-9-virus3df.bin
c:\windows\z624thie52916.cpl
c:\windows\z6572hacktool389.cpl
c:\windows\z7459virus673.bin
c:\windows\z7f9threa519699.bin
c:\windows\z801st95l3197.dll
c:\windows\z852virus75a9.dll
c:\windows\z8952hacktool2349.dll
c:\windows\z900sp5rs92910.bin
c:\windows\z915threat17699.ocx
c:\windows\z9547spamb5t5af.cpl
c:\windows\z970do5nloader1502.exe
c:\windows\z9881worm5005.exe
c:\windows\zc15thief2933.bin
c:\windows\zea8t5rea910545.exe
c:\windows\zf54downloader749.cpl

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys

((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-12-23 07:50 . 2009-12-23 07:50 10898 ----a-w- c:\windows\8591h9cktozla.dll
2009-07-15 18:20 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-15 18:20 . 2009-07-15 18:20 -------- d-----w- c:\program files\Panda Security
2009-07-14 22:43 . 2009-07-14 22:43 -------- d-----w- c:\program files\Common Files\Scanner
2009-07-14 22:43 . 2009-02-18 12:54 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll
2009-07-14 22:43 . 2009-07-14 22:43 -------- d-----w- c:\program files\CA
2009-07-14 22:41 . 2009-07-14 22:41 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\CA
2009-07-14 21:47 . 2009-07-14 21:47 -------- dc----w- C:\20091407_224411_Al july 09
2009-07-14 16:46 . 2009-07-14 16:46 -------- d-----w- c:\program files\WiniFighter Software
2009-07-14 16:46 . 2009-07-14 16:46 15763 ----a-w- c:\windows\system32\z9580t9oj4.dll
2009-07-14 16:46 . 2009-07-14 16:46 12831 ----a-w- c:\windows\9675trzje.dll
2009-07-13 20:55 . 2009-04-06 14:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:55 . 2009-07-14 06:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 20:55 . 2009-04-06 14:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 20:55 . 2009-07-13 20:55 -------- dc----w- c:\documents and settings\Administrator.AL-3AD2C13ED7DA.000\Local Settings\Application Data\Adobe
2009-07-13 20:51 . 2009-07-13 20:51 -------- dc----w- c:\documents and settings\Administrator.AL-3AD2C13ED7DA.000\Application Data\SUPERAntiSpyware.com
2009-07-13 17:10 . 2009-07-13 17:10 -------- d-----w- c:\documents and settings\Al\Application Data\Media Player Classic
2009-07-13 16:59 . 2002-07-17 15:22 3535 ----a-w- c:\windows\system\Wowpost.exe
2009-07-13 16:59 . 2002-07-17 15:22 4455 ----a-w- c:\windows\system\Winaspi.dll
2009-07-13 16:59 . 2009-07-13 16:59 3082 ----a-w- c:\windows\system32\affv9553p6now.sys
2009-07-13 14:51 . 2009-07-13 14:51 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVS4YOU
2009-07-13 14:51 . 2009-07-13 14:51 -------- d-----w- c:\documents and settings\Al\Application Data\AVS4YOU
2009-07-13 14:49 . 2009-07-13 20:47 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-13 14:49 . 2008-08-13 10:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-07-13 14:49 . 2008-08-13 10:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-07-13 14:49 . 2009-07-13 20:48 -------- d-----w- c:\program files\AVS4YOU
2009-07-13 14:49 . 2008-08-13 10:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-13 14:40 . 2009-07-13 14:40 -------- dc----w- C:\TempDVD
2009-07-13 14:39 . 2009-07-13 20:49 -------- d-----w- c:\program files\dvdSanta
2009-07-12 10:43 . 2009-07-12 10:46 -------- d-----w- c:\documents and settings\Al\Application Data\VSO
2009-07-12 10:43 . 2009-07-12 10:43 -------- d-----w- c:\program files\VSO
2009-07-12 10:38 . 2009-07-12 10:38 125 ----a-w- c:\documents and settings\Al\Local Settings\Application Data\fusioncache.dat
2009-07-12 10:38 . 2009-07-12 10:38 -------- d-----w- c:\program files\Pro Imaging Powertoys
2009-07-12 10:38 . 2009-07-12 10:39 -------- d-----w- c:\documents and settings\Al\Local Settings\Application Data\ApplicationHistory
2009-07-12 10:35 . 2009-07-12 10:35 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-24 13:16 . 2009-06-24 13:16 -------- d-----w- c:\program files\iPod
2009-06-24 13:16 . 2009-06-24 13:16 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-24 13:15 . 2009-06-24 13:15 -------- d-----w- c:\program files\Bonjour
2009-06-24 13:14 . 2009-06-24 13:14 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 21:59 . 2008-07-07 22:29 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Kontiki
2009-07-15 21:38 . 2009-01-10 22:42 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-15 21:34 . 2007-04-12 11:51 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-14 06:19 . 2007-03-31 17:52 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-13 20:51 . 2009-04-12 12:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-13 20:16 . 2007-09-29 12:49 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-03 07:44 . 2009-05-20 06:28 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 21:19 . 2007-12-29 10:19 -------- d-----w- c:\program files\IObit
2009-06-24 13:16 . 2007-04-01 12:17 -------- d-----w- c:\program files\iTunes
2009-06-24 13:16 . 2007-07-03 11:08 -------- d-----w- c:\program files\Common Files\Apple
2009-06-24 08:09 . 2009-05-20 06:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 08:09 . 2009-05-20 06:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-15 19:12 . 2008-07-13 09:44 34 -c--a-w- c:\documents and settings\jamie\jagex_runescape_preferences.dat
2009-06-15 09:45 . 2009-06-15 09:45 -------- d-----w- c:\documents and settings\diane\Application Data\Motive
2009-06-14 12:14 . 2008-06-08 13:15 -------- d-----w- c:\documents and settings\jamie\Application Data\Motive
2009-06-13 18:09 . 2007-05-02 15:15 -------- d-----w- c:\documents and settings\Al\Application Data\Motive
2009-06-13 18:08 . 2009-06-13 18:01 -------- d-----w- c:\program files\BT Broadband Desktop Help
2009-06-13 18:07 . 2007-06-12 12:49 -------- d-----w- c:\program files\Common Files\Motive
2009-06-09 16:15 . 2008-07-27 10:27 -------- d-----w- c:\documents and settings\Al\Application Data\IObit
2009-05-28 17:09 . 2009-04-10 11:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-21 18:50 . 2009-04-12 11:25 179976 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-20 06:28 . 2009-05-20 06:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-28 17:32 . 2007-11-25 19:43 71576 -c--a-w- c:\documents and settings\diane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 19:24 . 2009-04-12 12:51 123572 -c--a-w- C:\MGlogs.zip
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 08:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Microsoft Outlook"=c:\progra~1\MICROS~2\Office10\OUTLOOK.EXE Outlook:Inbox /recycle
"SmartRAM"="e:\advanced systemcare 3\Sup_SmartRAM.exe" /m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"e:\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EA Sports\\FIFA 09\\FIFA09.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9919:TCP"= 9919:TCP:BitComet 9919 TCP
"9919:UDP"= 9919:UDP:BitComet 9919 UDP

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [15/07/2009 19:20 28544]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 13:46 63352]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [15/04/2007 11:03 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/05/2009 07:28 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/05/2009 07:28 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 14:07 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/05/2009 07:28 298776]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [14/07/2009 23:43 128240]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [17/02/2009 17:09 598856]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [24/06/2006 02:39 86784]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C4.tmp [15/07/2009 07:26 5760]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 14:07 7408]
S3 uxddrv;Dynamically loaded UxdDrv;\??\d:\diagnose\WSTENG\uxddrv.sys --> d:\diagnose\WSTENG\uxddrv.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PAVBOOT
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll
Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 22:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1897051121-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,fa,5e,92,0e,79,f8,f0,1e,c7,a3,74,e3,63,76,ba,40,e0,0f,76,a2,
b5,66,ee,3c,bd,5e,90,e6,7e,9e,3c,2c,b4,42,49,39,b5,bc,16,15,16,56,4c,28,a8,\
"rkeysecu"=hex:49,49,3b,bf,99,8b,1f,56,4c,4a,9f,e6,ae,31,04,a4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-15 23:01
ComboFix-quarantined-files.txt 2009-07-15 22:01
ComboFix2.txt 2009-04-20 18:10
ComboFix3.txt 2009-04-12 22:15
ComboFix4.txt 2009-04-11 18:50
ComboFix5.txt 2009-07-15 21:39

Pre-Run: 31,549,575,168 bytes free
Post-Run: 32,238,415,872 bytes free

1080 --- E O F --- 2009-07-13 02:01

CatByte · 07-15-2009, 05:14 PM

Hi,

Please do the following:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/395216-malware-wont-work-internet.html#post2241860

Collect::
c:\windows\8591h9cktozla.dll
c:\windows\system32\z9580t9oj4.dll
c:\windows\9675trzje.dll

DDS::
Trusted Zone: antimalwareguard.com

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

NEXT

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

NEXT

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

In your next reply please include

ComboFix Log
MBAM Log
Kaspersky report

cattch08 · 07-16-2009, 05:06 PM

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

16/07/2009 16:48:07
mbam-log-2009-07-16 (16-48-07).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 222478
Time elapsed: 2 hour(s), 56 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
ComboFix 09-07-14.08 - Al 16/07/2009 18:36.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1574 [GMT 1:00]
Running from: c:\documents and settings\Al\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Al\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-15 18:20 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-15 18:20 . 2009-07-15 18:20 -------- d-----w- c:\program files\Panda Security
2009-07-14 22:43 . 2009-07-14 22:43 -------- d-----w- c:\program files\Common Files\Scanner
2009-07-14 22:43 . 2009-02-18 12:54 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll
2009-07-14 22:43 . 2009-07-14 22:43 -------- d-----w- c:\program files\CA
2009-07-14 22:41 . 2009-07-14 22:41 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\CA
2009-07-14 21:47 . 2009-07-14 21:47 -------- dc----w- C:\20091407_224411_Al july 09
2009-07-13 20:55 . 2009-04-06 14:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:55 . 2009-07-14 06:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 20:55 . 2009-04-06 14:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 20:55 . 2009-07-13 20:55 -------- dc----w- c:\documents and settings\Administrator.AL-3AD2C13ED7DA.000\Local Settings\Application Data\Adobe
2009-07-13 20:51 . 2009-07-13 20:51 -------- dc----w- c:\documents and settings\Administrator.AL-3AD2C13ED7DA.000\Application Data\SUPERAntiSpyware.com
2009-07-13 17:10 . 2009-07-13 17:10 -------- d-----w- c:\documents and settings\Al\Application Data\Media Player Classic
2009-07-13 16:59 . 2002-07-17 15:22 3535 ----a-w- c:\windows\system\Wowpost.exe
2009-07-13 16:59 . 2002-07-17 15:22 4455 ----a-w- c:\windows\system\Winaspi.dll
2009-07-13 16:59 . 2009-07-13 16:59 3082 ----a-w- c:\windows\system32\affv9553p6now.sys
2009-07-13 14:51 . 2009-07-13 14:51 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVS4YOU
2009-07-13 14:51 . 2009-07-13 14:51 -------- d-----w- c:\documents and settings\Al\Application Data\AVS4YOU
2009-07-13 14:49 . 2009-07-13 20:47 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-13 14:49 . 2008-08-13 10:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-07-13 14:49 . 2008-08-13 10:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-07-13 14:49 . 2009-07-13 20:48 -------- d-----w- c:\program files\AVS4YOU
2009-07-13 14:49 . 2008-08-13 10:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-13 14:40 . 2009-07-13 14:40 -------- dc----w- C:\TempDVD
2009-07-13 14:39 . 2009-07-13 20:49 -------- d-----w- c:\program files\dvdSanta
2009-07-12 10:43 . 2009-07-12 10:46 -------- d-----w- c:\documents and settings\Al\Application Data\VSO
2009-07-12 10:43 . 2009-07-12 10:43 -------- d-----w- c:\program files\VSO
2009-07-12 10:38 . 2009-07-12 10:38 125 ----a-w- c:\documents and settings\Al\Local Settings\Application Data\fusioncache.dat
2009-07-12 10:38 . 2009-07-12 10:38 -------- d-----w- c:\program files\Pro Imaging Powertoys
2009-07-12 10:38 . 2009-07-12 10:39 -------- d-----w- c:\documents and settings\Al\Local Settings\Application Data\ApplicationHistory
2009-07-12 10:35 . 2009-07-12 10:35 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-24 13:16 . 2009-06-24 13:16 -------- d-----w- c:\program files\iPod
2009-06-24 13:16 . 2009-06-24 13:16 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-24 13:15 . 2009-06-24 13:15 -------- d-----w- c:\program files\Bonjour
2009-06-24 13:14 . 2009-06-24 13:14 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 17:39 . 2008-07-07 22:29 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Kontiki
2009-07-16 15:47 . 2007-03-31 17:52 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-16 06:18 . 2009-01-10 22:42 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-15 21:34 . 2007-04-12 11:51 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-13 20:51 . 2009-04-12 12:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-13 20:16 . 2007-09-29 12:49 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-03 07:44 . 2009-05-20 06:28 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 21:19 . 2007-12-29 10:19 -------- d-----w- c:\program files\IObit
2009-06-24 13:16 . 2007-04-01 12:17 -------- d-----w- c:\program files\iTunes
2009-06-24 13:16 . 2007-07-03 11:08 -------- d-----w- c:\program files\Common Files\Apple
2009-06-24 08:09 . 2009-05-20 06:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 08:09 . 2009-05-20 06:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-15 19:12 . 2008-07-13 09:44 34 -c--a-w- c:\documents and settings\jamie\jagex_runescape_preferences.dat
2009-06-15 09:45 . 2009-06-15 09:45 -------- d-----w- c:\documents and settings\diane\Application Data\Motive
2009-06-14 12:14 . 2008-06-08 13:15 -------- d-----w- c:\documents and settings\jamie\Application Data\Motive
2009-06-13 18:09 . 2007-05-02 15:15 -------- d-----w- c:\documents and settings\Al\Application Data\Motive
2009-06-13 18:08 . 2009-06-13 18:01 -------- d-----w- c:\program files\BT Broadband Desktop Help
2009-06-13 18:07 . 2007-06-12 12:49 -------- d-----w- c:\program files\Common Files\Motive
2009-06-09 16:15 . 2008-07-27 10:27 -------- d-----w- c:\documents and settings\Al\Application Data\IObit
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ------w- c:\windows\system32\quartz.dll
2009-05-28 17:09 . 2009-04-10 11:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-21 18:50 . 2009-04-12 11:25 179976 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-20 06:28 . 2009-05-20 06:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-28 17:32 . 2007-11-25 19:43 71576 -c--a-w- c:\documents and settings\diane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 19:24 . 2009-04-12 12:51 123572 -c--a-w- C:\MGlogs.zip
.

((((((((((((((((((((((((((((( SnapShot@2009-07-15_21.59.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-16 17:31 . 2009-07-16 17:31 16384 c:\windows\temp\Perflib_Perfdata_f4.dat
+ 2009-07-16 17:31 . 2009-07-16 17:31 16384 c:\windows\temp\Perflib_Perfdata_b0.dat
+ 2007-07-28 14:31 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2007-07-28 14:31 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-04 12:00 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 12:00 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 08:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Microsoft Outlook"=c:\progra~1\MICROS~2\Office10\OUTLOOK.EXE Outlook:Inbox /recycle
"SmartRAM"="e:\advanced systemcare 3\Sup_SmartRAM.exe" /m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"e:\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EA Sports\\FIFA 09\\FIFA09.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9919:TCP"= 9919:TCP:BitComet 9919 TCP
"9919:UDP"= 9919:UDP:BitComet 9919 UDP

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [15/07/2009 19:20 28544]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 13:46 63352]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [15/04/2007 11:03 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/05/2009 07:28 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/05/2009 07:28 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 14:07 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/05/2009 07:28 298776]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [14/07/2009 23:43 128240]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [17/02/2009 17:09 598856]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [24/06/2006 02:39 86784]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\C4.tmp --> c:\windows\system32\C4.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 14:07 7408]
S3 uxddrv;Dynamically loaded UxdDrv;\??\d:\diagnose\WSTENG\uxddrv.sys --> d:\diagnose\WSTENG\uxddrv.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll
Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 18:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1897051121-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,fa,5e,92,0e,79,f8,f0,1e,c7,a3,74,e3,63,76,ba,40,e0,0f,76,a2,
b5,66,ee,3c,bd,5e,90,e6,7e,9e,3c,2c,b4,42,49,39,b5,bc,16,15,16,56,4c,28,a8,\
"rkeysecu"=hex:49,49,3b,bf,99,8b,1f,56,4c,4a,9f,e6,ae,31,04,a4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-16 18:42
ComboFix-quarantined-files.txt 2009-07-16 17:42
ComboFix2.txt 2009-07-16 17:17
ComboFix3.txt 2009-07-16 06:37
ComboFix4.txt 2009-07-15 22:01
ComboFix5.txt 2009-07-16 17:35

Pre-Run: 32,147,632,128 bytes free
Post-Run: 32,116,150,272 bytes free

216 --- E O F --- 2009-07-16 06:06
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 16, 2009 20:04:41
Records in database: 2475918
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 240135
Threat name: 7
Infected objects: 25
Suspicious objects: 0
Duration of the scan: 04:41:29

File name / Threat name / Threats count
msimn.exe\fdcatch.dll/msimn.exe\fdcatch.dll Infected: Backdoor.Win32.Hupigon.tsy 1
iexplore.exe\fdcatch.dll/iexplore.exe\fdcatch.dll Infected: Backdoor.Win32.Hupigon.tsy 2
C:\Documents and Settings\Al\DoctorWeb\Quarantine\sdsetup.exe Infected: Trojan-Downloader.Win32.VB.dzo 1
C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a02196 Infected: not-a-virus:AdWare.Win32.Shopper.v 3
C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a02196 Infected: not-a-virus:AdWare.Win32.HotBar.ck 2
C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a02196 Infected: not-a-virus:AdTool.Win32.Zango.ap 1
C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a05452 Infected: not-a-virus:AdWare.Win32.Shopper.v 3
C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a05452 Infected: not-a-virus:AdWare.Win32.HotBar.ck 2
C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a05452 Infected: not-a-virus:AdTool.Win32.Zango.ap 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_ESQULltewcdovrdlxymitbqqowksrummaswux_.sys.zip Infected: Rootkit.Win32.Agent.mlu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ESQULbwwxohqfyaodgakhflnnsiltscrnkolv.dll.vir Infected: Packed.Win32.Tdss.w 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ESQULqvdvaptclkdxybrifrlkymefhaiyfviq.dll.vir Infected: Packed.Win32.Tdss.w 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXfecgftvltylgewidpnpvrabuvdxlxiqw.dll.vir Infected: Packed.Win32.Tdss.w 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXrpqmrrtvsiymbfniwuctetkoxjplqjrn.dll.vir Infected: Packed.Win32.Tdss.w 1
C:\System Volume Information\_restore{B775F775-FED3-490B-A5EB-125288F9D156}\RP0\A0000001.dll Infected: Packed.Win32.Tdss.w 1
C:\System Volume Information\_restore{B775F775-FED3-490B-A5EB-125288F9D156}\RP0\A0000002.dll Infected: Packed.Win32.Tdss.w 1
C:\System Volume Information\_restore{B775F775-FED3-490B-A5EB-125288F9D156}\RP0\A0000573.dll Infected: Packed.Win32.Tdss.w 1
C:\System Volume Information\_restore{B775F775-FED3-490B-A5EB-125288F9D156}\RP0\A0000574.dll Infected: Packed.Win32.Tdss.w 1

The selected area was scanned.

CatByte · 07-16-2009, 06:25 PM

Hi

Please do the following:

submit a file to virustotal for analysis

Use the browse button on that page to navigate to the location of the file to be scanned.
In the right hand panel,
click on the file e:\freshdownload\fdcatch.dll
then click the open button.
The file will now be displayed in the submit box.
Scroll down a bit and click "send file", wait for the results

Make sure you have copied and saved the results before continuing.

Do the same for the following files

C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe

cattch08 · 07-17-2009, 09:35 AM

File fdcatch.dll received on 2009.07.17 15:24:48 (UTC)
Current status: finished
Result: 0/34 (0%)
Compact
Print results
Email:

Antivirus Version Last Update Result
AhnLab-V3 5.0.0.2 2009.07.17 -
AntiVir 7.9.0.220 2009.07.17 -
Antiy-AVL 2.0.3.7 2009.07.17 -
Authentium 5.1.2.4 2009.07.17 -
Avast 4.8.1335.0 2009.07.16 -
BitDefender 7.2 2009.07.17 -
CAT-QuickHeal 10.00 2009.07.17 -
ClamAV 0.94.1 2009.07.17 -
Comodo 1680 2009.07.17 -
eTrust-Vet 31.6.6622 2009.07.17 -
F-Prot 4.4.4.56 2009.07.17 -
F-Secure 8.0.14470.0 2009.07.17 -
Fortinet 3.120.0.0 2009.07.17 -
GData 19 2009.07.17 -
Ikarus T3.1.1.64.0 2009.07.17 -
Jiangmin 11.0.800 2009.07.17 -
K7AntiVirus 7.10.794 2009.07.16 -
Kaspersky 7.0.0.125 2009.07.17 -
McAfee 5678 2009.07.16 -
McAfee+Artemis 5678 2009.07.16 -
McAfee-GW-Edition 6.8.5 2009.07.17 -
Microsoft 1.4803 2009.07.17 -
NOD32 4254 2009.07.17 -
nProtect 2009.1.8.0 2009.07.17 -
PCTools 4.4.2.0 2009.07.17 -
Prevx 3.0 2009.07.17 -
Rising 21.38.44.00 2009.07.17 -
Sophos 4.43.0 2009.07.17 -
Sunbelt 3.2.1858.2 2009.07.17 -
Symantec 1.4.4.12 2009.07.17 -
TheHacker 6.3.4.3.369 2009.07.16 -
TrendMicro 8.950.0.1094 2009.07.17 -
ViRobot 2009.7.17.1841 2009.07.17 -
VirusBuster 4.6.5.0 2009.07.16 -
Additional information
File size: 201728 bytes
MD5...: 2d5b73d542aabfa0962af0fc5ee9b8ef
SHA1..: 71a8deab614b037b94a6c36619c86778919635fb
SHA256: a488034be068bc13aadb25ab61c69b5ece1993cf76d8c02e51c20ebf24a8677b
ssdeep: 3072:w9ZQpUFGpeGa78D7XgNVWa6+vH0fExJpEOobfv69IiB+GnIMCFFB/7XMnBn
ut62w:QEpePQ70h6+8cxJ0aCWBnITDtcBuU21
PEiD..: ASPack v2.12
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x74001
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x5f000 0x28000 8.00 4b0c1844d2a1510cf4d9f17b584b30cc
DATA 0x60000 0x2000 0x800 7.54 ca1c924f2d11847a4d29c75ff7d0d6bb
BSS 0x62000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x63000 0x3000 0xe00 7.74 de7bd562c0a332b4fecf20e3cffcdd26
.edata 0x66000 0x1000 0x200 2.24 37cfbe0dc24c7eede517fb472e8283d3
.reloc 0x67000 0x7000 0x3e00 7.97 04969ee0663d3339bf2e810ea4acbf79
.rsrc 0x6e000 0x6000 0x2400 6.24 538760eaff9c3dd145f8822883427996
.aspack 0x74000 0x2000 0x1600 5.69 579f0e959ee554d662446129146a5a2c
.adata 0x76000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 13 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> user32.dll: GetKeyboardType
> advapi32.dll: RegQueryValueExA
> oleaut32.dll: SysFreeString
> advapi32.dll: RegSetValueExA
> gdi32.dll: UnrealizeObject
> user32.dll: WindowFromPoint
> ole32.dll: CreateStreamOnHGlobal
> oleaut32.dll: CreateErrorInfo
> ole32.dll: IsEqualGUID
> oleaut32.dll: SafeArrayPtrOfIndex
> comctl32.dll: ImageList_SetIconSize
> shell32.dll: ShellExecuteA

( 5 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, GetDllVersion
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): Aspack
packers (Kaspersky): ASPack

File msimn.exe received on 2009.07.17 15:30:55 (UTC)
Current status: finished
Result: 0/40 (0%)
Compact
Print results
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.07.17 -
AhnLab-V3 5.0.0.2 2009.07.17 -
AntiVir 7.9.0.220 2009.07.17 -
Antiy-AVL 2.0.3.7 2009.07.17 -
Authentium 5.1.2.4 2009.07.17 -
Avast 4.8.1335.0 2009.07.16 -
AVG 8.5.0.387 2009.07.17 -
BitDefender 7.2 2009.07.17 -
CAT-QuickHeal 10.00 2009.07.17 -
ClamAV 0.94.1 2009.07.17 -
Comodo 1680 2009.07.17 -
DrWeb 5.0.0.12182 2009.07.17 -
eTrust-Vet 31.6.6622 2009.07.17 -
F-Prot 4.4.4.56 2009.07.17 -
F-Secure 8.0.14470.0 2009.07.17 -
Fortinet 3.120.0.0 2009.07.17 -
GData 19 2009.07.17 -
Ikarus T3.1.1.64.0 2009.07.17 -
Jiangmin 11.0.800 2009.07.17 -
K7AntiVirus 7.10.794 2009.07.16 -
Kaspersky 7.0.0.125 2009.07.17 -
McAfee 5678 2009.07.16 -
McAfee+Artemis 5678 2009.07.16 -
McAfee-GW-Edition 6.8.5 2009.07.17 -
Microsoft 1.4803 2009.07.17 -
NOD32 4254 2009.07.17 -
Norman 6.01.09 2009.07.17 -
nProtect 2009.1.8.0 2009.07.17 -
Panda 10.0.0.14 2009.07.16 -
PCTools 4.4.2.0 2009.07.17 -
Prevx 3.0 2009.07.17 -
Rising 21.38.44.00 2009.07.17 -
Sophos 4.43.0 2009.07.17 -
Sunbelt 3.2.1858.2 2009.07.17 -
Symantec 1.4.4.12 2009.07.17 -
TheHacker 6.3.4.3.369 2009.07.16 -
TrendMicro 8.950.0.1094 2009.07.17 -
VBA32 3.12.10.8 2009.07.16 -
ViRobot 2009.7.17.1841 2009.07.17 -
VirusBuster 4.6.5.0 2009.07.16 -
Additional information
File size: 60416 bytes
MD5...: 1eeae496a51f017d04dd41322935d2b9
SHA1..: f7afaf8e61263e3117a762ae2f817dff9f5ccc44
SHA256: 5c60d72118528ee01cce426a686b32f949a0153919868aaf388f32f8f6233a9c
ssdeep: 768:4DnZlk2JRV6PqRZcTp9RlTddT1T6MMMMM2MMMMM+FV:KZLnV6CcF9R/dT12M
MMMM2MMMMM+FV
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x26d1
timedatestamp.....: 0x48025165 (Sun Apr 13 18:31:01 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2080 0x2200 5.87 ec16ec4a728e00ba3f3dac8ff298422b
.data 0x4000 0xb8 0x200 0.21 10a3ce6bebaf2ba41f882aa8d96652b0
.rsrc 0x5000 0xc250 0xc400 5.53 e47ea96d4365519f9f70b9f9e452e386

( 5 imports )
> msvcrt.dll: _vsnprintf
> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, RegQueryValueExA
> KERNEL32.dll: GetVersionExA, UnhandledExceptionFilter, CloseHandle, ReleaseMutex, GetFileAttributesA, GetLastError, FreeLibrary, GetProcAddress, LoadLibraryA, lstrlenW, WaitForSingleObject, CreateMutexA, ExitProcess, GetModuleHandleA, GetStartupInfoA, SetErrorMode, GetCommandLineW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, lstrcpynA, SetUnhandledExceptionFilter, lstrlenA, GetEnvironmentVariableA, GetModuleFileNameA
> USER32.dll: GetWindowThreadProcessId, SetForegroundWindow, SendMessageTimeoutA, LoadStringA, MessageBoxA
> SHLWAPI.dll: SHGetValueA, StrCmpIW, -, SHSetValueA, StrStrIA, PathRemoveFileSpecA, -

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=1eeae496a51f017d04dd41322935d2b9' target='_blank'>http://www.threatexpert.com/report.a...dd41322935d2b9</a>

File iexplore.exe received on 2009.07.17 15:35:28 (UTC)
Current status: finished
Result: 1/41 (2.44%)
Compact
Print results
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.07.17 -
AhnLab-V3 5.0.0.2 2009.07.17 -
AntiVir 7.9.0.220 2009.07.17 -
Antiy-AVL 2.0.3.7 2009.07.17 -
Authentium 5.1.2.4 2009.07.17 -
Avast 4.8.1335.0 2009.07.16 -
AVG 8.5.0.387 2009.07.17 -
BitDefender 7.2 2009.07.17 -
CAT-QuickHeal 10.00 2009.07.17 -
ClamAV 0.94.1 2009.07.17 -
Comodo 1680 2009.07.17 -
DrWeb 5.0.0.12182 2009.07.17 -
eSafe 7.0.17.0 2009.07.16 -
eTrust-Vet 31.6.6622 2009.07.17 -
F-Prot 4.4.4.56 2009.07.17 -
F-Secure 8.0.14470.0 2009.07.17 -
Fortinet 3.120.0.0 2009.07.17 -
GData 19 2009.07.17 -
Ikarus T3.1.1.64.0 2009.07.17 -
Jiangmin 11.0.800 2009.07.17 -
K7AntiVirus 7.10.794 2009.07.16 -
Kaspersky 7.0.0.125 2009.07.17 -
McAfee 5678 2009.07.16 -
McAfee+Artemis 5678 2009.07.16 -
McAfee-GW-Edition 6.8.5 2009.07.17 Heuristic.LooksLike.Win32.Aliser.L
Microsoft 1.4803 2009.07.17 -
NOD32 4254 2009.07.17 -
Norman 6.01.09 2009.07.17 -
nProtect 2009.1.8.0 2009.07.17 -
Panda 10.0.0.14 2009.07.16 -
PCTools 4.4.2.0 2009.07.17 -
Prevx 3.0 2009.07.17 -
Rising 21.38.44.00 2009.07.17 -
Sophos 4.43.0 2009.07.17 -
Sunbelt 3.2.1858.2 2009.07.17 -
Symantec 1.4.4.12 2009.07.17 -
TheHacker 6.3.4.3.369 2009.07.16 -
TrendMicro 8.950.0.1094 2009.07.17 -
VBA32 3.12.10.8 2009.07.16 -
ViRobot 2009.7.17.1841 2009.07.17 -
VirusBuster 4.6.5.0 2009.07.16 -
Additional information
File size: 93184 bytes
MD5...: 55794b97a7faabd2910873c85274f409
SHA1..: 58e80c90bf54850b5f3ccbd8edf0877537e0ea8e
SHA256: 814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e
ssdeep: 1536:PgkhByI4BcDQX2oooD+AyxArAIVJ9bayZbScKEang5Kmp:xeI46QXMmAIX1
tanUKmp
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2451
timedatestamp.....: 0x48025225 (Sun Apr 13 18:34:13 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1d9b 0x1e00 6.19 73e772779624a5d0c0efef90ccb44536
.data 0x3000 0x9c 0x200 2.57 3250ebd1e3513e9aa0c55ad75a9f41c3
.rsrc 0x4000 0x14740 0x14800 5.65 1792db012eadc42b8aee0d9c523ed883

( 5 imports )
> msvcrt.dll: _except_handler3
> KERNEL32.dll: UnhandledExceptionFilter, GetCommandLineA, lstrlenW, MultiByteToWideChar, CreateEventA, GetCurrentThreadId, lstrcatA, lstrlenA, lstrcmpiA, lstrcpyA, GetModuleFileNameA, FreeLibrary, GetProcAddress, LoadLibraryA, GetVersionExA, UnmapViewOfFile, CloseHandle, ReleaseMutex, SetEvent, WaitForSingleObject, CreateProcessA, lstrcpynA, GetCurrentProcessId, DuplicateHandle, GetCurrentProcess, CreateMutexA, MapViewOfFile, CreateFileMappingA, WaitForMultipleObjects, GetModuleFileNameW, OpenProcess, GetLastError, SetUnhandledExceptionFilter, LocalFree, LocalAlloc, GetModuleHandleA, ExitThread, GetStartupInfoA, SetErrorMode, TerminateProcess, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime
> USER32.dll: GetShellWindow, GetClassNameA, SendMessageA, PeekMessageA, MsgWaitForMultipleObjects, DestroyWindow, TranslateMessage, DispatchMessageA, LoadStringA, DefWindowProcA, RegisterClassA, CreateMenu, CreateWindowExA, ShowWindow, GetForegroundWindow, wsprintfA
> SHLWAPI.dll: SHGetValueA, -, -, -, -, -, -, SHRegGetBoolUSValueA, PathRemoveFileSpecA, PathAppendA, PathQuoteSpacesA, StrCpyNW, wnsprintfA, PathFindFileNameA, StrStrIA, -
> SHDOCVW.dll: -, -

( 1 exports )
DllGetLCID
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=55794b97a7faabd2910873c85274f409' target='_blank'>http://www.threatexpert.com/report.a...0873c85274f409</a>

CatByte · 07-17-2009, 12:01 PM

Hi,

Please post a fresh DDS log and advise how your computer is running now and if there are any outstanding issues.

Thanks
~CB

cattch08 · 07-17-2009, 01:20 PM

Everything seems to be working well thanks to you much appreciated was told there was no going back and formatt was the only option once again thnx

DDS (Ver_09-06-26.01) - NTFSx86
Run by Al at 20:14:54.64 on 17/07/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1272 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Al\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {206e52e0-d52e-11d4-ad54-0000e86c26f6} - e:\freshdownload\fdcatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoRecentDocsNetHood = 01000000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\peggle\images\armhelper.ocx
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll
Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-7-15 28544]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2007-4-15 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-20 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-20 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-20 298776]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-7-14 128240]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-2-17 598856]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-10-18 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2006-6-24 86784]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\c4.tmp --> c:\windows\system32\C4.tmp [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 uxddrv;Dynamically loaded UxdDrv;\??\d:\diagnose\wsteng\uxddrv.sys --> d:\diagnose\wsteng\uxddrv.sys [?]

=============== Created Last 30 ================

2009-07-15 23:00 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-15 22:39 219,648 a------- c:\windows\PEV.exe
2009-07-15 19:20 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-07-15 19:20 <DIR> --d----- c:\program files\Panda Security
2009-07-14 23:43 250,544 a------- c:\windows\system32\KeyHelp.ocx
2009-07-14 23:43 <DIR> --d----- c:\program files\common files\Scanner
2009-07-14 23:43 111,856 a------- c:\windows\system32\wbem\canvprov.dll
2009-07-14 23:43 6,552 a------- c:\windows\system32\wbem\canvprov.mof
2009-07-14 23:43 <DIR> --d----- c:\program files\CA
2009-07-14 23:41 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\CA
2009-07-14 22:52 443,051 ac------ C:\20091407_224411_Al july 09.nbi
2009-07-14 22:47 <DIR> -cd----- C:\20091407_224411_Al july 09
2009-07-13 21:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 21:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 21:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 18:38 4 a------- c:\windows\system32\ESQULzcounter
2009-07-13 17:59 0 a------- c:\windows\AoADVDRipper.INI
2009-07-13 17:59 4,455 a------- c:\windows\system\Winaspi.dll
2009-07-13 17:59 3,535 a------- c:\windows\system\Wowpost.exe
2009-07-13 17:59 3,082 a------- c:\windows\system32\affv9553p6now.sys
2009-07-13 15:51 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-07-13 15:51 <DIR> --d----- c:\docume~1\al\applic~1\AVS4YOU
2009-07-13 15:49 <DIR> --d----- c:\program files\common files\AVSMedia
2009-07-13 15:49 974,848 a------- c:\windows\system32\mfc70.dll
2009-07-13 15:49 487,424 a------- c:\windows\system32\msvcp70.dll
2009-07-13 15:49 24,576 a------- c:\windows\system32\msxml3a.dll
2009-07-13 15:49 <DIR> --d----- c:\program files\AVS4YOU
2009-07-13 15:40 <DIR> -cd----- C:\TempDVD
2009-07-13 15:39 <DIR> --d----- c:\program files\dvdSanta
2009-07-12 11:43 <DIR> --d----- c:\program files\VSO
2009-07-12 11:38 <DIR> --d----- c:\program files\Pro Imaging Powertoys
2009-07-12 11:35 <DIR> --d----- c:\windows\system32\URTTEMP
2009-06-24 14:16 <DIR> --d----- c:\program files\iPod
2009-06-24 14:16 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-24 14:15 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-07-15 22:34 1,984 a------- c:\windows\system32\d3d9caps.dat
2009-07-03 08:44 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 09:09 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 15:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 -------- c:\windows\system32\fontsub.dll
2009-06-03 20:09 1,291,264 -------- c:\windows\system32\quartz.dll
2009-05-20 07:28 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 05:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 05:46 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-23 20:24 123,572 ac------ C:\MGlogs.zip
2008-12-30 13:34 61,480 a------- c:\documents and settings\al\GoToAssistDownloadHelper.exe
2008-11-09 19:56 67,296 ac------ c:\docume~1\al\applic~1\GDIPFONTCACHEV1.DAT

CatByte · 07-17-2009, 02:28 PM

Hi,

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and AppletsTrace and Log Files
- Click OK on Delete Temporary Files Window
  
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

NEXT

Now we need to do a little housekeeping.

Please do the following:

You can delete the DDS and GMER folders from your desktop.

NEXT

Follow these steps to uninstall Combofix

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE
For Firefox, I highly recommend this add-on to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

07-15-2009, 03:07 PM	#2 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,181 OS: XP sp3	Re: malware wont work or internet Hi and Welcome, NOTE: Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate. Absence of symptoms does not always mean the computer is clean Kindly follow my instructions in the order posted. Please DO NOT run any scans or fix items without my direction. Download Combofix from either of the links below. You must rename it before saving it. Save it to your desktop. Note: In the event you already have Combofix - delete it (right click the icon > delete) this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files". Link 1 Link 2 During the download, rename Combofix to Combo-Fix as follows: -------------------------------------------------------------------- It is important you rename Combofix during the download, but not after. Please do not rename Combofix to other names, but only to the one indicated. ----------------------------------------------------------- Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\Combo-Fix.txt" for further review. Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.* ----------------------------------------------------------- __________________ ASAP & UNITE Member

07-15-2009, 04:06 PM	#3 (permalink)
cattch08 Registered User Join Date: Nov 2005 Posts: 19 OS: xp	Re: malware wont work or internet hi had to run combo fix with avg still enabled i was not able to get into avg as i was in safe mode as that is the only way i could get on the net thnx allison ComboFix 09-07-14.08 - Al 15/07/2009 22:49.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1607 [GMT 1:00] Running from: c:\documents and settings\Al\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Al\Start Menu\Programs\AlfaHD c:\documents and settings\Al\Start Menu\Programs\AlfaHD\Uninstall.lnk c:\windows\100995rz4d5.dll c:\windows\1059hzef3202.cpl c:\windows\1093not-a-vi5us6z0.dll c:\windows\1122zvir5s65d9.dll c:\windows\11325h5ckzoo9170.dll c:\windows\115519pzmbot77e.ocx c:\windows\118z4v5rus779.ocx c:\windows\11d9thiez905.exe c:\windows\12z87hacktool59.ocx c:\windows\13137zpambot9a5.cpl c:\windows\13892spa5b9tzb.exe c:\windows\13954spaz9ot7d6.exe c:\windows\13z95spy4a5.cpl c:\windows\14033spa5bot659z.bin c:\windows\143095zy448.exe c:\windows\1466not-a-v5zu9142.cpl c:\windows\15321worm59z.ocx c:\windows\15465spz9bot57b.bin c:\windows\15634spz39c.dll c:\windows\15685troj5a9z.dll c:\windows\15726s594z.bin c:\windows\15729szyc39.bin c:\windows\15797zroj7e1.cpl c:\windows\15890zot-a-virus455.dll c:\windows\15950s5y2z.ocx c:\windows\15953zro929e.exe c:\windows\15e3zir12709.bin c:\windows\15easpywzre259.bin c:\windows\165z8sp59df.cpl c:\windows\16658zir5s393.dll c:\windows\1728zhac9t5ol345.exe c:\windows\17501vi9us4z0.bin c:\windows\1764z9pa5bot567.dll c:\windows\17755vz9us7d5.cpl c:\windows\17z16tr9557e.cpl c:\windows\185z2s9y3345.bin c:\windows\1888backdoor15z9.dll c:\windows\1902s5951z.dll c:\windows\19306not-a-vz5us49c.dll c:\windows\19515hack95ol1z3.dll c:\windows\19541s5amzot589.cpl c:\windows\19658vir5sz5b9.dll c:\windows\1979zvir5s627.cpl c:\windows\19925not-a-virus47z5.cpl c:\windows\19955ackzoor1353.ocx c:\windows\19960sp5z1a.cpl c:\windows\19b75pywzre2577.ocx c:\windows\19e95zr851.dll c:\windows\19z51spambo9d1.cpl c:\windows\1cz5backdoor9107.dll c:\windows\206z5tr9j575.bin c:\windows\20919z5j604.cpl c:\windows\209879z5d.dll c:\windows\213025ackt9ol5z.cpl c:\windows\21359zru5393.cpl c:\windows\21524w9rm518z.cpl c:\windows\21525t9zj7d9.bin c:\windows\21715not-a-virus195z.bin c:\windows\2175hief1890z.dll c:\windows\2195adzwar51150.exe c:\windows\2297s5yz8.cpl c:\windows\23235pyza9.bin c:\windows\232z29p5mbot568.cpl c:\windows\235cvir9z9.cpl c:\windows\236659ac5tooz328.cpl c:\windows\23892s5y94dz.exe c:\windows\23adown9oader27z5.bin c:\windows\25169v9rzs35.exe c:\windows\2523n9t-azvirusd5.exe c:\windows\2535ztroj389.exe c:\windows\25458no9-a-viruz56c.dll c:\windows\257125ot-a-virzs659.dll c:\windows\2582spzmb5t9b3.bin c:\windows\25844not-a-z5r9s73.dll c:\windows\259269roj5z1.cpl c:\windows\2597thief1z61.exe c:\windows\26358spzm59t60a.ocx c:\windows\26519noz-a-virus97.cpl c:\windows\26615wzrm599.cpl c:\windows\26655not-a-v9rus4zf.cpl c:\windows\26z98spy4825.ocx c:\windows\27153hackt9oz3a8.exe c:\windows\2756a9dware129z.bin c:\windows\278sz9mbot5e9.bin c:\windows\278zb59kdoor2184.exe c:\windows\27e6b5ckd9or98z.exe c:\windows\28023t9ojz95.ocx c:\windows\285945ozm1119.cpl c:\windows\289845or9189z.bin c:\windows\289zaddwa9e5321.cpl c:\windows\2917stezl5265.cpl c:\windows\2961spzwa5e174.dll c:\windows\296839zckt5ol2cc.dll c:\windows\297d5zdware182.dll c:\windows\298955roj39z.bin c:\windows\29916hzc9tool39b5.exe c:\windows\2998wzr97455.bin c:\windows\29c9bac5door620z.dll c:\windows\2b9fs9yzare2295.cpl c:\windows\2bbf9tea51385z.dll c:\windows\2bc5d5wnzoader2589.ocx c:\windows\2c48zteal2509.ocx c:\windows\2cd59parsz2917.bin c:\windows\2e50dow9zoader1583.ocx c:\windows\2e9fspar5z2152.ocx c:\windows\2ec9th5eat196z0.ocx c:\windows\2z001v9r5s336.bin c:\windows\2z3565ir9s4c2.ocx c:\windows\2z495hac5toolfe.bin c:\windows\2z89thief1195.bin c:\windows\2z91d9wnloader5328.dll c:\windows\2z975vi59s5db.cpl c:\windows\30267not-a-v5ruzae9.ocx c:\windows\30420v9rus258z.exe c:\windows\3053backdoor9z6.exe c:\windows\305z0worm9595.dll c:\windows\306z6spam5ot29a.cpl c:\windows\307825zr97c.dll c:\windows\30c0st5al2z79.dll c:\windows\30eaaddw59e9z8.exe c:\windows\311z8ha5kto9l207.cpl c:\windows\31z55hackt9ol501.exe c:\windows\31z5895rme1.bin c:\windows\32517wor91z5.exe c:\windows\3310sp9waze3135.ocx c:\windows\3417vir509z.ocx c:\windows\3458s5y92z.cpl c:\windows\3590downl5azer1529.ocx c:\windows\36265p9mbot477z.exe c:\windows\37199irz55.exe c:\windows\37f3spa5ze9429.cpl c:\windows\3825zormb59.bin c:\windows\388viz25699.cpl c:\windows\3959trzj4d3.dll c:\windows\39650spambotzb3.exe c:\windows\3970zroj55b.dll c:\windows\39f5back5ooz1950.cpl c:\windows\3b1aba9kdoo5117z.bin c:\windows\3b90threa51097z.bin c:\windows\3b999ddwaz51461.bin c:\windows\3bd3addwzr92515.bin c:\windows\3bz59ddware2124.exe c:\windows\3cz9s5yware629.exe c:\windows\3dd5t9reaz1485.bin c:\windows\3e1dviz15959.bin c:\windows\3ebz9ir566.bin c:\windows\3f40b9ckd5or1z75.dll c:\windows\3z7down5oader2199.ocx c:\windows\3zat9reat25451.bin c:\windows\4100n5tza-viru929a.exe c:\windows\4119viru957az.cpl c:\windows\41dste951173z.ocx c:\windows\4294back5ozr369.cpl c:\windows\4309s5ywarz3011.bin c:\windows\4335zot-a-v59us717.exe c:\windows\43a9th5eat3035z.dll c:\windows\43cspywa5e594z.dll c:\windows\4485downlzade92028.exe c:\windows\44z6spa9bot415.bin c:\windows\4538spazse93.cpl c:\windows\453f5tea958z.dll c:\windows\459zthief572.exe c:\windows\45zdb9ckdoor472.cpl c:\windows\47caa9dwzre305.cpl c:\windows\4889zot5a-9irus2de.cpl c:\windows\494bzpy5are1216.cpl c:\windows\4994addzare2250.bin c:\windows\4994threat15z04.exe c:\windows\4b97backdoo5156z.exe c:\windows\4dc9spywzre13245.exe c:\windows\4f21spars92z57.bin c:\windows\4ffbz95al1144.cpl c:\windows\501e5ownloazer379.exe c:\windows\501zsp9w5re2902.bin c:\windows\505519pazbot7f0.ocx c:\windows\509addzare1293.bin c:\windows\50c3spzw9re707.bin c:\windows\51359zrus35d.exe c:\windows\51z9hief2085.dll c:\windows\5216hac9toolbaz.bin c:\windows\5240zparse15419.bin c:\windows\5288spy9zre1352.exe c:\windows\529zir2592.ocx c:\windows\52f3a9dwarez954.ocx c:\windows\5353t5re9t17z30.exe c:\windows\5358addware915z.cpl c:\windows\535zst5al1949.ocx c:\windows\537z9pambot242.cpl c:\windows\5382backz95r3186.dll c:\windows\539cspars511z9.exe c:\windows\53b3addwzre9476.dll c:\windows\53cczhief5997.exe c:\windows\53z37hacktoo9497.exe c:\windows\5401vzr12975.ocx c:\windows\542at9reat75z4.cpl c:\windows\546zbackdoo9834.exe c:\windows\54705hre9z2883.bin c:\windows\54f9sparse154z.dll c:\windows\551bzteal996.dll c:\windows\5552vir1z09.exe c:\windows\55558n9t-a-viruz22c.cpl c:\windows\55bcszeal1964.bin c:\windows\55d4spy9arez610.cpl c:\windows\55z14spamb9t407.cpl c:\windows\5606sza9bot439.cpl c:\windows\5754zn9t-a-virus678.ocx c:\windows\575d9ackdzor2842.cpl c:\windows\5796wor9z05.dll c:\windows\57aspar9e1z94.bin c:\windows\57z93worm92.cpl c:\windows\582thief90z5.exe c:\windows\5838a9zware2055.dll c:\windows\5885bz9kdoor1110.ocx c:\windows\58c6spywar592z3.bin c:\windows\5928azdwar59900.exe c:\windows\594cthr5az420.bin c:\windows\598cstezl19095.dll c:\windows\5996wormz95.dll c:\windows\59ddszywa9e2105.dll c:\windows\5a91spa5sz8589.bin c:\windows\5a96threat51z15.bin c:\windows\5a9vzr30269.cpl c:\windows\5adzdownl9ader2755.exe c:\windows\5afzs5arse16219.exe c:\windows\5bc7add59rz1959.bin c:\windows\5c39down9oader5z2.ocx c:\windows\5df9spyza5e2614.exe c:\windows\5e4avir199z.dll c:\windows\5eccthre5t1016z9.exe c:\windows\5ed5spzrs91558.dll c:\windows\5ef9steaz2565.bin c:\windows\5ff6t9rezt31391.ocx c:\windows\5z29d5ware2926.cpl c:\windows\5z577worma9.dll c:\windows\5z9d5hief890.ocx c:\windows\60559eal11z4.bin c:\windows\6170az9war52696.cpl c:\windows\62f5sparze52159.cpl c:\windows\64895ddware4z7.cpl c:\windows\6588sp9rse1z63.ocx c:\windows\663zst95l431.exe c:\windows\66a6d5wnloade936z.ocx c:\windows\678z5ac9tool3a2.bin c:\windows\67f7do5nl9aderz276.exe c:\windows\6816spa59e2457z.dll c:\windows\6839backdooz5434.dll c:\windows\687dspar5z9955.dll c:\windows\695bsteal3217z.bin c:\windows\6bf2dow5loazer960.exe c:\windows\6c0czh9ef205.cpl c:\windows\6cad9pywa5ez193.cpl c:\windows\6fb9t5izf843.dll c:\windows\6z01sp9mbo57a1.dll c:\windows\6z20spam9ot534.ocx c:\windows\7086spz5a9e1352.cpl c:\windows\715zspy249.cpl c:\windows\74azthief1459.ocx c:\windows\7519szy1655.cpl c:\windows\752fthiefz978.dll c:\windows\753e5i99z9.exe c:\windows\7542vir319z.exe c:\windows\75995hiez3.bin c:\windows\759fspywaze541.cpl c:\windows\76305ackto9l5zd.ocx c:\windows\7645hacktool39z.ocx c:\windows\76579ddware1z735.bin c:\windows\7700v5918z3.dll c:\windows\7765troj9z2.bin c:\windows\7798sparse2958z.dll c:\windows\78b0addz9re8095.cpl c:\windows\79449ownloader15z8.ocx c:\windows\7a79oznloader5892.exe c:\windows\7c80stez95290.ocx c:\windows\7ce9spyza5e1041.cpl c:\windows\7e8zbackdoor5995.exe c:\windows\7eb5vir2909z.dll c:\windows\7z759ownloader2575.dll c:\windows\7zes9yware6015.dll c:\windows\805spz9bot6e7.dll c:\windows\82z2sp95bot6b6.exe c:\windows\8639zy56.bin c:\windows\8955spy608z.dll c:\windows\8995spambzt518.ocx c:\windows\8d4addwaze9582.dll c:\windows\90f5stezl2115.exe c:\windows\90f5thiefz56.ocx c:\windows\90z6not-a-95rus5d3.cpl c:\windows\91591tro52dz.bin c:\windows\92437no5-a-zirus3a9.bin c:\windows\9257t9ojz55.ocx c:\windows\93807wzrm575.cpl c:\windows\94553wzrm250.bin c:\windows\95072szambot206.dll c:\windows\951zvir1284.bin c:\windows\95389t5oz2c5.bin c:\windows\9548thzef2466.ocx c:\windows\954thief1z39.ocx c:\windows\9551vir1602z.exe c:\windows\957bvirz181.exe c:\windows\95827hac5tooz45e.cpl c:\windows\959b5ir1649z.dll c:\windows\9605ztroj50d.bin c:\windows\96383troj5zc.dll c:\windows\96525worm7z8.cpl c:\windows\9656th5zat4779.bin c:\windows\96654hacktool5z4.cpl c:\windows\9754worm5z5.bin c:\windows\98z1threat25331.cpl c:\windows\993a5dzare2417.ocx c:\windows\9940sparse2z56.dll c:\windows\9959wzrm2949.bin c:\windows\99768zorm5e7.cpl c:\windows\9a9aspar5e920z.ocx c:\windows\9af4addzare5591.dll c:\windows\9cf6s5ywaze3114.cpl c:\windows\9ecthre5t9z158.dll c:\windows\9f51spywa5e325z.cpl c:\windows\9fb5zhief2914.exe c:\windows\9z01downloader7805.cpl c:\windows\9z1vi9us165.ocx c:\windows\9z258not-a-virus37b.dll c:\windows\9z795s5y81.exe c:\windows\c13ste9l590z.cpl c:\windows\c9zspywar51259.exe c:\windows\CouponPrinter.ocx c:\windows\d08thre9z323995.cpl c:\windows\d2dsz9ware11195.exe c:\windows\e9avir5197z.ocx c:\windows\Installer\10c72c45.msp c:\windows\Installer\10c72c4b.msp c:\windows\Installer\10c986cf.msp c:\windows\Installer\10c986d5.msp c:\windows\Installer\10f3811.msp c:\windows\Installer\10f3817.msp c:\windows\Installer\10f381d.msp c:\windows\Installer\10f3823.msp c:\windows\Installer\10f3829.msp c:\windows\Installer\10f382f.msp c:\windows\Installer\111ffde1.msp c:\windows\Installer\111ffde7.msp c:\windows\Installer\1155a51.msp c:\windows\Installer\1155a57.msp c:\windows\Installer\1155a5d.msp c:\windows\Installer\1309722c.msp c:\windows\Installer\13097232.msp c:\windows\Installer\13a40893.msp c:\windows\Installer\13a40899.msp c:\windows\Installer\15442cf.msp c:\windows\Installer\15442d5.msp c:\windows\Installer\1567407.msp c:\windows\Installer\156740d.msp c:\windows\Installer\15ed7152.msp c:\windows\Installer\15ed7158.msp c:\windows\Installer\15efecf0.msp c:\windows\Installer\15efecf6.msp c:\windows\Installer\1646a997.msp c:\windows\Installer\1646a99d.msp c:\windows\Installer\17454622.msp c:\windows\Installer\17454628.msp c:\windows\Installer\1745462e.msp c:\windows\Installer\18312b99.msp c:\windows\Installer\18312b9f.msp c:\windows\Installer\1849fd9a.msp c:\windows\Installer\1849fda0.msp c:\windows\Installer\18c97b0d.msp c:\windows\Installer\18c97b13.msp c:\windows\Installer\1acc92a.msp c:\windows\Installer\1acc938.msp c:\windows\Installer\1ad2c0a.msp c:\windows\Installer\1ad2c10.msp c:\windows\Installer\1cef9697.msp c:\windows\Installer\1cef969d.msp c:\windows\Installer\204aaae.msp c:\windows\Installer\204aac8.msp c:\windows\Installer\204aade.msp c:\windows\Installer\204aaf4.msp c:\windows\Installer\204ab0a.msp c:\windows\Installer\204ab1f.msp c:\windows\Installer\24ebbd8.msp c:\windows\Installer\24ebbde.msp c:\windows\Installer\2b8a3d8.msp c:\windows\Installer\2b8a3de.msp c:\windows\Installer\34c1d.msp c:\windows\Installer\34c23.msp c:\windows\Installer\3503e7.msp c:\windows\Installer\35e28e4.msp c:\windows\Installer\35e28ea.msp c:\windows\Installer\366e603.msp c:\windows\Installer\366e609.msp c:\windows\Installer\3797f3e.msp c:\windows\Installer\3797f44.msp c:\windows\Installer\38bbe53.msp c:\windows\Installer\38bbe59.msp c:\windows\Installer\3969bf0.msp c:\windows\Installer\3969bf6.msp c:\windows\Installer\3f0b109.msp c:\windows\Installer\3f0b10f.msp c:\windows\Installer\3fadd0a.msp c:\windows\Installer\3fadd10.msp c:\windows\Installer\42ff226.msp c:\windows\Installer\42ff22c.msp c:\windows\Installer\50bd30.msp c:\windows\Installer\5ba83b.msp c:\windows\Installer\5ba842.msp c:\windows\Installer\5c975e.msp c:\windows\Installer\5c9764.msp c:\windows\Installer\5c976a.msp c:\windows\Installer\61311a.msp c:\windows\Installer\613120.msp c:\windows\Installer\622e598.msp c:\windows\Installer\67a49aa.msp c:\windows\Installer\67a49b0.msp c:\windows\Installer\67cd641.msp c:\windows\Installer\67cd647.msp c:\windows\Installer\6d312ab.msp c:\windows\Installer\6d312b1.msp c:\windows\Installer\6d412a7.msp c:\windows\Installer\6d412ad.msp c:\windows\Installer\76cf58.msp c:\windows\Installer\76cf5e.msp c:\windows\Installer\76cf64.msp c:\windows\Installer\7750922.msp c:\windows\Installer\7750928.msp c:\windows\Installer\7ef022b.msp c:\windows\Installer\7ef0231.msp c:\windows\Installer\88d36a8.msp c:\windows\Installer\88d36ae.msp c:\windows\Installer\8ae4a4.msp c:\windows\Installer\8bcc027.msp c:\windows\Installer\8bcc02d.msp c:\windows\Installer\9168923.msp c:\windows\Installer\9168929.msp c:\windows\Installer\921bc53.msp c:\windows\Installer\921bc59.msp c:\windows\Installer\956a5bc.msp c:\windows\Installer\956a5c2.msp c:\windows\Installer\a596fad.msp c:\windows\Installer\a596fb3.msp c:\windows\Installer\adc2103.msp c:\windows\Installer\adc210a.msp c:\windows\Installer\afbeae4.msp c:\windows\Installer\afbeaea.msp c:\windows\Installer\b360c6c.msp c:\windows\Installer\b360c72.msp c:\windows\Installer\b6b6066.msp c:\windows\Installer\b6b606c.msp c:\windows\Installer\ba0b867.msp c:\windows\Installer\ba0b86d.msp c:\windows\Installer\ba329b5.msp c:\windows\Installer\ba329bb.msp c:\windows\Installer\be4c3d6.msp c:\windows\Installer\be4c3dc.msp c:\windows\Installer\bf9e840.msp c:\windows\Installer\bf9e846.msp c:\windows\Installer\d5acf6c.msi c:\windows\Installer\dc46ada.msp c:\windows\Installer\dc46ae0.msp c:\windows\Installer\de3232c.msp c:\windows\Installer\de32332.msp c:\windows\Installer\e53d3d.msp c:\windows\Installer\e53d43.msp c:\windows\Installer\e53d49.msp c:\windows\Installer\e7caa94.msp c:\windows\Installer\e7caa9a.msp c:\windows\Installer\fc888f.msp c:\windows\system32\1095viru555z9.cpl c:\windows\system32\11188zot-a9vi5us23b.bin c:\windows\system32\1138h9cktool57z.exe c:\windows\system32\11764hac9z5ol34f.dll c:\windows\system32\1190spzr5e2735.exe c:\windows\system32\11911t5oz4ff.exe c:\windows\system32\11z219pambot1b5.ocx c:\windows\system32\11zhie918945.cpl c:\windows\system32\1241z5ac9tool69e.bin c:\windows\system32\12559not9a-virus2bz.ocx c:\windows\system32\12714spy579z.exe c:\windows\system32\13328troj75z9.bin c:\windows\system32\1370s9ealz758.ocx c:\windows\system32\14399hac9t5oz666.bin c:\windows\system32\14z37w5r9338.exe c:\windows\system32\14z78s5y797.cpl c:\windows\system32\1508zparse24965.dll c:\windows\system32\150z39pambota4.ocx c:\windows\system32\152cvir2z99.ocx c:\windows\system32\1552zworm9a7.bin c:\windows\system32\1555ztroj5f9.dll c:\windows\system32\1558threatz946.exe c:\windows\system32\155cz9r14.exe c:\windows\system32\15770sza5bo9e8.bin c:\windows\system32\15929wozm445.exe c:\windows\system32\15970wz5m9c9.exe c:\windows\system32\15cezhief998.exe c:\windows\system32\15d9bazk5oor2480.exe c:\windows\system32\160cspy5aze30299.bin c:\windows\system32\16248ha9ktoolz1a5.dll c:\windows\system32\16551virus389z.exe c:\windows\system32\1690worz1895.cpl c:\windows\system32\16915hacktool5z7.exe c:\windows\system32\16989s5yz88.ocx c:\windows\system32\16z77spambo95eb.ocx c:\windows\system32\17561not-a-5iru97z2.dll c:\windows\system32\176dthiez5729.exe c:\windows\system32\17931spy1z95.dll c:\windows\system32\17dcbz5kdoor649.dll c:\windows\system32\1850959zj598.ocx c:\windows\system32\186289irus45cz.bin c:\windows\system32\189zth5eat29338.dll c:\windows\system32\18d8sparz9725.cpl c:\windows\system32\1933ztro5e3.dll c:\windows\system32\19399tr9j15z.dll c:\windows\system32\194449azktoo577b.cpl c:\windows\system32\1945spyware69z.cpl c:\windows\system32\194969or54z3.cpl c:\windows\system32\194z5spyb4.ocx c:\windows\system32\19681spy53z.ocx c:\windows\system32\19746spambot15az.dll c:\windows\system32\19919not5azvirus1dd.exe c:\windows\system32\19a7spars958z.bin c:\windows\system32\19b7st9al10z15.cpl c:\windows\system32\19ezv5r926.bin c:\windows\system32\19z78t9oj559.exe c:\windows\system32\19zfthie919155.cpl c:\windows\system32\1b09sp5wzre1972.dll c:\windows\system32\1b5es9ywa5z3038.bin c:\windows\system32\1bcdownlo5derz0649.bin c:\windows\system32\1bczthi95421.bin c:\windows\system32\1c6bad5zare1539.bin c:\windows\system32\1c9dow9zoader5887.exe c:\windows\system32\1cbtzreat319599.dll c:\windows\system32\1dd8thief2905z.cpl c:\windows\system32\1eb7thief295z.bin c:\windows\system32\1z491worm2a5.ocx c:\windows\system32\1z617viru930d5.dll c:\windows\system32\1z73spars59524.exe c:\windows\system32\1z995wo9m544.bin c:\windows\system32\1z99tr5j750.ocx c:\windows\system32\20297hacztoo549f.exe c:\windows\system32\2033zd59are512.exe c:\windows\system32\20492t5zj207.dll c:\windows\system32\20959wor5az.bin c:\windows\system32\210095acktool1ez.cpl c:\windows\system32\21355spz1a19.bin c:\windows\system32\215859ac5zool15.cpl c:\windows\system32\21e6s5ywaze89.cpl c:\windows\system32\21ecad5waz93047.exe c:\windows\system32\225z39orm79a.cpl c:\windows\system32\229159ot-azvirus450.ocx c:\windows\system32\22960h5ckto9l117z.dll c:\windows\system32\24811h9ck5zol43d.exe c:\windows\system32\2495threaz50732.exe c:\windows\system32\25139spam5oz66b.cpl c:\windows\system32\25329not9a-viruszd5.bin c:\windows\system32\2536stealz944.bin c:\windows\system32\25474worm69ez.bin c:\windows\system32\254fspaz9e933.bin c:\windows\system32\255z9tr9j2c5.ocx c:\windows\system32\259519ot-a-vz5us73e.exe c:\windows\system32\259athreat1z7819.exe c:\windows\system32\25d5downlzader2199.ocx c:\windows\system32\25z2s9ycd.exe c:\windows\system32\2632znot-a9virus345.ocx c:\windows\system32\26555viru9424z.cpl c:\windows\system32\26592s5ambotz779.ocx c:\windows\system32\265d9hr5zt14874.exe c:\windows\system32\2669hackz5ol4b5.ocx c:\windows\system32\266abazkd9or2054.ocx c:\windows\system32\27095not-a-v9rzs2b95.exe c:\windows\system32\27320haz5tool249.bin c:\windows\system32\274159pz1c0.ocx c:\windows\system32\278209acktoolz5d.exe c:\windows\system32\27851s9am5oz293.cpl c:\windows\system32\28453vi9us3z9.bin c:\windows\system32\28597hazkto9l6a.ocx c:\windows\system32\286z9wo9m1835.bin c:\windows\system32\28968h9ck5ozl749.exe c:\windows\system32\290005ot-a-vizus3a6.bin c:\windows\system32\2905notza-virus44f.bin c:\windows\system32\29091zpy5f5.bin c:\windows\system32\29399viru572z.exe c:\windows\system32\29516spy9z5.cpl c:\windows\system32\2996tzief325.dll c:\windows\system32\29b4z5r3049.cpl c:\windows\system32\2a70thre5919z96.exe c:\windows\system32\2ae9spazse15075.dll c:\windows\system32\2d9threat56z54.dll c:\windows\system32\2e51sparsz919.cpl c:\windows\system32\2z065py7f9.bin c:\windows\system32\2z500hackt9ol415.bin c:\windows\system32\2z61addw5r935.ocx c:\windows\system32\300z3hackt9ol4b5.exe c:\windows\system32\30957n9t-a-5iruz2c8.ocx c:\windows\system32\30bazpywar59072.dll c:\windows\system32\30z945pambot59.dll c:\windows\system32\31129spambot5fz9.dll c:\windows\system32\31555hack9zol4a7.ocx c:\windows\system32\31955w9r579z.ocx c:\windows\system32\31964hac9too54bz.cpl c:\windows\system32\31csza5se9290.exe c:\windows\system32\31z43wor57b9.cpl c:\windows\system32\3375addza9e987.bin c:\windows\system32\34509ownloadez111.exe c:\windows\system32\3475thief8z59.cpl c:\windows\system32\3549ste5l219z.exe c:\windows\system32\35615trzj797.dll c:\windows\system32\35b5spywzre29759.cpl c:\windows\system32\35bb9tea5z847.bin c:\windows\system32\35dczhre5t19584.ocx c:\windows\system32\3628hacztool5829.bin c:\windows\system32\367not-z9virus507.cpl c:\windows\system32\375hacztool659.cpl c:\windows\system32\384espzware5893.dll c:\windows\system32\3865thief1299z.bin c:\windows\system32\3869do5nloaderz428.cpl c:\windows\system32\3895not-a-viruszcd.dll c:\windows\system32\38e9ack5zor3044.dll c:\windows\system32\3907backdoz51419.bin c:\windows\system32\3944spambotz6f5.dll c:\windows\system32\39687wozm548.exe c:\windows\system32\39d2spzrse995.bin c:\windows\system32\3az3spyw9r51041.ocx c:\windows\system32\3c1fb9c5zoor1439.dll c:\windows\system32\3c77add9zre2185.ocx c:\windows\system32\3d72st5a988z.dll c:\windows\system32\3d95thzeat31495.bin c:\windows\system32\3dz9vir2075.exe c:\windows\system32\3e54zackdoor1229.exe c:\windows\system32\3e5ed9wnloaderz005.ocx c:\windows\system32\3f1d9iz5107.dll c:\windows\system32\3z195teal1779.ocx c:\windows\system32\3z4eba5kdoo92408.cpl c:\windows\system32\3z59spyware1857.cpl c:\windows\system32\3z5dspywa9e1104.cpl c:\windows\system32\3ze49ir3915.dll c:\windows\system32\404Fix.exe c:\windows\system32\4149wozm5f.bin c:\windows\system32\41z9sparse9533.cpl c:\windows\system32\4345hack9oo569z.exe c:\windows\system32\438fdowzloa59r207.ocx c:\windows\system32\4459thief1853z.cpl c:\windows\system32\44a5downlo5d9r812z.bin c:\windows\system32\458bsteal948z.cpl c:\windows\system32\4592thiefz56.bin c:\windows\system32\45c1addw9re22z9.bin c:\windows\system32\4659do9nzoad5r876.exe c:\windows\system32\468b95eal263z.bin c:\windows\system32\479edownlozd5r430.ocx c:\windows\system32\47bcspywaz59755.cpl c:\windows\system32\4935addwarz956.ocx c:\windows\system32\49c5steal26z0.cpl c:\windows\system32\4a8ddo9nlza5er1701.bin c:\windows\system32\4a9edown9oadzr1556.exe c:\windows\system32\4ad79azkdoor25295.exe c:\windows\system32\4c4threa5z1729.bin c:\windows\system32\4d28sp59are465z.cpl c:\windows\system32\4e2fback5oor9z02.cpl c:\windows\system32\4e3t5reaz16139.bin c:\windows\system32\500c5ackdoo9860z.cpl c:\windows\system32\502bbackdzor2859.ocx c:\windows\system32\50935pyware2854z.ocx c:\windows\system32\509dzackdoor690.cpl c:\windows\system32\51239v9rus255z.exe c:\windows\system32\5139sp56z6.cpl c:\windows\system32\518bthreat255z19.exe c:\windows\system32\51a5s9yware942z.bin c:\windows\system32\526d9wnloadzr495.ocx c:\windows\system32\529faddwarez0689.exe c:\windows\system32\52eaztea915245.bin c:\windows\system32\53118s9yza.bin c:\windows\system32\5339addware16z9.exe c:\windows\system32\5389threat8z44.cpl c:\windows\system32\53b1adz5a9e451.cpl c:\windows\system32\53c8thiez959.bin c:\windows\system32\53z59orm13b.bin c:\windows\system32\53z91spy13c.bin c:\windows\system32\54329no9-a-virusz4.ocx c:\windows\system32\545badzw5re295.exe c:\windows\system32\5497zpywa9e53.cpl c:\windows\system32\549fstz9l2259.cpl c:\windows\system32\54b9spar5e171z.exe c:\windows\system32\54cfspyware10z99.bin c:\windows\system32\5515threa9z5271.cpl c:\windows\system32\55374spzmbot9ca.bin c:\windows\system32\5545vi9912z.ocx c:\windows\system32\5591vizus393.exe c:\windows\system32\55fb9hief29z.cpl c:\windows\system32\55fdzteal1169.bin c:\windows\system32\56472zorm3f9.dll c:\windows\system32\569e9pyware55z.ocx c:\windows\system32\5725wzrm69e.exe c:\windows\system32\57d0ste9lz195.bin c:\windows\system32\5843hack9ool55dz.exe c:\windows\system32\5854worz924.dll c:\windows\system32\59486trzj5ea.exe c:\windows\system32\5955not-z-virusdd.ocx c:\windows\system32\596z8troj1d1.dll c:\windows\system32\59784vizus7b6.exe c:\windows\system32\5982tzoj8a.dll c:\windows\system32\59ez9ddware905.exe c:\windows\system32\5a73add5are29z2.dll c:\windows\system32\5ae85owz9oader420.cpl c:\windows\system32\5az3add9are2105.ocx c:\windows\system32\5b5zb9ckdoor1505.bin c:\windows\system32\5caad9wzloader1559.ocx c:\windows\system32\5e9athrzat229375.exe c:\windows\system32\5ed5sparse44z9.exe c:\windows\system32\5ezasteal1395.ocx c:\windows\system32\5ezdt5ief26019.exe c:\windows\system32\5f00spy9aze1626.dll c:\windows\system32\5fc1backdoor2729z.bin c:\windows\system32\5fczs5yware9275.cpl c:\windows\system32\5z1ethie513519.bin c:\windows\system32\5z5fstea52569.ocx c:\windows\system32\5z66v9r1125.bin c:\windows\system32\5zc2thi591634.ocx c:\windows\system32\6049not-9-v5zus4ae.ocx c:\windows\system32\604daddwaz59743.cpl c:\windows\system32\6057downlzad9r575.ocx c:\windows\system32\60a9azdwar5659.cpl c:\windows\system32\6168spa5boz9f0.dll c:\windows\system32\616bvi52709z.cpl c:\windows\system32\62zethreat24995.dll c:\windows\system32\6331steal1z859.dll c:\windows\system32\637dzt5al3679.bin c:\windows\system32\64e7th5zat92341.ocx c:\windows\system32\66e5sparse2981z.bin c:\windows\system32\66zespa9se5291.bin c:\windows\system32\67zbst9al95.ocx c:\windows\system32\68zbt9reat92115.bin c:\windows\system32\6985z9eal15.exe c:\windows\system32\69ac5ddwzre3177.cpl c:\windows\system32\6a025hrea944z0.bin c:\windows\system32\6b605t9al8z0.dll c:\windows\system32\6d049owzloader5932.exe c:\windows\system32\6d67spars5z0659.cpl c:\windows\system32\6e3zdownl9ader5325.exe c:\windows\system32\6e469pars52906z.ocx c:\windows\system32\6z7daddw9re5880.cpl c:\windows\system32\6zc8spyware1959.cpl c:\windows\system32\7157zd9ware876.cpl c:\windows\system32\71bdownloa9er3250z.ocx c:\windows\system32\72z35roj249.exe c:\windows\system32\7328v9r5sz9b.exe c:\windows\system32\733295zeat11111.dll c:\windows\system32\7393zpy3305.bin c:\windows\system32\74079pywzre2753.dll c:\windows\system32\7409ad5wa9e949z.ocx c:\windows\system32\759bzhreat13453.dll c:\windows\system32\765a5ir1z9.bin c:\windows\system32\7717zr5j6bb9.dll c:\windows\system32\77f59pzware1459.bin c:\windows\system32\7827d9wnl5ader250z.cpl c:\windows\system32\78c9hr5at13959z.bin c:\windows\system32\7920no9-a-virzs795.dll c:\windows\system32\794dadz5are2107.dll c:\windows\system32\794zsteal356.ocx c:\windows\system32\7971sp5warez272.cpl c:\windows\system32\79839hie51z17.bin c:\windows\system32\79a1vi51691z.dll c:\windows\system32\7a0spzw9r5190.bin c:\windows\system32\7a98downzoader385.exe c:\windows\system32\7ae5s5arse92z7.exe c:\windows\system32\7b93zackd5or1939.bin c:\windows\system32\7d29zpyw5re730.bin c:\windows\system32\7z2espyw5re17099.cpl c:\windows\system32\8096s9azbot61a5.dll c:\windows\system32\84bdowzloader5945.exe c:\windows\system32\8659acktool6z.ocx c:\windows\system32\87395py2cz.cpl c:\windows\system32\89z5ha5ktoo9248.ocx c:\windows\system32\8z7st5al7859.cpl c:\windows\system32\90251vizus573.exe c:\windows\system32\9104dzwnloader1357.ocx c:\windows\system32\9131hack5ool3za.ocx c:\windows\system32\92356not-a-viru56f3z.exe c:\windows\system32\92676sp537z.ocx c:\windows\system32\92f5spyzare592.dll c:\windows\system32\93615hacktooz2e45.dll c:\windows\system32\945z6spy745.dll c:\windows\system32\94zthreat211785.cpl c:\windows\system32\9528v5rz191.exe c:\windows\system32\979aspyza5e496.cpl c:\windows\system32\979cspy5arz2257.dll c:\windows\system32\98bviz1105.ocx c:\windows\system32\99b2t5rezt29419.exe c:\windows\system32\9c00spyza5e2201.cpl c:\windows\system32\9cb45pyware1317z.dll c:\windows\system32\9cf9sparsez845.ocx c:\windows\system32\9edcszeal2305.cpl c:\windows\system32\9f24dowzloader2565.exe c:\windows\system32\9z145acktool509.ocx c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\azfs5eal26519.cpl c:\windows\system32\b59ddware1350z.bin c:\windows\system32\c5edowzlo5der2909.cpl c:\windows\system32\d1bdownloa5zr6199.ocx c:\windows\system32\drivers\ESQULltewcdovrdlxymitbqqowksrummaswux.sys c:\windows\system32\dumphive.exe c:\windows\system32\e975pywarz1582.ocx c:\windows\system32\ee1downz59der1945.cpl c:\windows\system32\ESQULbwwxohqfyaodgakhflnnsiltscrnkolv.dll c:\windows\system32\ESQULqvdvaptclkdxybrifrlkymefhaiyfviq.dll c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\MSIVXcount c:\windows\system32\MSIVXfecgftvltylgewidpnpvrabuvdxlxiqw.dll c:\windows\system32\MSIVXrpqmrrtvsiymbfniwuctetkoxjplqjrn.dll c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SelfDel.bat c:\windows\system32\setup2.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe c:\windows\system32\z1395wo956ec.cpl c:\windows\system32\z1425te9l354.bin c:\windows\system32\z1570troj2779.dll c:\windows\system32\z1905spy5ab.cpl c:\windows\system32\z2e9spyw9r52182.dll c:\windows\system32\z2ethie59110.cpl c:\windows\system32\z356thre9t20808.ocx c:\windows\system32\z41abackd59r56.dll c:\windows\system32\z503troj291.cpl c:\windows\system32\z57609pambot5e8.cpl c:\windows\system32\z6d19i518.cpl c:\windows\system32\z8c9vi5459.cpl c:\windows\system32\z9315spambo5b7.exe c:\windows\system32\z9512hac9t5ol1c3.cpl c:\windows\system32\z9897not-a-virus7b65.exe c:\windows\system32\z9956worm172.ocx c:\windows\system32\z9dfba5kdoor563.cpl c:\windows\system32\z9e5vir2351.ocx c:\windows\system32\ze5ds9arse3043.dll c:\windows\system32\zf23backdoo9325.cpl c:\windows\system32\zf8vir51019.cpl c:\windows\z0286tro9351.exe c:\windows\z059spambo51cd.exe c:\windows\z061sp9r5e483.dll c:\windows\z264h9cktool5c25.ocx c:\windows\z2fbdownl5ader9219.exe c:\windows\z2fc9ir29165.exe c:\windows\z3127sp935a.ocx c:\windows\z419sparse1535.cpl c:\windows\z45dsp9ware1968.exe c:\windows\z5119not9a5virus7f8.exe c:\windows\z5349ddware1695.ocx c:\windows\z554spyw5r992.exe c:\windows\z5715spy93a.exe c:\windows\z5942not-9-virus3df.bin c:\windows\z624thie52916.cpl c:\windows\z6572hacktool389.cpl c:\windows\z7459virus673.bin c:\windows\z7f9threa519699.bin c:\windows\z801st95l3197.dll c:\windows\z852virus75a9.dll c:\windows\z8952hacktool2349.dll c:\windows\z900sp5rs92910.bin c:\windows\z915threat17699.ocx c:\windows\z9547spamb5t5af.cpl c:\windows\z970do5nloader1502.exe c:\windows\z9881worm5005.exe c:\windows\zc15thief2933.bin c:\windows\zea8t5rea910545.exe c:\windows\zf54downloader749.cpl . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ESQULserv.sys ((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 ))))))))))))))))))))))))))))))) . 2009-12-23 07:50 . 2009-12-23 07:50 10898 ----a-w- c:\windows\8591h9cktozla.dll 2009-07-15 18:20 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-07-15 18:20 . 2009-07-15 18:20 -------- d-----w- c:\program files\Panda Security 2009-07-14 22:43 . 2009-07-14 22:43 -------- d-----w- c:\program files\Common Files\Scanner 2009-07-14 22:43 . 2009-02-18 12:54 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll 2009-07-14 22:43 . 2009-07-14 22:43 -------- d-----w- c:\program files\CA 2009-07-14 22:41 . 2009-07-14 22:41 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\CA 2009-07-14 21:47 . 2009-07-14 21:47 -------- dc----w- C:\20091407_224411_Al july 09 2009-07-14 16:46 . 2009-07-14 16:46 -------- d-----w- c:\program files\WiniFighter Software 2009-07-14 16:46 . 2009-07-14 16:46 15763 ----a-w- c:\windows\system32\z9580t9oj4.dll 2009-07-14 16:46 . 2009-07-14 16:46 12831 ----a-w- c:\windows\9675trzje.dll 2009-07-13 20:55 . 2009-04-06 14:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 20:55 . 2009-07-14 06:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-13 20:55 . 2009-04-06 14:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-13 20:55 . 2009-07-13 20:55 -------- dc----w- c:\documents and settings\Administrator.AL-3AD2C13ED7DA.000\Local Settings\Application Data\Adobe 2009-07-13 20:51 . 2009-07-13 20:51 -------- dc----w- c:\documents and settings\Administrator.AL-3AD2C13ED7DA.000\Application Data\SUPERAntiSpyware.com 2009-07-13 17:10 . 2009-07-13 17:10 -------- d-----w- c:\documents and settings\Al\Application Data\Media Player Classic 2009-07-13 16:59 . 2002-07-17 15:22 3535 ----a-w- c:\windows\system\Wowpost.exe 2009-07-13 16:59 . 2002-07-17 15:22 4455 ----a-w- c:\windows\system\Winaspi.dll 2009-07-13 16:59 . 2009-07-13 16:59 3082 ----a-w- c:\windows\system32\affv9553p6now.sys 2009-07-13 14:51 . 2009-07-13 14:51 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVS4YOU 2009-07-13 14:51 . 2009-07-13 14:51 -------- d-----w- c:\documents and settings\Al\Application Data\AVS4YOU 2009-07-13 14:49 . 2009-07-13 20:47 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-07-13 14:49 . 2008-08-13 10:22 974848 ----a-w- c:\windows\system32\mfc70.dll 2009-07-13 14:49 . 2008-08-13 10:22 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-07-13 14:49 . 2009-07-13 20:48 -------- d-----w- c:\program files\AVS4YOU 2009-07-13 14:49 . 2008-08-13 10:22 24576 ----a-w- c:\windows\system32\msxml3a.dll 2009-07-13 14:40 . 2009-07-13 14:40 -------- dc----w- C:\TempDVD 2009-07-13 14:39 . 2009-07-13 20:49 -------- d-----w- c:\program files\dvdSanta 2009-07-12 10:43 . 2009-07-12 10:46 -------- d-----w- c:\documents and settings\Al\Application Data\VSO 2009-07-12 10:43 . 2009-07-12 10:43 -------- d-----w- c:\program files\VSO 2009-07-12 10:38 . 2009-07-12 10:38 125 ----a-w- c:\documents and settings\Al\Local Settings\Application Data\fusioncache.dat 2009-07-12 10:38 . 2009-07-12 10:38 -------- d-----w- c:\program files\Pro Imaging Powertoys 2009-07-12 10:38 . 2009-07-12 10:39 -------- d-----w- c:\documents and settings\Al\Local Settings\Application Data\ApplicationHistory 2009-07-12 10:35 . 2009-07-12 10:35 -------- d-----w- c:\windows\system32\URTTEMP 2009-06-24 13:16 . 2009-06-24 13:16 -------- d-----w- c:\program files\iPod 2009-06-24 13:16 . 2009-06-24 13:16 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-24 13:15 . 2009-06-24 13:15 -------- d-----w- c:\program files\Bonjour 2009-06-24 13:14 . 2009-06-24 13:14 -------- d-----w- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-15 21:59 . 2008-07-07 22:29 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Kontiki 2009-07-15 21:38 . 2009-01-10 22:42 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8 2009-07-15 21:34 . 2007-04-12 11:51 1984 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-14 06:19 . 2007-03-31 17:52 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2009-07-13 20:51 . 2009-04-12 12:47 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-07-13 20:16 . 2007-09-29 12:49 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP 2009-07-03 07:44 . 2009-05-20 06:28 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-25 21:19 . 2007-12-29 10:19 -------- d-----w- c:\program files\IObit 2009-06-24 13:16 . 2007-04-01 12:17 -------- d-----w- c:\program files\iTunes 2009-06-24 13:16 . 2007-07-03 11:08 -------- d-----w- c:\program files\Common Files\Apple 2009-06-24 08:09 . 2009-05-20 06:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-24 08:09 . 2009-05-20 06:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-15 19:12 . 2008-07-13 09:44 34 -c--a-w- c:\documents and settings\jamie\jagex_runescape_preferences.dat 2009-06-15 09:45 . 2009-06-15 09:45 -------- d-----w- c:\documents and settings\diane\Application Data\Motive 2009-06-14 12:14 . 2008-06-08 13:15 -------- d-----w- c:\documents and settings\jamie\Application Data\Motive 2009-06-13 18:09 . 2007-05-02 15:15 -------- d-----w- c:\documents and settings\Al\Application Data\Motive 2009-06-13 18:08 . 2009-06-13 18:01 -------- d-----w- c:\program files\BT Broadband Desktop Help 2009-06-13 18:07 . 2007-06-12 12:49 -------- d-----w- c:\program files\Common Files\Motive 2009-06-09 16:15 . 2008-07-27 10:27 -------- d-----w- c:\documents and settings\Al\Application Data\IObit 2009-05-28 17:09 . 2009-04-10 11:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-05-21 18:50 . 2009-04-12 11:25 179976 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-20 06:28 . 2009-05-20 06:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:46 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:46 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\ieencode.dll 2009-04-28 17:32 . 2007-11-25 19:43 71576 -c--a-w- c:\documents and settings\diane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-23 19:24 . 2009-04-12 12:51 123572 -c--a-w- C:\MGlogs.zip 2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 01000000 [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-24 08:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Microsoft Outlook"=c:\progra~1\MICROS~2\Office10\OUTLOOK.EXE Outlook:Inbox /recycle "SmartRAM"="e:\advanced systemcare 3\Sup_SmartRAM.exe" /m [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "c:\\Program Files\\BitLord\\BitLord.exe"= "e:\\BitLord\\BitLord.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"= "c:\\Program Files\\QuickTime\\QTTask.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\EA Sports\\FIFA 09\\FIFA09.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9919:TCP"= 9919:TCP:BitComet 9919 TCP "9919:UDP"= 9919:UDP:BitComet 9919 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [15/07/2009 19:20 28544] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 13:46 63352] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [15/04/2007 11:03 4064] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/05/2009 07:28 335752] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/05/2009 07:28 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 14:07 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 14:07 72944] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/05/2009 07:28 298776] R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [14/07/2009 23:43 128240] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [17/02/2009 17:09 598856] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112] R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [24/06/2006 02:39 86784] S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C4.tmp [15/07/2009 07:26 5760] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 14:07 7408] S3 uxddrv;Dynamically loaded UxdDrv;\??\d:\diagnose\WSTENG\uxddrv.sys --> d:\diagnose\WSTENG\uxddrv.sys [?] --- Other Services/Drivers In Memory --- NewlyCreated - PAVBOOT . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = 127.0.0.1;.local uSearchURL,(Default) = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: antimalwareguard.com Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-15 22:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\C4.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-606747145-1897051121-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:d5,fa,5e,92,0e,79,f8,f0,1e,c7,a3,74,e3,63,76,ba,40,e0,0f,76,a2, b5,66,ee,3c,bd,5e,90,e6,7e,9e,3c,2c,b4,42,49,39,b5,bc,16,15,16,56,4c,28,a8,\ "rkeysecu"=hex:49,49,3b,bf,99,8b,1f,56,4c,4a,9f,e6,ae,31,04,a4 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(624) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll . Completion time: 2009-07-15 23:01 ComboFix-quarantined-files.txt 2009-07-15 22:01 ComboFix2.txt 2009-04-20 18:10 ComboFix3.txt 2009-04-12 22:15 ComboFix4.txt 2009-04-11 18:50 ComboFix5.txt 2009-07-15 21:39 Pre-Run: 31,549,575,168 bytes free Post-Run: 32,238,415,872 bytes free 1080 --- E O F --- 2009-07-13 02:01

07-15-2009, 05:14 PM	#4 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,181 OS: XP sp3	Re: malware wont work or internet Hi, Please do the following: Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text inside the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy') Code: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/395216-malware-wont-work-internet.html#post2241860 Collect:: c:\windows\8591h9cktozla.dll c:\windows\system32\z9580t9oj4.dll c:\windows\9675trzje.dll DDS:: Trusted Zone: antimalwareguard.com Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste') Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Note When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. NEXT Download TFC to your desktop Close any open windows. Double click the TFC icon to run the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean It's normal after running TFC cleaner that the PC will be slower to boot the first time. NEXT Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <-- very important When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXT Run an on-line scan with Kaspersky Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply In your next reply please include ComboFix Log MBAM Log Kaspersky report __________________ ASAP & UNITE Member

07-16-2009, 05:06 PM	#5 (permalink)
cattch08 Registered User Join Date: Nov 2005 Posts: 19 OS: xp	Re: malware wont work or internet Malwarebytes' Anti-Malware 1.36 Database version: 1945 Windows 5.1.2600 Service Pack 3 16/07/2009 16:48:07 mbam-log-2009-07-16 (16-48-07).txt Scan type: Full Scan (C:\\|E:\\|F:\\|) Objects scanned: 222478 Time elapsed: 2 hour(s), 56 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. ComboFix 09-07-14.08 - Al 16/07/2009 18:36.4.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1574 [GMT 1:00] Running from: c:\documents and settings\Al\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Al\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 ))))))))))))))))))))))))))))))) . 2009-07-15 18:20 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-07-15 18:20 . 2009-07-15 18:20 -------- d-----w- c:\program files\Panda Security 2009-07-14 22:43 . 2009-07-14 22:43 -------- d-----w- c:\program files\Common Files\Scanner 2009-07-14 22:43 . 2009-02-18 12:54 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll 2009-07-14 22:43 . 2009-07-14 22:43 -------- d-----w- c:\program files\CA 2009-07-14 22:41 . 2009-07-14 22:41 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\CA 2009-07-14 21:47 . 2009-07-14 21:47 -------- dc----w- C:\20091407_224411_Al july 09 2009-07-13 20:55 . 2009-04-06 14:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 20:55 . 2009-07-14 06:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-13 20:55 . 2009-04-06 14:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-13 20:55 . 2009-07-13 20:55 -------- dc----w- c:\documents and settings\Administrator.AL-3AD2C13ED7DA.000\Local Settings\Application Data\Adobe 2009-07-13 20:51 . 2009-07-13 20:51 -------- dc----w- c:\documents and settings\Administrator.AL-3AD2C13ED7DA.000\Application Data\SUPERAntiSpyware.com 2009-07-13 17:10 . 2009-07-13 17:10 -------- d-----w- c:\documents and settings\Al\Application Data\Media Player Classic 2009-07-13 16:59 . 2002-07-17 15:22 3535 ----a-w- c:\windows\system\Wowpost.exe 2009-07-13 16:59 . 2002-07-17 15:22 4455 ----a-w- c:\windows\system\Winaspi.dll 2009-07-13 16:59 . 2009-07-13 16:59 3082 ----a-w- c:\windows\system32\affv9553p6now.sys 2009-07-13 14:51 . 2009-07-13 14:51 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVS4YOU 2009-07-13 14:51 . 2009-07-13 14:51 -------- d-----w- c:\documents and settings\Al\Application Data\AVS4YOU 2009-07-13 14:49 . 2009-07-13 20:47 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-07-13 14:49 . 2008-08-13 10:22 974848 ----a-w- c:\windows\system32\mfc70.dll 2009-07-13 14:49 . 2008-08-13 10:22 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-07-13 14:49 . 2009-07-13 20:48 -------- d-----w- c:\program files\AVS4YOU 2009-07-13 14:49 . 2008-08-13 10:22 24576 ----a-w- c:\windows\system32\msxml3a.dll 2009-07-13 14:40 . 2009-07-13 14:40 -------- dc----w- C:\TempDVD 2009-07-13 14:39 . 2009-07-13 20:49 -------- d-----w- c:\program files\dvdSanta 2009-07-12 10:43 . 2009-07-12 10:46 -------- d-----w- c:\documents and settings\Al\Application Data\VSO 2009-07-12 10:43 . 2009-07-12 10:43 -------- d-----w- c:\program files\VSO 2009-07-12 10:38 . 2009-07-12 10:38 125 ----a-w- c:\documents and settings\Al\Local Settings\Application Data\fusioncache.dat 2009-07-12 10:38 . 2009-07-12 10:38 -------- d-----w- c:\program files\Pro Imaging Powertoys 2009-07-12 10:38 . 2009-07-12 10:39 -------- d-----w- c:\documents and settings\Al\Local Settings\Application Data\ApplicationHistory 2009-07-12 10:35 . 2009-07-12 10:35 -------- d-----w- c:\windows\system32\URTTEMP 2009-06-24 13:16 . 2009-06-24 13:16 -------- d-----w- c:\program files\iPod 2009-06-24 13:16 . 2009-06-24 13:16 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-24 13:15 . 2009-06-24 13:15 -------- d-----w- c:\program files\Bonjour 2009-06-24 13:14 . 2009-06-24 13:14 -------- d-----w- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-16 17:39 . 2008-07-07 22:29 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Kontiki 2009-07-16 15:47 . 2007-03-31 17:52 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2009-07-16 06:18 . 2009-01-10 22:42 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8 2009-07-15 21:34 . 2007-04-12 11:51 1984 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-13 20:51 . 2009-04-12 12:47 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-07-13 20:16 . 2007-09-29 12:49 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP 2009-07-03 07:44 . 2009-05-20 06:28 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-25 21:19 . 2007-12-29 10:19 -------- d-----w- c:\program files\IObit 2009-06-24 13:16 . 2007-04-01 12:17 -------- d-----w- c:\program files\iTunes 2009-06-24 13:16 . 2007-07-03 11:08 -------- d-----w- c:\program files\Common Files\Apple 2009-06-24 08:09 . 2009-05-20 06:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-24 08:09 . 2009-05-20 06:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-16 14:36 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 12:00 119808 ------w- c:\windows\system32\t2embed.dll 2009-06-15 19:12 . 2008-07-13 09:44 34 -c--a-w- c:\documents and settings\jamie\jagex_runescape_preferences.dat 2009-06-15 09:45 . 2009-06-15 09:45 -------- d-----w- c:\documents and settings\diane\Application Data\Motive 2009-06-14 12:14 . 2008-06-08 13:15 -------- d-----w- c:\documents and settings\jamie\Application Data\Motive 2009-06-13 18:09 . 2007-05-02 15:15 -------- d-----w- c:\documents and settings\Al\Application Data\Motive 2009-06-13 18:08 . 2009-06-13 18:01 -------- d-----w- c:\program files\BT Broadband Desktop Help 2009-06-13 18:07 . 2007-06-12 12:49 -------- d-----w- c:\program files\Common Files\Motive 2009-06-09 16:15 . 2008-07-27 10:27 -------- d-----w- c:\documents and settings\Al\Application Data\IObit 2009-06-03 19:09 . 2004-08-04 12:00 1291264 ------w- c:\windows\system32\quartz.dll 2009-05-28 17:09 . 2009-04-10 11:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-05-21 18:50 . 2009-04-12 11:25 179976 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-20 06:28 . 2009-05-20 06:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:46 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:46 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\ieencode.dll 2009-04-28 17:32 . 2007-11-25 19:43 71576 -c--a-w- c:\documents and settings\diane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-23 19:24 . 2009-04-12 12:51 123572 -c--a-w- C:\MGlogs.zip . ((((((((((((((((((((((((((((( SnapShot@2009-07-15_21.59.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-16 17:31 . 2009-07-16 17:31 16384 c:\windows\temp\Perflib_Perfdata_f4.dat + 2009-07-16 17:31 . 2009-07-16 17:31 16384 c:\windows\temp\Perflib_Perfdata_b0.dat + 2007-07-28 14:31 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll - 2007-07-28 14:31 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll + 2004-08-04 12:00 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll + 2004-08-04 12:00 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll + 2004-08-04 12:00 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 01000000 [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-24 08:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Microsoft Outlook"=c:\progra~1\MICROS~2\Office10\OUTLOOK.EXE Outlook:Inbox /recycle "SmartRAM"="e:\advanced systemcare 3\Sup_SmartRAM.exe" /m [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "c:\\Program Files\\BitLord\\BitLord.exe"= "e:\\BitLord\\BitLord.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"= "c:\\Program Files\\QuickTime\\QTTask.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\EA Sports\\FIFA 09\\FIFA09.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9919:TCP"= 9919:TCP:BitComet 9919 TCP "9919:UDP"= 9919:UDP:BitComet 9919 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [15/07/2009 19:20 28544] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 13:46 63352] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [15/04/2007 11:03 4064] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/05/2009 07:28 335752] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/05/2009 07:28 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 14:07 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 14:07 72944] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/05/2009 07:28 298776] R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [14/07/2009 23:43 128240] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [17/02/2009 17:09 598856] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112] R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [24/06/2006 02:39 86784] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\C4.tmp --> c:\windows\system32\C4.tmp [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 14:07 7408] S3 uxddrv;Dynamically loaded UxdDrv;\??\d:\diagnose\WSTENG\uxddrv.sys --> d:\diagnose\WSTENG\uxddrv.sys [?] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = 127.0.0.1;.local uSearchURL,(Default) = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - e:\freshdownload\fdcatch.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-16 18:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\C4.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-606747145-1897051121-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:d5,fa,5e,92,0e,79,f8,f0,1e,c7,a3,74,e3,63,76,ba,40,e0,0f,76,a2, b5,66,ee,3c,bd,5e,90,e6,7e,9e,3c,2c,b4,42,49,39,b5,bc,16,15,16,56,4c,28,a8,\ "rkeysecu"=hex:49,49,3b,bf,99,8b,1f,56,4c,4a,9f,e6,ae,31,04,a4 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(616) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3548) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-07-16 18:42 ComboFix-quarantined-files.txt 2009-07-16 17:42 ComboFix2.txt 2009-07-16 17:17 ComboFix3.txt 2009-07-16 06:37 ComboFix4.txt 2009-07-15 22:01 ComboFix5.txt 2009-07-16 17:35 Pre-Run: 32,147,632,128 bytes free Post-Run: 32,116,150,272 bytes free 216 --- E O F --- 2009-07-16 06:06 KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, July 17, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Thursday, July 16, 2009 20:04:41 Records in database: 2475918 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan statistics: Files scanned: 240135 Threat name: 7 Infected objects: 25 Suspicious objects: 0 Duration of the scan: 04:41:29 File name / Threat name / Threats count msimn.exe\fdcatch.dll/msimn.exe\fdcatch.dll Infected: Backdoor.Win32.Hupigon.tsy 1 iexplore.exe\fdcatch.dll/iexplore.exe\fdcatch.dll Infected: Backdoor.Win32.Hupigon.tsy 2 C:\Documents and Settings\Al\DoctorWeb\Quarantine\sdsetup.exe Infected: Trojan-Downloader.Win32.VB.dzo 1 C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a02196 Infected: not-a-virus:AdWare.Win32.Shopper.v 3 C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a02196 Infected: not-a-virus:AdWare.Win32.HotBar.ck 2 C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a02196 Infected: not-a-virus:AdTool.Win32.Zango.ap 1 C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a05452 Infected: not-a-virus:AdWare.Win32.Shopper.v 3 C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a05452 Infected: not-a-virus:AdWare.Win32.HotBar.ck 2 C:\Documents and Settings\Al\DoctorWeb\Quarantine\spamblockerutilityinst[1].exe.bac_a05452 Infected: not-a-virus:AdTool.Win32.Zango.ap 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_ESQULltewcdovrdlxymitbqqowksrummaswux_.sys.zip Infected: Rootkit.Win32.Agent.mlu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ESQULbwwxohqfyaodgakhflnnsiltscrnkolv.dll.vir Infected: Packed.Win32.Tdss.w 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ESQULqvdvaptclkdxybrifrlkymefhaiyfviq.dll.vir Infected: Packed.Win32.Tdss.w 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXfecgftvltylgewidpnpvrabuvdxlxiqw.dll.vir Infected: Packed.Win32.Tdss.w 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXrpqmrrtvsiymbfniwuctetkoxjplqjrn.dll.vir Infected: Packed.Win32.Tdss.w 1 C:\System Volume Information\_restore{B775F775-FED3-490B-A5EB-125288F9D156}\RP0\A0000001.dll Infected: Packed.Win32.Tdss.w 1 C:\System Volume Information\_restore{B775F775-FED3-490B-A5EB-125288F9D156}\RP0\A0000002.dll Infected: Packed.Win32.Tdss.w 1 C:\System Volume Information\_restore{B775F775-FED3-490B-A5EB-125288F9D156}\RP0\A0000573.dll Infected: Packed.Win32.Tdss.w 1 C:\System Volume Information\_restore{B775F775-FED3-490B-A5EB-125288F9D156}\RP0\A0000574.dll Infected: Packed.Win32.Tdss.w 1 The selected area was scanned.

07-16-2009, 06:25 PM	#6 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,181 OS: XP sp3	Re: malware wont work or internet Hi Please do the following: submit a file to virustotal for analysis Use the browse button on that page to navigate to the location of the file to be scanned. In the right hand panel, click on the file e:\freshdownload\fdcatch.dll then click the open button. The file will now be displayed in the submit box. Scroll down a bit and click "send file", wait for the results Make sure you have copied and saved the results before continuing. Do the same for the following files C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe __________________ ASAP & UNITE Member

07-17-2009, 09:35 AM	#7 (permalink)
cattch08 Registered User Join Date: Nov 2005 Posts: 19 OS: xp	Re: malware wont work or internet File fdcatch.dll received on 2009.07.17 15:24:48 (UTC) Current status: finished Result: 0/34 (0%) Compact Print results Email: Antivirus Version Last Update Result AhnLab-V3 5.0.0.2 2009.07.17 - AntiVir 7.9.0.220 2009.07.17 - Antiy-AVL 2.0.3.7 2009.07.17 - Authentium 5.1.2.4 2009.07.17 - Avast 4.8.1335.0 2009.07.16 - BitDefender 7.2 2009.07.17 - CAT-QuickHeal 10.00 2009.07.17 - ClamAV 0.94.1 2009.07.17 - Comodo 1680 2009.07.17 - eTrust-Vet 31.6.6622 2009.07.17 - F-Prot 4.4.4.56 2009.07.17 - F-Secure 8.0.14470.0 2009.07.17 - Fortinet 3.120.0.0 2009.07.17 - GData 19 2009.07.17 - Ikarus T3.1.1.64.0 2009.07.17 - Jiangmin 11.0.800 2009.07.17 - K7AntiVirus 7.10.794 2009.07.16 - Kaspersky 7.0.0.125 2009.07.17 - McAfee 5678 2009.07.16 - McAfee+Artemis 5678 2009.07.16 - McAfee-GW-Edition 6.8.5 2009.07.17 - Microsoft 1.4803 2009.07.17 - NOD32 4254 2009.07.17 - nProtect 2009.1.8.0 2009.07.17 - PCTools 4.4.2.0 2009.07.17 - Prevx 3.0 2009.07.17 - Rising 21.38.44.00 2009.07.17 - Sophos 4.43.0 2009.07.17 - Sunbelt 3.2.1858.2 2009.07.17 - Symantec 1.4.4.12 2009.07.17 - TheHacker 6.3.4.3.369 2009.07.16 - TrendMicro 8.950.0.1094 2009.07.17 - ViRobot 2009.7.17.1841 2009.07.17 - VirusBuster 4.6.5.0 2009.07.16 - Additional information File size: 201728 bytes MD5...: 2d5b73d542aabfa0962af0fc5ee9b8ef SHA1..: 71a8deab614b037b94a6c36619c86778919635fb SHA256: a488034be068bc13aadb25ab61c69b5ece1993cf76d8c02e51c20ebf24a8677b ssdeep: 3072:w9ZQpUFGpeGa78D7XgNVWa6+vH0fExJpEOobfv69IiB+GnIMCFFB/7XMnBn ut62w:QEpePQ70h6+8cxJ0aCWBnITDtcBuU21 PEiD..: ASPack v2.12 TrID..: File type identification Win32 Executable Generic (58.3%) Win16/32 Executable Delphi generic (14.1%) Generic Win/DOS Executable (13.7%) DOS Executable Generic (13.6%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x74001 timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 9 sections ) name viradd virsiz rawdsiz ntrpy md5 CODE 0x1000 0x5f000 0x28000 8.00 4b0c1844d2a1510cf4d9f17b584b30cc DATA 0x60000 0x2000 0x800 7.54 ca1c924f2d11847a4d29c75ff7d0d6bb BSS 0x62000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0x63000 0x3000 0xe00 7.74 de7bd562c0a332b4fecf20e3cffcdd26 .edata 0x66000 0x1000 0x200 2.24 37cfbe0dc24c7eede517fb472e8283d3 .reloc 0x67000 0x7000 0x3e00 7.97 04969ee0663d3339bf2e810ea4acbf79 .rsrc 0x6e000 0x6000 0x2400 6.24 538760eaff9c3dd145f8822883427996 .aspack 0x74000 0x2000 0x1600 5.69 579f0e959ee554d662446129146a5a2c .adata 0x76000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e ( 13 imports ) > kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA > user32.dll: GetKeyboardType > advapi32.dll: RegQueryValueExA > oleaut32.dll: SysFreeString > advapi32.dll: RegSetValueExA > gdi32.dll: UnrealizeObject > user32.dll: WindowFromPoint > ole32.dll: CreateStreamOnHGlobal > oleaut32.dll: CreateErrorInfo > ole32.dll: IsEqualGUID > oleaut32.dll: SafeArrayPtrOfIndex > comctl32.dll: ImageList_SetIconSize > shell32.dll: ShellExecuteA ( 5 exports ) DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, GetDllVersion PDFiD.: - RDS...: NSRL Reference Data Set - packers (F-Prot): Aspack packers (Kaspersky): ASPack File msimn.exe received on 2009.07.17 15:30:55 (UTC) Current status: finished Result: 0/40 (0%) Compact Print results Email: Antivirus Version Last Update Result a-squared 4.5.0.24 2009.07.17 - AhnLab-V3 5.0.0.2 2009.07.17 - AntiVir 7.9.0.220 2009.07.17 - Antiy-AVL 2.0.3.7 2009.07.17 - Authentium 5.1.2.4 2009.07.17 - Avast 4.8.1335.0 2009.07.16 - AVG 8.5.0.387 2009.07.17 - BitDefender 7.2 2009.07.17 - CAT-QuickHeal 10.00 2009.07.17 - ClamAV 0.94.1 2009.07.17 - Comodo 1680 2009.07.17 - DrWeb 5.0.0.12182 2009.07.17 - eTrust-Vet 31.6.6622 2009.07.17 - F-Prot 4.4.4.56 2009.07.17 - F-Secure 8.0.14470.0 2009.07.17 - Fortinet 3.120.0.0 2009.07.17 - GData 19 2009.07.17 - Ikarus T3.1.1.64.0 2009.07.17 - Jiangmin 11.0.800 2009.07.17 - K7AntiVirus 7.10.794 2009.07.16 - Kaspersky 7.0.0.125 2009.07.17 - McAfee 5678 2009.07.16 - McAfee+Artemis 5678 2009.07.16 - McAfee-GW-Edition 6.8.5 2009.07.17 - Microsoft 1.4803 2009.07.17 - NOD32 4254 2009.07.17 - Norman 6.01.09 2009.07.17 - nProtect 2009.1.8.0 2009.07.17 - Panda 10.0.0.14 2009.07.16 - PCTools 4.4.2.0 2009.07.17 - Prevx 3.0 2009.07.17 - Rising 21.38.44.00 2009.07.17 - Sophos 4.43.0 2009.07.17 - Sunbelt 3.2.1858.2 2009.07.17 - Symantec 1.4.4.12 2009.07.17 - TheHacker 6.3.4.3.369 2009.07.16 - TrendMicro 8.950.0.1094 2009.07.17 - VBA32 3.12.10.8 2009.07.16 - ViRobot 2009.7.17.1841 2009.07.17 - VirusBuster 4.6.5.0 2009.07.16 - Additional information File size: 60416 bytes MD5...: 1eeae496a51f017d04dd41322935d2b9 SHA1..: f7afaf8e61263e3117a762ae2f817dff9f5ccc44 SHA256: 5c60d72118528ee01cce426a686b32f949a0153919868aaf388f32f8f6233a9c ssdeep: 768:4DnZlk2JRV6PqRZcTp9RlTddT1T6MMMMM2MMMMM+FV:KZLnV6CcF9R/dT12M MMMM2MMMMM+FV PEiD..: - TrID..: File type identification Win64 Executable Generic (80.9%) Win32 Executable Generic (8.0%) Win32 Dynamic Link Library (generic) (7.1%) Generic Win/DOS Executable (1.8%) DOS Executable Generic (1.8%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x26d1 timedatestamp.....: 0x48025165 (Sun Apr 13 18:31:01 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2080 0x2200 5.87 ec16ec4a728e00ba3f3dac8ff298422b .data 0x4000 0xb8 0x200 0.21 10a3ce6bebaf2ba41f882aa8d96652b0 .rsrc 0x5000 0xc250 0xc400 5.53 e47ea96d4365519f9f70b9f9e452e386 ( 5 imports ) > msvcrt.dll: _vsnprintf > ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, RegQueryValueExA > KERNEL32.dll: GetVersionExA, UnhandledExceptionFilter, CloseHandle, ReleaseMutex, GetFileAttributesA, GetLastError, FreeLibrary, GetProcAddress, LoadLibraryA, lstrlenW, WaitForSingleObject, CreateMutexA, ExitProcess, GetModuleHandleA, GetStartupInfoA, SetErrorMode, GetCommandLineW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, lstrcpynA, SetUnhandledExceptionFilter, lstrlenA, GetEnvironmentVariableA, GetModuleFileNameA > USER32.dll: GetWindowThreadProcessId, SetForegroundWindow, SendMessageTimeoutA, LoadStringA, MessageBoxA > SHLWAPI.dll: SHGetValueA, StrCmpIW, -, SHSetValueA, StrStrIA, PathRemoveFileSpecA, - ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=1eeae496a51f017d04dd41322935d2b9' target='_blank'>http://www.threatexpert.com/report.a...dd41322935d2b9</a> File iexplore.exe received on 2009.07.17 15:35:28 (UTC) Current status: finished Result: 1/41 (2.44%) Compact Print results Email: Antivirus Version Last Update Result a-squared 4.5.0.24 2009.07.17 - AhnLab-V3 5.0.0.2 2009.07.17 - AntiVir 7.9.0.220 2009.07.17 - Antiy-AVL 2.0.3.7 2009.07.17 - Authentium 5.1.2.4 2009.07.17 - Avast 4.8.1335.0 2009.07.16 - AVG 8.5.0.387 2009.07.17 - BitDefender 7.2 2009.07.17 - CAT-QuickHeal 10.00 2009.07.17 - ClamAV 0.94.1 2009.07.17 - Comodo 1680 2009.07.17 - DrWeb 5.0.0.12182 2009.07.17 - eSafe 7.0.17.0 2009.07.16 - eTrust-Vet 31.6.6622 2009.07.17 - F-Prot 4.4.4.56 2009.07.17 - F-Secure 8.0.14470.0 2009.07.17 - Fortinet 3.120.0.0 2009.07.17 - GData 19 2009.07.17 - Ikarus T3.1.1.64.0 2009.07.17 - Jiangmin 11.0.800 2009.07.17 - K7AntiVirus 7.10.794 2009.07.16 - Kaspersky 7.0.0.125 2009.07.17 - McAfee 5678 2009.07.16 - McAfee+Artemis 5678 2009.07.16 - McAfee-GW-Edition 6.8.5 2009.07.17 Heuristic.LooksLike.Win32.Aliser.L Microsoft 1.4803 2009.07.17 - NOD32 4254 2009.07.17 - Norman 6.01.09 2009.07.17 - nProtect 2009.1.8.0 2009.07.17 - Panda 10.0.0.14 2009.07.16 - PCTools 4.4.2.0 2009.07.17 - Prevx 3.0 2009.07.17 - Rising 21.38.44.00 2009.07.17 - Sophos 4.43.0 2009.07.17 - Sunbelt 3.2.1858.2 2009.07.17 - Symantec 1.4.4.12 2009.07.17 - TheHacker 6.3.4.3.369 2009.07.16 - TrendMicro 8.950.0.1094 2009.07.17 - VBA32 3.12.10.8 2009.07.16 - ViRobot 2009.7.17.1841 2009.07.17 - VirusBuster 4.6.5.0 2009.07.16 - Additional information File size: 93184 bytes MD5...: 55794b97a7faabd2910873c85274f409 SHA1..: 58e80c90bf54850b5f3ccbd8edf0877537e0ea8e SHA256: 814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e ssdeep: 1536:PgkhByI4BcDQX2oooD+AyxArAIVJ9bayZbScKEang5Kmp:xeI46QXMmAIX1 tanUKmp PEiD..: - TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2451 timedatestamp.....: 0x48025225 (Sun Apr 13 18:34:13 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1d9b 0x1e00 6.19 73e772779624a5d0c0efef90ccb44536 .data 0x3000 0x9c 0x200 2.57 3250ebd1e3513e9aa0c55ad75a9f41c3 .rsrc 0x4000 0x14740 0x14800 5.65 1792db012eadc42b8aee0d9c523ed883 ( 5 imports ) > msvcrt.dll: _except_handler3 > KERNEL32.dll: UnhandledExceptionFilter, GetCommandLineA, lstrlenW, MultiByteToWideChar, CreateEventA, GetCurrentThreadId, lstrcatA, lstrlenA, lstrcmpiA, lstrcpyA, GetModuleFileNameA, FreeLibrary, GetProcAddress, LoadLibraryA, GetVersionExA, UnmapViewOfFile, CloseHandle, ReleaseMutex, SetEvent, WaitForSingleObject, CreateProcessA, lstrcpynA, GetCurrentProcessId, DuplicateHandle, GetCurrentProcess, CreateMutexA, MapViewOfFile, CreateFileMappingA, WaitForMultipleObjects, GetModuleFileNameW, OpenProcess, GetLastError, SetUnhandledExceptionFilter, LocalFree, LocalAlloc, GetModuleHandleA, ExitThread, GetStartupInfoA, SetErrorMode, TerminateProcess, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime > USER32.dll: GetShellWindow, GetClassNameA, SendMessageA, PeekMessageA, MsgWaitForMultipleObjects, DestroyWindow, TranslateMessage, DispatchMessageA, LoadStringA, DefWindowProcA, RegisterClassA, CreateMenu, CreateWindowExA, ShowWindow, GetForegroundWindow, wsprintfA > SHLWAPI.dll: SHGetValueA, -, -, -, -, -, -, SHRegGetBoolUSValueA, PathRemoveFileSpecA, PathAppendA, PathQuoteSpacesA, StrCpyNW, wnsprintfA, PathFindFileNameA, StrStrIA, - > SHDOCVW.dll: -, - ( 1 exports ) DllGetLCID PDFiD.: - RDS...: NSRL Reference Data Set - ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=55794b97a7faabd2910873c85274f409' target='_blank'>http://www.threatexpert.com/report.a...0873c85274f409</a>

07-17-2009, 12:01 PM	#8 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,181 OS: XP sp3	Re: malware wont work or internet Hi, Please post a fresh DDS log and advise how your computer is running now and if there are any outstanding issues. Thanks ~CB __________________ ASAP & UNITE Member

07-17-2009, 02:28 PM	#10 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,181 OS: XP sp3	Re: malware wont work or internet Hi, Please do the following: Visit ADOBEand download the latest version of Acrobat Reader (version 9.1) Having the latest updates ensures there are no security vulnerabilities in your system. NEXT Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop. Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and AppletsTrace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. NEXT Now we need to do a little housekeeping. Please do the following: You can delete the DDS and GMER folders from your desktop. NEXT Follow these steps to uninstall Combofix Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there. Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal. NEXT Below I have included a number of recommendations for how to protect your computer against malware infections. It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE For Firefox, I highly recommend this add-on to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: Think Prevention. PC Safety and Security--What Do I Need?. **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Thank you for your patience, and performing all of the procedures requested. Please respond one last time so we can consider the thread resolved and close it, thank-you. __________________ ASAP & UNITE Member