• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
lapppy

infected with vpanele.com virus

26 posts in this topic

hi all,

 

Im currently infected with this virus vpanele.com. I can't get rid of it even i reformat my com. Anyone could be able to help regarding this? Currently no anti virus in my com. Below are my Hjackthis logfile. Hopefully anyone can help me regarding this. Even my inet speed is slow and sometime total bytes i receive/send can shoot up to 100million bytes even when i'm not downloading anything. thanks.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:24:53 PM, on 3/12/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Prevx\prevx.exe

C:\Program Files\SpywareDetector\SDMainService.exe

C:\Program Files\SpywareDetector\SDService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Prevx\prevx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\System32\winIogon.exe

C:\WINDOWS\System32\firewall.exe

C:\Program Files\SpywareDetector\SDActiveMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe

O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe

O4 - HKLM\..\Run: [sDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO

O4 - HKLM\..\RunServices: [Paner vPanle] vPanele.com

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{479B98CF-D2BB-4570-8FF9-761A80B3913E}: NameServer = 165.21.100.88 165.21.83.88

O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe

O23 - Service: SDMainSvc - Max Secure Software - C:\Program Files\SpywareDetector\SDMainService.exe

O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

 

--

End of file - 3157 bytes

Share this post


Link to post
Share on other sites

hello

 

Please run the MGA Diagnostic Tool and post back the report it shall produce:

  1. Download MGADiag to your desktop.
  2. Double-click on MGADiag.exe to launch the program
  3. Click "Continue"
  4. Ensure that the "Windows" tab is selected (it should be by default).
  5. Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  6. Paste the MGA Diagnostic Report back here in your next reply.

Share this post


Link to post
Share on other sites

Hi here are the report.

 

 

Diagnostic Report (1.9.0006.1):

-----------------------------------------

WGA Data-->

Validation Status: Validation Control not Installed

Validation Code: 0

Online Validation Code: N/A

Cached Validation Code: N/A

Windows Product Key: *****-*****-YHPQ4-QRV3H-C4MRQ

Windows Product Key Hash: dIS7tSBd7QhjgaeUohwDWQG1vrg=

Windows Product ID: 55274-640-1767777-23165

Windows Product ID Type: 1

Windows License Type: Volume

Windows OS version: 5.1.2600.2.00010100.1.0.pro

ID: {E54FE9E3-DF5D-486D-8B26-1521921D2716}(3)

Is Admin: Yes

TestCab: 0x0

WGA Version: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: N/A

Architecture: N/A

Build lab: N/A

TTS Error: N/A

Validation Diagnostic: 025D1FF3-230-1

Resolution Status: N/A

 

WgaER Data-->

ThreatID(s): N/A

Version: N/A

 

WGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

 

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

WGATray.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

 

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

 

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)

Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control:

Active scripting:

Script ActiveX controls marked as safe for scripting:

 

File Scan Data-->

 

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{E54FE9E3-DF5D-486D-8B26-1521921D2716}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010100.1.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-C4MRQ</PKey><PID>55274-640-1767777-23165</PID><PIDType>1</PIDType><SID>S-1-5-21-1275210071-1708537768-839522115</SID><SYSTEM><Manufacturer>GBT___</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F1</Version><SMBIOSVersion major="2" minor="3"/><Date>20051027******.******+***</Date></BIOS><HWID>78A533470184405D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

 

Licensing Data-->

N/A

 

HWID Data-->

N/A

 

OEM Activation 1.0 Data-->

BIOS string matches: yes

Marker string from BIOS: 13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP|13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP|13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP

Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

 

OEM Activation 2.0 Data-->

N/A

Share this post


Link to post
Share on other sites

I just did a scan with PandaActive Scan 2.0 online scanning and they found Trj/Buzus.AH, W32/Virutas.FG, Generic Malware ,Trj/Downloader.MDW.

 

Cookie/Atlas DMT - C:\Documents and Settings\lution\Cookies\[email protected][2].txt

Cookie/Doubleclick - C:\Documents and Settings\lution\Cookies\[email protected][2].txt

 

Under Vulnerabilities all these, not sure got any big threat.

 

MS06-025

MS06-018

MS06-013

MS06-046

MS06-011

MS05-052

MS06-057

MS06-045

MS05-053

MS05-051

MS06-022

MS05-050

MS06-053

MS06-021

MS06-008

MS06-052

MS06-042

MS06-007

MS06-041

MS06-006

MS06-001

MS06-040

MS05-054

MS06-055

MS06-032

MS06-065

MS05-049

MS06-064

MS06-051

MS06-030

MS06-063

MS06-050

MS06-036

MS06-015

MS06-035

MS06-002

 

And i got another question here, whether if i bought a new com, will i still get infected using the current internet boardband provider? Because i discover that they been stealing my internet speed thus causing my com to slow down when on net.

thanks.

Share this post


Link to post
Share on other sites

Hi i completed my validation for my windows.

 

Diagnostic Report (1.9.0006.1):

-----------------------------------------

WGA Data-->

Validation Status: Genuine

Validation Code: 0

Online Validation Code: N/A

Cached Validation Code: N/A

Windows Product Key: *****-*****-YHPQ4-QRV3H-C4MRQ

Windows Product Key Hash: dIS7tSBd7QhjgaeUohwDWQG1vrg=

Windows Product ID: 55274-640-1767777-23165

Windows Product ID Type: 1

Windows License Type: Volume

Windows OS version: 5.1.2600.2.00010100.1.0.pro

ID: {E54FE9E3-DF5D-486D-8B26-1521921D2716}(3)

Is Admin: Yes

TestCab: 0x0

WGA Version: Registered, 1.9.9.1

Signed By: Microsoft

Product Name: N/A

Architecture: N/A

Build lab: N/A

TTS Error: N/A

Validation Diagnostic: 025D1FF3-230-1

Resolution Status: N/A

 

WgaER Data-->

ThreatID(s): N/A

Version: N/A

 

WGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

 

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

WGATray.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

 

OGA Data-->

Office Status: 109 N/A

OGA Version: Registered, 1.6.28.0

Signed By: Microsoft

Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

 

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)

Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control:

Active scripting:

Script ActiveX controls marked as safe for scripting:

 

File Scan Data-->

 

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{E54FE9E3-DF5D-486D-8B26-1521921D2716}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010100.1.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-C4MRQ</PKey><PID>55274-640-1767777-23165</PID><PIDType>1</PIDType><SID>S-1-5-21-1275210071-1708537768-839522115</SID><SYSTEM><Manufacturer>GBT___</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F1</Version><SMBIOSVersion major="2" minor="3"/><Date>20051027******.******+***</Date></BIOS><HWID>78A533470184405D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

 

Licensing Data-->

N/A

 

HWID Data-->

N/A

 

OEM Activation 1.0 Data-->

BIOS string matches: yes

Marker string from BIOS: 13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP|13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP|13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP

Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

 

OEM Activation 2.0 Data-->

N/A

Share this post


Link to post
Share on other sites

hello

 

Download Rooter.exe to your desktop

  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Share this post


Link to post
Share on other sites

hi here the report.

 

Microsoft Windows XP Professional (5.1.2600) Service Pack 1

 

A:\ [Removable] (Total:0 Mo/Free:0 Mo)

C:\ [Fixed] - NTFS - (Total:76308 Mo/Free:2993 Mo)

D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

 

Fri 03/13/2009|11:18

 

----------------------\\ Processes..

 

--Locked-- [system Process]

---------- System

---------- \SystemRoot\System32\smss.exe

---------- \??\C:\WINDOWS\system32\csrss.exe

---------- \??\C:\WINDOWS\system32\winlogon.exe

---------- C:\WINDOWS\system32\services.exe

---------- C:\WINDOWS\system32\lsass.exe

---------- C:\WINDOWS\system32\svchost.exe

---------- C:\WINDOWS\System32\svchost.exe

---------- C:\WINDOWS\System32\svchost.exe

---------- C:\WINDOWS\System32\svchost.exe

---------- C:\WINDOWS\system32\spoolsv.exe

---------- C:\WINDOWS\System32\alg.exe

---------- C:\Program Files\Prevx\prevx.exe

---------- C:\Program Files\SpywareDetector\SDMainService.exe

---------- C:\Program Files\SpywareDetector\SDService.exe

---------- C:\Program Files\Prevx\prevx.exe

---------- C:\WINDOWS\Explorer.EXE

---------- C:\WINDOWS\SOUNDMAN.EXE

---------- C:\WINDOWS\System32\igfxtray.exe

---------- C:\WINDOWS\System32\hkcmd.exe

---------- C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

---------- C:\Program Files\SpywareDetector\SDActiveMonitor.exe

---------- C:\Program Files\MSN Messenger\MsnMsgr.Exe

---------- C:\Program Files\Messenger\msmsgs.exe

---------- C:\Documents and Settings\lution\Desktop\dv61wu8x.exe

---------- C:\WINDOWS\System32\wuauclt.exe

---------- C:\Program Files\Internet Explorer\iexplore.exe

---------- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

---------- C:\Program Files\MSN Messenger\usnsvc.exe

---------- C:\WINDOWS\System32\wuauclt.exe

---------- C:\WINDOWS\System32\cmd.exe

---------- C:\Rooter$\RK.exe

 

----------------------\\ Search..

 

----------------------\\ ROOTKIT !!

 

 

 

1 - "C:\Rooter$\Rooter_1.txt" - Fri 03/13/2009|11:19

 

----------------------\\ Scan completed at 11:19

Share this post


Link to post
Share on other sites

any reason you haven't updated to SP2?

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    %systemroot%\System32\antiwpa.dll
    %systemroot%\SYSTEM32\wpa.dll
    %systemroot%\setup\scripts\biestart.exe
    %systemroot%\system32\drivers\royal.sys
    %systemroot%\system32\serauth1.dll
    %systemroot%\system32\serauth2.dll
    %systemroot%\system32\sysaudio.sys
    %systemroot%\system32\wdmaud.sys
    %systemroot%\system32\aeaudio.sys

     
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Share this post


Link to post
Share on other sites

I just reformat my com and found out i can't get rid of the virus even reformated. And my disc only install SP1, so it is advisable to install SP2 now?

 

Here the report.

 

OTListIt logfile created on: 3/14/2009 12:58:09 PM - Run 1

OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\lution\Desktop

Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2800.1106)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

479.48 Mb Total Physical Memory | 186.11 Mb Available Physical Memory | 38.81% Memory free

1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.37% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 66.06 Gb Free Space | 88.65% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: BEN

Current User Name: lution

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

 

========== Processes (SafeList) ==========

 

PRC - C:\Program Files\Prevx\prevx.exe (Prevx)

PRC - C:\Program Files\SpywareDetector\SDMainService.exe (Max Secure Software )

PRC - C:\Program Files\SpywareDetector\SDService.exe (Max Secure Software )

PRC - C:\Program Files\Prevx\prevx.exe (Prevx)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

PRC - C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (Alcatel Bell)

PRC - C:\Program Files\SpywareDetector\SDActiveMonitor.exe (Max Secure Software Pvt. Ltd.)

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)

PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\lution\Desktop\OTListIt2.exe (OldTimer Tools)

 

========== Win32 Services (SafeList) ==========

 

SRV - (CSIScanner [Auto | Running]) -- C:\Program Files\Prevx\prevx.exe (Prevx)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (SDMainSvc [Auto | Running]) -- C:\Program Files\SpywareDetector\SDMainService.exe (Max Secure Software )

SRV - (SDService [Auto | Running]) -- C:\Program Files\SpywareDetector\SDService.exe (Max Secure Software )

SRV - (uploadmgr [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (WmdmPmSp [Auto | Running]) -- C:\WINDOWS\System32\mspmspsv.dll (Microsoft Corporation)

 

========== Driver Services (SafeList) ==========

 

DRV - (alcan5wn [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys (Alcatel Bell)

DRV - (alcaudsl [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys (Alcatel Bell)

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)

DRV - (pavboot [boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (pxscan [boot | Running]) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)

DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )

DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation )

DRV - (SDManager [system | Running]) -- C:\Program Files\SpywareDetector\SDManager.sys (Max Secure Software Pvt. Ltd.)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 NtKrnlpa.info

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [sDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO (Max Secure Software Pvt. Ltd.)

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon (Alcatel Bell)

O4 - HKCU..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe File not found

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()

O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {3253534D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/3...980/wms9dmo.cab (Reg Error: Key error.)

O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found

O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found

O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\SpywareDetector\SDNotify.dll - C:\Program Files\SpywareDetector\SDNotify.dll (Max Secure Software)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[2 C:\WINDOWS\*.tmp files]

[2009/03/14 12:56:13 | 00,505,344 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lution\Desktop\OTListIt2.exe

[2009/03/13 11:18:37 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/03/13 11:18:30 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Rooter.exe

[2009/03/12 23:19:36 | 00,295,424 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\dv61wu8x.exe

[2009/03/12 21:10:36 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\jznqkbgw.exe

[2009/03/12 21:10:35 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\aitk.exe

[2009/03/12 20:03:34 | 00,000,000 | ---D | C] -- C:\SDFix

[2009/03/12 20:03:13 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\SDFix.exe

[2009/03/12 19:56:25 | 00,000,000 | ---D | C] -- C:\Lop SD

[2009/03/12 19:56:08 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\LopSD.exe

[2009/03/12 19:54:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2009/03/12 19:54:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/03/12 19:54:46 | 01,561,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lution\Desktop\MGADiag.exe

[2009/03/12 19:46:49 | 00,000,000 | ---D | C] -- C:\ERDNT

[2009/03/12 19:46:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009/03/12 19:46:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/03/12 19:46:41 | 00,000,000 | ---D | C] -- C:\!FixIEDef

[2009/03/12 19:46:28 | 01,130,036 | ---- | C] (Malwareteks.com) -- C:\Documents and Settings\lution\Desktop\FixIEDef.exe

[2009/03/12 19:12:50 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2009/03/12 19:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2009/03/12 19:12:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\HijackThis.lnk

[2009/03/12 19:12:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/03/12 19:11:28 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\lution\Desktop\HJTInstall.exe

[2009/03/12 19:07:46 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\bvth.exe

[2009/03/12 19:07:45 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\dmmeyj.exe

[2009/03/12 19:01:48 | 00,311,591 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\AntiRootkit.zip

[2009/03/12 18:52:08 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\oqqsu.exe

[2009/03/10 17:01:22 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\pqsx.exe

[2009/03/10 17:01:20 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\ylorez.exe

[2009/03/08 17:25:58 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\ktcj.exe

[2009/03/08 17:25:56 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\uchm.exe

[2009/03/08 09:12:18 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ueps.exe

[2009/03/08 09:12:16 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\akcc.exe

[2009/03/06 22:41:01 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tfnqojhd.exe

[2009/03/05 00:23:22 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zlbeeit.exe

[2009/03/05 00:23:21 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\fbcpkwfd.exe

[2009/03/04 18:29:06 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\azojtee.exe

[2009/03/04 18:29:03 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\uhfwiiaw.exe

[2009/03/03 22:43:40 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\gepcenbw.exe

[2009/03/03 22:43:40 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\mszot.exe

[2009/03/03 20:29:17 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\unlfwsjz.exe

[2009/03/03 20:29:17 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\iacfh.exe

[2009/03/02 21:46:14 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\oisz.exe

[2009/03/02 21:46:14 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\vcll.exe

[2009/03/02 15:31:08 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\frwcn.exe

[2009/03/02 15:31:08 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\dqlaok.exe

[2009/03/01 23:45:22 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\txzmbpto.exe

[2009/03/01 23:45:22 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\uuujkif.exe

[2009/03/01 19:34:38 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\usbfafc.exe

[2009/03/01 19:34:34 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\upmf.exe

[2009/03/01 19:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lution\Local Settings\Application Data\Identities

[2009/03/01 01:00:45 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\dmss.exe

[2009/03/01 01:00:45 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\hiawvlyq.exe

[2009/03/01 00:58:45 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\izpvx.exe

[2009/03/01 00:58:45 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\rikreng.exe

[2009/02/28 14:10:59 | 00,100,316 | ---- | C] () -- C:\WINDOWS\System32\inaa.exe

[2009/02/28 14:10:50 | 00,100,316 | ---- | C] () -- C:\WINDOWS\System32\huuki.exe

[2009/02/28 13:58:53 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\tvxxuub.exe

[2009/02/28 13:53:53 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\udstqj.exe

[2009/02/28 13:53:53 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\cgmsgp.exe

[2009/02/28 00:47:39 | 00,045,053 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 4.jpg

[2009/02/28 00:45:52 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\xkaapmwi.exe

[2009/02/28 00:28:52 | 00,017,860 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 3.jpg

[2009/02/28 00:28:30 | 00,021,239 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 2.jpg

[2009/02/28 00:28:20 | 00,023,240 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 1.jpg

[2009/02/27 20:35:59 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\qouxbnse.exe

[2009/02/27 20:30:59 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\htyc.exe

[2009/02/25 18:27:01 | 70,664,752 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\lution\Desktop\avg_avwt_stf_all_8_237a1428.exe

[2009/02/25 18:22:56 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\whxno.exe

[2009/02/25 18:22:53 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\nzqtxjd.exe

[2009/02/23 16:32:35 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\drhgu.exe

[2009/02/23 14:50:41 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\giekv.exe

[2009/02/22 17:55:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\mftjks.exe

[2009/02/22 17:54:11 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll

[2009/02/22 17:54:11 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll

[2009/02/22 17:54:10 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex

[2009/02/22 17:54:10 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex

[2009/02/22 17:54:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll

[2009/02/22 17:54:10 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll

[2009/02/22 17:54:10 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn

[2009/02/22 17:54:10 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor

[2009/02/22 17:54:01 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl

[2009/02/22 17:54:01 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab

[2009/02/22 17:54:01 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl

[2009/02/22 17:54:01 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl

[2009/02/22 17:54:01 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl

[2009/02/22 17:54:01 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl

[2009/02/22 17:54:01 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab

[2009/02/22 17:54:01 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl

[2009/02/22 17:54:01 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl

[2009/02/22 17:54:01 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl

[2009/02/22 17:54:01 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl

[2009/02/22 17:54:01 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl

[2009/02/22 17:54:00 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls

[2009/02/22 17:54:00 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls

[2009/02/22 17:54:00 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls

[2009/02/22 17:54:00 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl

[2009/02/22 17:54:00 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl

[2009/02/22 17:54:00 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP

[2009/02/22 17:54:00 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP

[2009/02/22 17:54:00 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl

[2009/02/22 17:53:55 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB

[2009/02/22 17:53:55 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB

[2009/02/22 17:53:55 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB

[2009/02/22 17:53:55 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll

[2009/02/22 17:53:55 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls

[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME

[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME

[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME

[2009/02/22 17:53:55 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls

[2009/02/22 17:53:55 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls

[2009/02/22 17:53:55 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME

[2009/02/22 17:53:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll

[2009/02/22 17:53:47 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls

[2009/02/22 17:53:46 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls

[2009/02/22 17:53:46 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls

[2009/02/22 17:53:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll

[2009/02/22 17:53:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll

[2009/02/22 17:53:45 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec.dll

[2009/02/22 17:53:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll

[2009/02/22 17:53:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll

[2009/02/22 17:53:45 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll

[2009/02/22 17:53:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll

[2009/02/22 17:53:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll

[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll

[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll

[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll

[2009/02/22 17:53:25 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll

[2009/02/22 17:53:24 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls

[2009/02/22 17:53:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls

[2009/02/22 17:53:24 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls

[2009/02/22 17:53:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls

[2009/02/22 17:53:24 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls

[2009/02/22 17:53:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls

[2009/02/22 17:53:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls

[2009/02/22 17:53:24 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls

[2009/02/22 17:53:23 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME

[2009/02/22 17:53:22 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME

[2009/02/22 17:53:22 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime

[2009/02/22 17:53:22 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime

[2009/02/22 17:53:22 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime

[2009/02/22 17:53:22 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime

[2009/02/22 17:53:22 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll

[2009/02/22 17:53:22 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime

[2009/02/22 17:53:22 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime

[2009/02/22 17:53:22 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime

[2009/02/22 17:53:22 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl

[2009/02/22 17:53:21 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime

[2009/02/22 17:53:17 | 00,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME

[2009/02/22 17:53:17 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imekr61.ime

[2009/02/22 17:53:16 | 00,827,438 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll

[2009/02/22 17:53:16 | 00,340,013 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime

[2009/02/22 17:52:32 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll

[2009/02/22 17:52:32 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll

[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll

[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll

[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll

[2009/02/22 17:52:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll

[2009/02/22 17:52:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\jogoi.exe

[2009/02/22 16:03:38 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\xgpa.exe

[2009/02/22 15:47:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\bgsuoti.exe

[2009/02/22 12:24:12 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\nnocue.exe

[2009/02/22 12:19:09 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\bcstu.exe

[2009/02/21 23:18:10 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\odmepal.exe

[2009/02/21 18:26:32 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\YouTube Downloader.lnk

[2009/02/21 18:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader

[2009/02/21 18:26:20 | 05,637,845 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\youtubedownloader.exe

[2009/02/21 18:02:51 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\kcua.exe

[2009/02/21 16:19:16 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\vrcrz.exe

[2009/02/21 16:19:16 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\nudz.exe

[2009/02/17 22:44:33 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\qfwwmu.exe

[2009/02/17 22:26:32 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\gkzb.exe

[2009/02/16 22:22:30 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Cheat Engine.lnk

[2009/02/16 22:22:29 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2009/02/16 22:22:29 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll

[2009/02/16 22:22:28 | 00,000,000 | ---D | C] -- C:\Program Files\Cheat Engine

[2009/02/16 20:46:23 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tuhyi.exe

[2009/02/16 20:41:20 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ofrvwln.exe

[2009/02/16 13:56:01 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ipeafcrw.exe

[2009/02/16 13:53:57 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\sojtijpr.exe

[2009/02/16 00:36:48 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\rjgg.exe

[2009/02/16 00:30:07 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\edfxi.exe

[2009/02/15 22:55:48 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zlbcsu.exe

[2009/02/15 22:46:43 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zcdcitpk.exe

[2009/02/15 20:34:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tanog.exe

[2009/02/15 12:21:05 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tkqkuu.exe

[2009/02/15 12:14:07 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\suhpox.exe

[2009/02/15 00:05:02 | 00,022,536 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys

[2009/02/15 00:05:01 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx

[2009/02/15 00:04:58 | 00,000,065 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/02/15 00:04:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI

[2009/02/14 23:45:29 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\oiqofma.exe

[2009/02/14 23:42:37 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tlcgnp.exe

[2009/02/14 23:09:57 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\pbhuv.exe

[2009/02/14 23:09:57 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\hvozx.exe

[2009/02/14 22:31:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zmkh.exe

[2009/02/14 22:31:25 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ksemxfz.exe

[2009/02/14 22:12:13 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\riakz.exe

[2009/02/14 22:00:09 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\gqfnkupb.exe

[2009/02/14 12:49:19 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\jgrfyymm.exe

[2009/02/14 12:40:18 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ofeooexk.exe

[2009/02/14 00:28:21 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ztuao.exe

[2009/02/13 23:24:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ddwhwau.exe

[2009/02/13 12:29:02 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\egoftpth.exe

[2009/02/13 12:27:01 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zftohst.exe

[2009/02/13 10:48:07 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zzytlnc.exe

[2009/02/13 10:38:16 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\rgrnitmt.exe

[2009/02/12 22:28:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\cwik.exe

[2009/02/12 22:16:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\hzgg.exe

[2009/02/12 20:44:27 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\lvovkj.exe

[2009/02/12 20:35:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\msdejefu.exe

[2009/02/12 20:17:30 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\lbgr.exe

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[2 C:\WINDOWS\*.tmp files]

[2009/03/14 12:56:18 | 00,505,344 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lution\Desktop\OTListIt2.exe

[2009/03/14 12:54:40 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\lution\My Documents\My Sharing Folders.lnk

[2009/03/14 12:53:56 | 00,000,063 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll

[2009/03/14 12:53:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/03/14 12:53:53 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/03/14 12:53:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/03/14 01:25:13 | 03,222,122 | -H-- | M] () -- C:\Documents and Settings\lution\Local Settings\Application Data\IconCache.db

[2009/03/13 11:18:34 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Rooter.exe

[2009/03/12 23:49:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/03/12 23:19:47 | 00,295,424 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\dv61wu8x.exe

[2009/03/12 23:13:35 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/03/12 23:13:35 | 00,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/03/12 23:13:35 | 00,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/03/12 21:10:36 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\jznqkbgw.exe

[2009/03/12 21:10:36 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\aitk.exe

[2009/03/12 20:03:21 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\SDFix.exe

[2009/03/12 19:56:20 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\LopSD.exe

[2009/03/12 19:54:50 | 01,561,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lution\Desktop\MGADiag.exe

[2009/03/12 19:46:34 | 01,130,036 | ---- | M] (Malwareteks.com) -- C:\Documents and Settings\lution\Desktop\FixIEDef.exe

[2009/03/12 19:12:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\HijackThis.lnk

[2009/03/12 19:11:35 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\lution\Desktop\HJTInstall.exe

[2009/03/12 19:07:46 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\bvth.exe

[2009/03/12 19:07:45 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\dmmeyj.exe

[2009/03/12 19:06:32 | 00,000,532 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/03/12 19:01:49 | 00,311,591 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\AntiRootkit.zip

[2009/03/12 18:52:08 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\oqqsu.exe

[2009/03/10 17:01:22 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\pqsx.exe

[2009/03/10 17:01:20 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\ylorez.exe

[2009/03/08 17:25:59 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\ktcj.exe

[2009/03/08 17:25:56 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\uchm.exe

[2009/03/08 09:12:18 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ueps.exe

[2009/03/08 09:12:17 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\akcc.exe

[2009/03/06 22:41:01 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\tfnqojhd.exe

[2009/03/06 21:55:37 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2009/03/05 00:23:22 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\fbcpkwfd.exe

[2009/03/05 00:23:22 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zlbeeit.exe

[2009/03/04 19:26:01 | 00,022,536 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys

[2009/03/04 19:25:57 | 00,000,065 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2009/03/04 18:29:06 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\azojtee.exe

[2009/03/04 18:29:03 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\uhfwiiaw.exe

[2009/03/03 22:43:41 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\gepcenbw.exe

[2009/03/03 22:43:41 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\mszot.exe

[2009/03/03 20:29:18 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\unlfwsjz.exe

[2009/03/03 20:29:17 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\iacfh.exe

[2009/03/02 21:46:15 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\oisz.exe

[2009/03/02 21:46:14 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\vcll.exe

[2009/03/02 15:31:08 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\frwcn.exe

[2009/03/02 15:31:08 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\dqlaok.exe

[2009/03/01 23:45:22 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\txzmbpto.exe

[2009/03/01 23:45:22 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\uuujkif.exe

[2009/03/01 19:34:38 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\usbfafc.exe

[2009/03/01 19:34:35 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\upmf.exe

[2009/03/01 01:00:46 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\dmss.exe

[2009/03/01 01:00:46 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\hiawvlyq.exe

[2009/03/01 00:58:46 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\izpvx.exe

[2009/03/01 00:58:45 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\rikreng.exe

[2009/02/28 14:11:02 | 00,100,316 | ---- | M] () -- C:\WINDOWS\System32\inaa.exe

[2009/02/28 14:10:51 | 00,100,316 | ---- | M] () -- C:\WINDOWS\System32\huuki.exe

[2009/02/28 13:58:54 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\tvxxuub.exe

[2009/02/28 13:53:54 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\udstqj.exe

[2009/02/28 13:53:53 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\cgmsgp.exe

[2009/02/28 00:47:31 | 00,045,053 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 4.jpg

[2009/02/28 00:45:52 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\xkaapmwi.exe

[2009/02/28 00:21:18 | 00,017,860 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 3.jpg

[2009/02/28 00:20:40 | 00,023,240 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 1.jpg

[2009/02/28 00:20:40 | 00,021,239 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 2.jpg

[2009/02/27 20:35:59 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\qouxbnse.exe

[2009/02/27 20:30:59 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\htyc.exe

[2009/02/25 18:27:00 | 70,664,752 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\lution\Desktop\avg_avwt_stf_all_8_237a1428.exe

[2009/02/25 18:22:57 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\whxno.exe

[2009/02/25 18:22:53 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\nzqtxjd.exe

[2009/02/23 16:32:36 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\drhgu.exe

[2009/02/23 14:50:41 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\giekv.exe

[2009/02/23 14:48:48 | 00,095,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/02/22 17:55:04 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\mftjks.exe

[2009/02/22 17:52:05 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\jogoi.exe

[2009/02/22 16:03:38 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\xgpa.exe

[2009/02/22 15:47:04 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\bgsuoti.exe

[2009/02/22 12:24:13 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\nnocue.exe

[2009/02/22 12:19:10 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\bcstu.exe

[2009/02/21 23:18:10 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\odmepal.exe

[2009/02/21 18:26:32 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\YouTube Downloader.lnk

[2009/02/21 18:26:20 | 05,637,845 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\youtubedownloader.exe

[2009/02/21 18:02:51 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\kcua.exe

[2009/02/21 16:19:16 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\vrcrz.exe

[2009/02/21 16:19:16 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\nudz.exe

[2009/02/17 22:44:33 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\qfwwmu.exe

[2009/02/17 22:26:33 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\gkzb.exe

[2009/02/16 22:22:30 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Cheat Engine.lnk

[2009/02/16 20:46:23 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\tuhyi.exe

[2009/02/16 20:41:20 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ofrvwln.exe

[2009/02/16 13:56:02 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ipeafcrw.exe

[2009/02/16 13:53:58 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\sojtijpr.exe

[2009/02/16 00:36:48 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\rjgg.exe

[2009/02/16 00:30:07 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\edfxi.exe

[2009/02/15 22:55:48 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zlbcsu.exe

[2009/02/15 22:46:43 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zcdcitpk.exe

[2009/02/15 20:34:05 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\tanog.exe

[2009/02/15 12:21:06 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\tkqkuu.exe

[2009/02/15 12:14:07 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\suhpox.exe

[2009/02/14 23:45:29 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\oiqofma.exe

[2009/02/14 23:42:37 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\tlcgnp.exe

[2009/02/14 23:09:58 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\hvozx.exe

[2009/02/14 23:09:57 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\pbhuv.exe

[2009/02/14 22:31:28 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zmkh.exe

[2009/02/14 22:31:25 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ksemxfz.exe

[2009/02/14 22:12:13 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\riakz.exe

[2009/02/14 22:00:10 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\gqfnkupb.exe

[2009/02/14 12:49:20 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\jgrfyymm.exe

[2009/02/14 12:40:19 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ofeooexk.exe

[2009/02/14 00:28:21 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ztuao.exe

[2009/02/13 23:24:28 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ddwhwau.exe

[2009/02/13 12:29:02 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\egoftpth.exe

[2009/02/13 12:27:01 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zftohst.exe

[2009/02/13 10:48:08 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zzytlnc.exe

[2009/02/13 10:38:16 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\rgrnitmt.exe

[2009/02/12 22:28:28 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\cwik.exe

[2009/02/12 22:16:28 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\hzgg.exe

[2009/02/12 20:44:28 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\lvovkj.exe

[2009/02/12 20:35:04 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\msdejefu.exe

[2009/02/12 20:17:30 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\lbgr.exe

 

========== LOP Check ==========

 

[2009/03/12 19:54:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/02/27 20:32:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2009/03/12 19:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2009/03/04 19:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI

[2009/03/12 19:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/02/08 17:33:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\lution\Application Data

[2009/02/08 15:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lution\Application Data\Adobe

[2009/02/08 15:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lution\Application Data\Identities

[2009/02/08 17:33:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lution\Application Data\InstallShield

[2009/02/08 15:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lution\Application Data\Macromedia

[2009/03/01 19:34:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\lution\Application Data\Microsoft

[2009/02/08 15:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lution\Application Data\Sun

[2002/11/25 20:44:56 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/03/14 12:53:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

 

========== Purity Check ==========

 

 

========== Custom Scans ==========

 

 

 

========== Net Services ==========

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\NetSvcs

 

6to4 - -

AppMgmt - C:\WINDOWS\System32\appmgmts.dll - (Microsoft Corporation)

AudioSrv - C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation)

Browser - C:\WINDOWS\System32\browser.dll - (Microsoft Corporation)

CryptSvc - C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation)

DMServer - C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp.)

DHCP - C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation)

ERSvc - C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation)

EventSystem - C:\WINDOWS\System32\es.dll - (Microsoft Corporation)

FastUserSwitchingCompatibility - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)

HidServ - C:\WINDOWS\System32\hidserv.dll - (Microsoft Corporation)

Ias - -

Iprip - -

Irmon - -

LanmanServer - C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation)

LanmanWorkstation - C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation)

Messenger - C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation)

Netman - C:\WINDOWS\System32\netman.dll - (Microsoft Corporation)

Nla - C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation)

Ntmssvc - C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation)

NWCWorkstation - -

Nwsapagent - -

Rasauto - C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation)

Rasman - C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation)

Remoteaccess - C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation)

Schedule - C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation)

Seclogon - C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation)

SENS - C:\WINDOWS\system32\sens.dll - (Microsoft Corporation)

Sharedaccess - C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation)

SRService - C:\WINDOWS\System32\srsvc.dll - (Microsoft Corporation)

Tapisrv - C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation)

Themes - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)

TrkWks - C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation)

W32Time - C:\WINDOWS\System32\w32time.dll - (Microsoft Corporation)

WZCSVC - C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation)

Wmi - C:\WINDOWS\System32\advapi32.dll - (Microsoft Corporation)

WmdmPmSp - C:\WINDOWS\System32\mspmspsv.dll - (Microsoft Corporation)

winmgmt - C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation)

TermService - C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation)

wuauserv - C:\WINDOWS\System32\wuauserv.dll - (Microsoft Corporation)

BITS - C:\WINDOWS\System32\qmgr.dll - (Microsoft Corporation)

ShellHWDetection - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)

helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)

uploadmgr - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)

 

======= End Net Services =========

 

 

 

 

========== SafeBoot-Minimal Settings ==========

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\

 

AppMgmt - %SystemRoot%\System32\appmgmts.dll - (Microsoft Corporation)

Base - Driver Group

Boot Bus Extender - Driver Group

Boot file system - Driver Group

CryptSvc - %SystemRoot%\System32\cryptsvc.dll - (Microsoft Corporation)

dmadmin - %SystemRoot%\System32\dmadmin.exe - (Microsoft Corp., Veritas Software)

dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys - (Microsoft Corp., Veritas Software)

dmio.sys - %SystemRoot%\System32\drivers\dmio.sys - (Microsoft Corp., Veritas Software)

dmload.sys - %SystemRoot%\System32\drivers\dmload.sys - (Microsoft Corp., Veritas Software.)

dmserver - %SystemRoot%\System32\dmserver.dll - (Microsoft Corp.)

EventLog - %SystemRoot%\system32\services.exe - (Microsoft Corporation)

File system - Driver Group

Filter - Driver Group

HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)

Netlogon - %SystemRoot%\System32\lsass.exe - (Microsoft Corporation)

PCI Configuration - Driver Group

PlugPlay - %SystemRoot%\system32\services.exe - (Microsoft Corporation)

PNP Filter - Driver Group

Primary disk - Driver Group

RpcSs - %SystemRoot%\system32\rpcss.dll - (Microsoft Corporation)

SCSI Class - Driver Group

sermouse.sys - Driver

sr.sys - %SystemRoot%\System32\DRIVERS\sr.sys - (Microsoft Corporation)

SRService - %SystemRoot%\System32\srsvc.dll - (Microsoft Corporation)

System Bus Extender - Driver Group

vga.sys - Driver

vgasave.sys - %SystemRoot%\System32\drivers\vga.sys - (Microsoft Corporation)

WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll - (Microsoft Corporation)

{36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

{4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

{4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

{4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

{4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

{4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

{4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

{4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

{4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

{4D36E97D-E325-11CE-BFC1-08002BE10318} - System

{4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

{71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

======= End SafeBoot-Minimal =========

 

 

 

========== SafeBoot-Network Settings ==========

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\

 

AFD - %SystemRoot%\System32\drivers\afd.sys - (Microsoft Corporation)

AppMgmt - %SystemRoot%\System32\appmgmts.dll - (Microsoft Corporation)

Base - Driver Group

Boot Bus Extender - Driver Group

Boot file system - Driver Group

Browser - %SystemRoot%\System32\browser.dll - (Microsoft Corporation)

CryptSvc - %SystemRoot%\System32\cryptsvc.dll - (Microsoft Corporation)

Dhcp - %SystemRoot%\System32\dhcpcsvc.dll - (Microsoft Corporation)

dmadmin - %SystemRoot%\System32\dmadmin.exe - (Microsoft Corp., Veritas Software)

dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys - (Microsoft Corp., Veritas Software)

dmio.sys - %SystemRoot%\System32\drivers\dmio.sys - (Microsoft Corp., Veritas Software)

dmload.sys - %SystemRoot%\System32\drivers\dmload.sys - (Microsoft Corp., Veritas Software.)

dmserver - %SystemRoot%\System32\dmserver.dll - (Microsoft Corp.)

DnsCache - %SystemRoot%\System32\dnsrslvr.dll - (Microsoft Corporation)

EventLog - %SystemRoot%\system32\services.exe - (Microsoft Corporation)

File system - Driver Group

Filter - Driver Group

HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)

LanmanServer - %SystemRoot%\System32\srvsvc.dll - (Microsoft Corporation)

LanmanWorkstation - %SystemRoot%\System32\wkssvc.dll - (Microsoft Corporation)

LmHosts - %SystemRoot%\System32\lmhsvc.dll - (Microsoft Corporation)

Messenger - %SystemRoot%\System32\msgsvc.dll - (Microsoft Corporation)

NDIS - %SystemRoot%\System32\drivers\ndis.sys - (Microsoft Corporation)

NDIS Wrapper - Driver Group

Ndisuio - %SystemRoot%\System32\DRIVERS\ndisuio.sys - (Microsoft Corporation)

NetBIOS - %SystemRoot%\System32\DRIVERS\netbios.sys - (Microsoft Corporation)

NetBIOSGroup - Driver Group

NetBT - %SystemRoot%\System32\DRIVERS\netbt.sys - (Microsoft Corporation)

NetDDEGroup - Driver Group

Netlogon - %SystemRoot%\System32\lsass.exe - (Microsoft Corporation)

NetMan - %SystemRoot%\System32\netman.dll - (Microsoft Corporation)

Network - Driver Group

NetworkProvider - Driver Group

NtLmSsp - %SystemRoot%\System32\lsass.exe - (Microsoft Corporation)

PCI Configuration - Driver Group

PlugPlay - %SystemRoot%\system32\services.exe - (Microsoft Corporation)

PNP Filter - Driver Group

PNP_TDI - Driver Group

Primary disk - Driver Group

rdpcdd.sys - %SystemRoot%\System32\DRIVERS\RDPCDD.sys - (Microsoft Corporation)

rdpdd.sys - %SystemRoot%\System32\rdpdd.dll - (Microsoft Corporation)

rdpwd.sys - %SystemRoot%\System32\drivers\rdpwd.sys - (Microsoft Corporation)

rdsessmgr - %SystemRoot%\system32\sessmgr.exe - (Microsoft Corporation)

RpcSs - %SystemRoot%\system32\rpcss.dll - (Microsoft Corporation)

SCSI Class - Driver Group

sermouse.sys - Driver

sr.sys - %SystemRoot%\System32\DRIVERS\sr.sys - (Microsoft Corporation)

SRService - %SystemRoot%\System32\srsvc.dll - (Microsoft Corporation)

Streams Drivers - Driver Group

System Bus Extender - Driver Group

Tcpip - %SystemRoot%\System32\DRIVERS\tcpip.sys - (Microsoft Corporation)

TDI - Driver Group

tdpipe.sys - %SystemRoot%\System32\drivers\tdpipe.sys - (Microsoft Corporation)

tdtcp.sys - %SystemRoot%\System32\drivers\tdtcp.sys - (Microsoft Corporation)

termservice - %SystemRoot%\System32\termsrv.dll - (Microsoft Corporation)

UploadMgr - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)

vga.sys - Driver

vgasave.sys - %SystemRoot%\System32\drivers\vga.sys - (Microsoft Corporation)

WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll - (Microsoft Corporation)

WZCSVC - %SystemRoot%\System32\wzcsvc.dll - (Microsoft Corporation)

{36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

{4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

{4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

{4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

{4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

{4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

{4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

{4D36E972-E325-11CE-BFC1-08002BE10318} - Net

{4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

{4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

{4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

{4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

{4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

{4D36E97D-E325-11CE-BFC1-08002BE10318} - System

{4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

{71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

======= End SafeBoot-Network =========

 

 

 

========== ActiveX Components ==========

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608500}: Microsoft VM

{08B0E5C0-4FCB-11CF-AAA5-00401C608555}: Internet Explorer Classes for Java

{10072CEC-8CC1-11D1-986E-00A0C955B42F}: Vector Graphics Rendering (VML)

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}: NetShow

{22d6f312-b0f6-11d0-94ab-0080c74c7e95}: Microsoft Windows Media Player 6.4

{283807B5-2C60-11D0-A31D-00AA00B92C03}: DirectAnimation

{2C7339CF-2B09-4501-B3F3-F3508C9228ED}: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

{306D6C21-C1B6-4629-986C-E59E1875B8AF}: "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

{36f8ec70-c29a-11d1-b5c7-0000f8051515}: Dynamic HTML Data Binding for Java

{3af36230-a269-11d1-b5bf-0000f8051515}: Offline Browsing Pack

{3bf42070-b3b1-11d1-b5c5-0000f8051515}: Uniscribe

{4278c270-a269-11d1-b5bf-0000f8051515}: Advanced Authoring

{44BBA840-CC51-11CF-AAFA-00AA00B6015C}: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

{44BBA842-CC51-11CF-AAFA-00AA00B6015B}: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

{44BBA848-CC51-11CF-AAFA-00AA00B6015C}: DirectShow

{44BBA855-CC51-11CF-AAFA-00AA00B6015C}: Microsoft DirectX

{44BBA855-CC51-11CF-AAFA-00AA00B6015F}: DirectDrawEx

{45ea75a0-a269-11d1-b5bf-0000f8051515}: Internet Explorer Help

{4f216970-c90c-11d1-b5c7-0000f8051515}: DirectAnimation Java Classes

{4f645220-306d-11d2-995d-00c04f98bbc9}: Microsoft Windows Script 5.6

{5945c046-1e7d-11d1-bc44-00c04fd912be}: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

{5A8D6EE0-3E18-11D0-821E-444553540000}: ICW

{5fd399c0-a70a-11d1-9948-00c04f98bbc9}: Internet Explorer Setup Tools

{630b1da0-b465-11d1-9948-00c04f98bbc9}: Browsing Enhancements

{6BF52A52-394A-11d3-B153-00C04F79FAA6}: Microsoft Windows Media Player 8

{6fab99d0-bab8-11d1-994a-00c04f98bbc9}: MSN Site Access

{7790769C-0471-11d2-AF11-00C04FA35D02}: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

{89820200-ECBD-11cf-8B85-00AA005B4340}: regsvr32.exe /s /n /i:U shell32.dll

{89820200-ECBD-11cf-8B85-00AA005B4383}: %SystemRoot%\system32\ie4uinit.exe

{9381D8F2-0288-11D0-9501-00AA00B911A5}: Dynamic HTML Data Binding

{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}:

{C9E9A340-D1F1-11D0-821E-444553540600}: Internet Explorer Core Fonts

{CC2A9BA0-3BDD-11D0-821E-444553540000}: Task Scheduler

{D27CDB6E-AE6D-11cf-96B8-444553540000}: Adobe Flash Player

{de5aed00-a4bf-11d1-9948-00c04f98bbc9}: HTML Help

{E92B03AB-B707-11d2-9CBD-0000F87A369E}: Active Directory Service Interface

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}: C:\WINDOWS\inf\unregmp2.exe /ShowWMP

>{26923b43-4d38-484f-9b9e-de460746276c}: %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

======= End ActiveX =========

 

 

< %systemroot%\System32\antiwpa.dll >

 

< %systemroot%\SYSTEM32\wpa.dll >

 

< %systemroot%\setup\scripts\biestart.exe >

 

< %systemroot%\system32\drivers\royal.sys >

 

< %systemroot%\system32\serauth1.dll >

 

< %systemroot%\system32\serauth2.dll >

 

< %systemroot%\system32\sysaudio.sys >

 

< %systemroot%\system32\wdmaud.sys >

 

< %systemroot%\system32\aeaudio.sys >

< End of report >

Share this post


Link to post
Share on other sites

OTListIt Extras logfile created on: 3/14/2009 12:58:09 PM - Run 1

OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\lution\Desktop

Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2800.1106)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

479.48 Mb Total Physical Memory | 186.11 Mb Available Physical Memory | 38.81% Memory free

1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.37% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 66.06 Gb Free Space | 88.65% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: BEN

Current User Name: lution

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger

"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena

"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver

"{B7DE6498-9764-4657-846F-832EE3E6718D}" = SpeedTouch USB

"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Cheat Engine 5.5_is1" = Cheat Engine 5.5

"HijackThis" = HijackThis 2.0.2

"PCSI" = Prevx CSI

"SpywareDetector_is1" = Spyware Detector

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Warcraft III" = Warcraft III: All Products

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 3/12/2009 8:05:54 AM | Computer Name = BEN | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

 

Error - 3/12/2009 8:05:54 AM | Computer Name = BEN | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

 

Error - 3/12/2009 11:05:26 AM | Computer Name = BEN | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

 

Error - 3/12/2009 11:05:26 AM | Computer Name = BEN | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

 

Error - 3/12/2009 12:16:04 PM | Computer Name = BEN | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting

module mshtml.dll, version 6.0.2800.1106, fault address 0x000a643a.

 

Error - 3/12/2009 12:17:40 PM | Computer Name = BEN | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting

module mshtml.dll, version 6.0.2800.1106, fault address 0x000a643a.

 

Error - 3/12/2009 11:31:41 PM | Computer Name = BEN | Source = Application Hang | ID = 1002

Description = Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 3/12/2009 11:33:22 PM | Computer Name = BEN | Source = Application Hang | ID = 1002

Description = Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 3/12/2009 11:35:35 PM | Computer Name = BEN | Source = Application Hang | ID = 1002

Description = Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 3/12/2009 11:56:17 PM | Computer Name = BEN | Source = Application Hang | ID = 1002

Description = Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

[ System Events ]

Error - 3/13/2009 10:21:49 AM | Computer Name = BEN | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

 

Error - 3/13/2009 11:02:59 AM | Computer Name = BEN | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

 

Error - 3/13/2009 11:02:59 AM | Computer Name = BEN | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

 

Error - 3/13/2009 1:13:47 PM | Computer Name = BEN | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

 

Error - 3/13/2009 1:13:47 PM | Computer Name = BEN | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

 

Error - 3/14/2009 12:54:12 AM | Computer Name = BEN | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

 

Error - 3/14/2009 12:54:12 AM | Computer Name = BEN | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

 

Error - 3/14/2009 12:54:12 AM | Computer Name = BEN | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

 

Error - 3/14/2009 12:54:23 AM | Computer Name = BEN | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

 

Error - 3/14/2009 12:54:23 AM | Computer Name = BEN | Source = NetBT | ID = 4311

Description = Initialization failed because the driver device could not be created.

 

 

< End of report >

Share this post


Link to post
Share on other sites

hello

 

Run OTList2.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
     
    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    [2009/03/12 23:19:36 | 00,295,424 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\dv61wu8x.exe
    [2009/03/12 21:10:36 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\jznqkbgw.exe
    [2009/03/12 21:10:35 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\aitk.exe
    [2009/03/12 19:07:46 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\bvth.exe
    [2009/03/12 19:07:45 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\dmmeyj.exe
    [2009/03/12 19:01:48 | 00,311,591 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\AntiRootkit.zip
    [2009/03/12 18:52:08 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\oqqsu.exe
    [2009/03/10 17:01:22 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\pqsx.exe
    [2009/03/10 17:01:20 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\ylorez.exe
    [2009/03/08 17:25:58 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\ktcj.exe
    [2009/03/08 17:25:56 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\uchm.exe
    [2009/03/08 09:12:18 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ueps.exe
    [2009/03/08 09:12:16 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\akcc.exe
    [2009/03/06 22:41:01 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tfnqojhd.exe
    [2009/03/05 00:23:22 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zlbeeit.exe
    [2009/03/05 00:23:21 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\fbcpkwfd.exe
    [2009/03/04 18:29:06 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\azojtee.exe
    [2009/03/04 18:29:03 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\uhfwiiaw.exe
    [2009/03/03 22:43:40 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\gepcenbw.exe
    [2009/03/03 22:43:40 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\mszot.exe
    [2009/03/03 20:29:17 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\unlfwsjz.exe
    [2009/03/03 20:29:17 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\iacfh.exe
    [2009/03/02 21:46:14 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\oisz.exe
    [2009/03/02 21:46:14 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\vcll.exe
    [2009/03/02 15:31:08 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\frwcn.exe
    [2009/03/02 15:31:08 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\dqlaok.exe
    [2009/03/01 23:45:22 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\txzmbpto.exe
    [2009/03/01 23:45:22 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\uuujkif.exe
    [2009/03/01 19:34:38 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\usbfafc.exe
    [2009/03/01 19:34:34 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\upmf.exe
    [2009/03/01 01:00:45 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\dmss.exe
    [2009/03/01 01:00:45 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\hiawvlyq.exe
    [2009/03/01 00:58:45 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\izpvx.exe
    [2009/03/01 00:58:45 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\rikreng.exe
    [2009/02/28 14:10:59 | 00,100,316 | ---- | C] () -- C:\WINDOWS\System32\inaa.exe
    [2009/02/28 14:10:50 | 00,100,316 | ---- | C] () -- C:\WINDOWS\System32\huuki.exe
    [2009/02/28 13:58:53 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\tvxxuub.exe
    [2009/02/28 13:53:53 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\udstqj.exe
    [2009/02/28 13:53:53 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\cgmsgp.exe
    [2009/02/28 00:45:52 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\xkaapmwi.exe
    [2009/02/27 20:35:59 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\qouxbnse.exe
    [2009/02/27 20:30:59 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\htyc.exe
    [2009/02/25 18:22:56 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\whxno.exe
    [2009/02/25 18:22:53 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\nzqtxjd.exe
    [2009/02/23 16:32:35 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\drhgu.exe
    [2009/02/23 14:50:41 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\giekv.exe
    [2009/02/22 17:55:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\mftjks.exe
    [2009/02/22 17:52:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\jogoi.exe
    [2009/02/22 16:03:38 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\xgpa.exe
    [2009/02/22 15:47:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\bgsuoti.exe
    [2009/02/22 12:24:12 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\nnocue.exe
    [2009/02/22 12:19:09 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\bcstu.exe
    [2009/02/21 23:18:10 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\odmepal.exe
    [2009/02/21 18:02:51 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\kcua.exe
    [2009/02/21 16:19:16 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\vrcrz.exe
    [2009/02/21 16:19:16 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\nudz.exe
    [2009/02/17 22:44:33 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\qfwwmu.exe
    [2009/02/17 22:26:32 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\gkzb.exe
    [2009/02/16 20:46:23 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tuhyi.exe
    [2009/02/16 20:41:20 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ofrvwln.exe
    [2009/02/16 13:56:01 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ipeafcrw.exe
    [2009/02/16 13:53:57 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\sojtijpr.exe
    [2009/02/16 00:36:48 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\rjgg.exe
    [2009/02/16 00:30:07 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\edfxi.exe
    [2009/02/15 22:55:48 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zlbcsu.exe
    [2009/02/15 22:46:43 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zcdcitpk.exe
    [2009/02/15 20:34:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tanog.exe
    [2009/02/15 12:21:05 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tkqkuu.exe
    [2009/02/15 12:14:07 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\suhpox.exe
    [2009/02/14 23:45:29 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\oiqofma.exe
    [2009/02/14 23:42:37 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tlcgnp.exe
    [2009/02/14 23:09:57 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\pbhuv.exe
    [2009/02/14 23:09:57 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\hvozx.exe
    [2009/02/14 22:31:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zmkh.exe
    [2009/02/14 22:31:25 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ksemxfz.exe
    [2009/02/14 22:12:13 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\riakz.exe
    [2009/02/14 22:00:09 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\gqfnkupb.exe
    [2009/02/14 12:49:19 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\jgrfyymm.exe
    [2009/02/14 12:40:18 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ofeooexk.exe
    [2009/02/14 00:28:21 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ztuao.exe
    [2009/02/13 23:24:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ddwhwau.exe
    [2009/02/13 12:29:02 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\egoftpth.exe
    [2009/02/13 12:27:01 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zftohst.exe
    [2009/02/13 10:48:07 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zzytlnc.exe
    [2009/02/13 10:38:16 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\rgrnitmt.exe
    [2009/02/12 22:28:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\cwik.exe
    [2009/02/12 22:16:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\hzgg.exe
    [2009/02/12 20:44:27 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\lvovkj.exe
    [2009/02/12 20:35:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\msdejefu.exe
    [2009/02/12 20:17:30 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\lbgr.exe
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


     

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

Share this post


Link to post
Share on other sites

hi here the report.

 

OTListIt logfile created on: 3/15/2009 12:48:06 PM - Run 4

OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\lution\Desktop

Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2800.1106)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

479.48 Mb Total Physical Memory | 187.94 Mb Available Physical Memory | 39.20% Memory free

1.10 Gb Paging File | 0.85 Gb Available in Paging File | 77.75% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 66.24 Gb Free Space | 88.88% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: BEN

Current User Name: lution

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

 

========== Processes (SafeList) ==========

 

PRC - C:\Program Files\Prevx\prevx.exe (Prevx)

PRC - C:\Program Files\SpywareDetector\SDMainService.exe (Max Secure Software )

PRC - C:\Program Files\SpywareDetector\SDService.exe (Max Secure Software )

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

PRC - C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (Alcatel Bell)

PRC - C:\Program Files\SpywareDetector\SDActiveMonitor.exe (Max Secure Software Pvt. Ltd.)

PRC - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)

PRC - C:\Program Files\Prevx\prevx.exe (Prevx)

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\lution\Desktop\OTListIt2.exe (OldTimer Tools)

 

========== Win32 Services (SafeList) ==========

 

SRV - (CSIScanner [Auto | Running]) -- C:\Program Files\Prevx\prevx.exe (Prevx)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (SDMainSvc [Auto | Running]) -- C:\Program Files\SpywareDetector\SDMainService.exe (Max Secure Software )

SRV - (SDService [Auto | Running]) -- C:\Program Files\SpywareDetector\SDService.exe (Max Secure Software )

SRV - (uploadmgr [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (WmdmPmSp [Auto | Running]) -- C:\WINDOWS\System32\mspmspsv.dll (Microsoft Corporation)

 

========== Driver Services (SafeList) ==========

 

DRV - (alcan5wn [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys (Alcatel Bell)

DRV - (alcaudsl [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys (Alcatel Bell)

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)

DRV - (pavboot [boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (pxscan [boot | Running]) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)

DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )

DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation )

DRV - (SDManager [system | Running]) -- C:\Program Files\SpywareDetector\SDManager.sys (Max Secure Software Pvt. Ltd.)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 NtKrnlpa.info

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [sDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO (Max Secure Software Pvt. Ltd.)

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon (Alcatel Bell)

O4 - HKCU..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe File not found

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()

O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {3253534D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/3...980/wms9dmo.cab (Reg Error: Key error.)

O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found

O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found

O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\SpywareDetector\SDNotify.dll - C:\Program Files\SpywareDetector\SDNotify.dll (Max Secure Software)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[2 C:\WINDOWS\*.tmp files]

[2009/03/15 12:42:50 | 00,000,000 | ---D | C] -- C:\_OTListIt

[2009/03/14 12:56:13 | 00,505,344 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lution\Desktop\OTListIt2.exe

[2009/03/13 11:18:37 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/03/13 11:18:30 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Rooter.exe

[2009/03/12 20:03:34 | 00,000,000 | ---D | C] -- C:\SDFix

[2009/03/12 20:03:13 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\SDFix.exe

[2009/03/12 19:56:25 | 00,000,000 | ---D | C] -- C:\Lop SD

[2009/03/12 19:56:08 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\LopSD.exe

[2009/03/12 19:54:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2009/03/12 19:54:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/03/12 19:54:46 | 01,561,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lution\Desktop\MGADiag.exe

[2009/03/12 19:46:49 | 00,000,000 | ---D | C] -- C:\ERDNT

[2009/03/12 19:46:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009/03/12 19:46:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/03/12 19:46:41 | 00,000,000 | ---D | C] -- C:\!FixIEDef

[2009/03/12 19:46:28 | 01,130,036 | ---- | C] (Malwareteks.com) -- C:\Documents and Settings\lution\Desktop\FixIEDef.exe

[2009/03/12 19:12:50 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2009/03/12 19:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2009/03/12 19:12:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\HijackThis.lnk

[2009/03/12 19:12:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/03/12 19:11:28 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\lution\Desktop\HJTInstall.exe

[2009/03/01 19:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lution\Local Settings\Application Data\Identities

[2009/02/28 00:47:39 | 00,045,053 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 4.jpg

[2009/02/28 00:28:52 | 00,017,860 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 3.jpg

[2009/02/28 00:28:30 | 00,021,239 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 2.jpg

[2009/02/28 00:28:20 | 00,023,240 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 1.jpg

[2009/02/25 18:27:01 | 70,664,752 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\lution\Desktop\avg_avwt_stf_all_8_237a1428.exe

[2009/02/22 17:54:11 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll

[2009/02/22 17:54:11 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll

[2009/02/22 17:54:10 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex

[2009/02/22 17:54:10 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex

[2009/02/22 17:54:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll

[2009/02/22 17:54:10 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll

[2009/02/22 17:54:10 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn

[2009/02/22 17:54:10 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor

[2009/02/22 17:54:01 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl

[2009/02/22 17:54:01 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab

[2009/02/22 17:54:01 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl

[2009/02/22 17:54:01 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl

[2009/02/22 17:54:01 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl

[2009/02/22 17:54:01 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl

[2009/02/22 17:54:01 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab

[2009/02/22 17:54:01 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl

[2009/02/22 17:54:01 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl

[2009/02/22 17:54:01 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl

[2009/02/22 17:54:01 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl

[2009/02/22 17:54:01 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl

[2009/02/22 17:54:00 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls

[2009/02/22 17:54:00 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls

[2009/02/22 17:54:00 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls

[2009/02/22 17:54:00 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl

[2009/02/22 17:54:00 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl

[2009/02/22 17:54:00 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP

[2009/02/22 17:54:00 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP

[2009/02/22 17:54:00 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl

[2009/02/22 17:53:55 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB

[2009/02/22 17:53:55 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB

[2009/02/22 17:53:55 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB

[2009/02/22 17:53:55 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll

[2009/02/22 17:53:55 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls

[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME

[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME

[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME

[2009/02/22 17:53:55 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls

[2009/02/22 17:53:55 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls

[2009/02/22 17:53:55 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME

[2009/02/22 17:53:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll

[2009/02/22 17:53:47 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls

[2009/02/22 17:53:46 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls

[2009/02/22 17:53:46 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls

[2009/02/22 17:53:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll

[2009/02/22 17:53:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll

[2009/02/22 17:53:45 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec.dll

[2009/02/22 17:53:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll

[2009/02/22 17:53:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll

[2009/02/22 17:53:45 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll

[2009/02/22 17:53:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll

[2009/02/22 17:53:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll

[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll

[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll

[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll

[2009/02/22 17:53:25 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll

[2009/02/22 17:53:24 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls

[2009/02/22 17:53:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls

[2009/02/22 17:53:24 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls

[2009/02/22 17:53:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls

[2009/02/22 17:53:24 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls

[2009/02/22 17:53:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls

[2009/02/22 17:53:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls

[2009/02/22 17:53:24 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls

[2009/02/22 17:53:23 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME

[2009/02/22 17:53:22 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME

[2009/02/22 17:53:22 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime

[2009/02/22 17:53:22 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime

[2009/02/22 17:53:22 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime

[2009/02/22 17:53:22 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime

[2009/02/22 17:53:22 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll

[2009/02/22 17:53:22 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime

[2009/02/22 17:53:22 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime

[2009/02/22 17:53:22 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime

[2009/02/22 17:53:22 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl

[2009/02/22 17:53:21 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime

[2009/02/22 17:53:17 | 00,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME

[2009/02/22 17:53:17 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imekr61.ime

[2009/02/22 17:53:16 | 00,827,438 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll

[2009/02/22 17:53:16 | 00,340,013 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime

[2009/02/22 17:52:32 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll

[2009/02/22 17:52:32 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll

[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll

[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll

[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll

[2009/02/22 17:52:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll

[2009/02/21 18:26:32 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\YouTube Downloader.lnk

[2009/02/21 18:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader

[2009/02/21 18:26:20 | 05,637,845 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\youtubedownloader.exe

[2009/02/16 22:22:30 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Cheat Engine.lnk

[2009/02/16 22:22:29 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2009/02/16 22:22:29 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll

[2009/02/16 22:22:28 | 00,000,000 | ---D | C] -- C:\Program Files\Cheat Engine

[2009/02/15 00:05:02 | 00,022,536 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys

[2009/02/15 00:05:01 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx

[2009/02/15 00:04:58 | 00,000,065 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/02/15 00:04:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[2 C:\WINDOWS\*.tmp files]

[2009/03/15 12:49:06 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\lution\My Documents\My Sharing Folders.lnk

[2009/03/15 12:44:47 | 00,000,063 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll

[2009/03/15 12:44:46 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/03/15 12:44:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/03/15 12:44:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/03/14 13:20:45 | 03,222,252 | -H-- | M] () -- C:\Documents and Settings\lution\Local Settings\Application Data\IconCache.db

[2009/03/14 12:56:18 | 00,505,344 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lution\Desktop\OTListIt2.exe

[2009/03/13 11:18:34 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Rooter.exe

[2009/03/12 23:49:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/03/12 23:13:35 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/03/12 23:13:35 | 00,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/03/12 23:13:35 | 00,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/03/12 20:03:21 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\SDFix.exe

[2009/03/12 19:56:20 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\LopSD.exe

[2009/03/12 19:54:50 | 01,561,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lution\Desktop\MGADiag.exe

[2009/03/12 19:46:34 | 01,130,036 | ---- | M] (Malwareteks.com) -- C:\Documents and Settings\lution\Desktop\FixIEDef.exe

[2009/03/12 19:12:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\HijackThis.lnk

[2009/03/12 19:11:35 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\lution\Desktop\HJTInstall.exe

[2009/03/12 19:06:32 | 00,000,532 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/03/06 21:55:37 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2009/03/04 19:26:01 | 00,022,536 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys

[2009/03/04 19:25:57 | 00,000,065 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2009/02/28 00:47:31 | 00,045,053 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 4.jpg

[2009/02/28 00:21:18 | 00,017,860 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 3.jpg

[2009/02/28 00:20:40 | 00,023,240 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 1.jpg

[2009/02/28 00:20:40 | 00,021,239 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 2.jpg

[2009/02/25 18:27:00 | 70,664,752 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\lution\Desktop\avg_avwt_stf_all_8_237a1428.exe

[2009/02/23 14:48:48 | 00,095,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/02/21 18:26:32 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\YouTube Downloader.lnk

[2009/02/21 18:26:20 | 05,637,845 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\youtubedownloader.exe

[2009/02/16 22:22:30 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Cheat Engine.lnk

< End of report >

Share this post


Link to post
Share on other sites

hello

 

Run OTList2.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
     
    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


     

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

 

 

Download Flash_Disinfector.exe from here and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
     
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

 

 

Please download ATF Cleaner by Atribune.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

 

 

 

 

Please download Malwarebytes' Anti-Malware from Here or Here

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

 

 

 

 

 

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Share this post


Link to post
Share on other sites

hi here mbam log.

 

Malwarebytes' Anti-Malware 1.34

Database version: 1854

Windows 5.1.2600 Service Pack 1

 

3/16/2009 8:45:17 PM

mbam-log-2009-03-16 (20-45-17).txt

 

Scan type: Quick Scan

Objects scanned: 54954

Time elapsed: 6 minute(s), 7 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Files Infected:

C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, March 16, 2009

Operating System: Microsoft Windows XP Professional Service Pack 1 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, March 16, 2009 14:09:03

Records in database: 1916188

 

 

Scan settings

Scan using the following database extended

Scan archives yes

Scan mail databases yes

 

Scan area My Computer

A:\

C:\

D:\

 

Scan statistics

Files scanned 17433

Threat name 0

Infected objects 0

Suspicious objects 0

Duration of the scan 00:23:55

 

No malware has been detected. The scan area is clean.

The selected area was scanned.

Share this post


Link to post
Share on other sites

hello

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
     
     
  • Double click on ComboFix.exe & follow the prompts.
     
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

RcAuto1.gif

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

whatnext.png

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Share this post


Link to post
Share on other sites

hi here the logfile.

 

ComboFix 09-03-15.01 - lution 2009-03-17 12:02:23.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.479.163 [GMT 8:00]

Running from: c:\documents and settings\lution\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\spoolsv.exe . . . is infected!!

 

c:\windows\explorer.exe . . . is infected!!

 

.

((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))

.

 

2009-03-17 11:58 . 2009-03-17 11:58 <DIR> d-------- c:\windows\LastGood

2009-03-16 20:58 . 2009-03-16 20:58 <DIR> d-------- c:\windows\Sun

2009-03-16 20:57 . 2009-03-16 20:57 <DIR> d-------- c:\program files\Java

2009-03-16 20:57 . 2009-03-16 20:57 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-16 20:57 . 2009-03-16 20:57 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-16 20:36 . 2009-03-16 20:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-16 20:36 . 2009-03-16 20:36 <DIR> d-------- c:\documents and settings\lution\Application Data\Malwarebytes

2009-03-16 20:36 . 2009-03-16 20:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-16 20:36 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-16 20:36 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-15 13:32 . 2009-03-15 13:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

2009-03-15 13:22 . 2009-03-17 11:58 <DIR> d-------- c:\program files\ESET

2009-03-15 12:42 . 2009-03-15 12:42 <DIR> d-------- C:\_OTListIt

2009-03-13 11:18 . 2009-03-15 13:46 <DIR> d-------- C:\Rooter$

2009-03-12 20:03 . 2009-03-15 13:46 <DIR> d-------- C:\SDFix

2009-03-12 19:56 . 2009-03-15 13:43 <DIR> d-------- C:\Lop SD

2009-03-12 19:54 . 2009-03-12 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-03-12 19:46 . 2009-03-15 13:49 <DIR> d-------- c:\windows\ERUNT

2009-03-12 19:46 . 2009-03-12 19:46 <DIR> d-------- C:\ERDNT

2009-03-12 19:46 . 2009-03-12 19:46 <DIR> d-------- C:\!FixIEDef

2009-03-12 19:12 . 2009-03-12 19:12 <DIR> d-------- c:\program files\Trend Micro

2009-03-12 19:12 . 2009-03-17 11:59 <DIR> d-------- c:\program files\Panda Security

2009-02-22 17:53 . 2002-11-25 20:44 1,783,864 --a------ c:\windows\system32\WINPY.MB

2009-02-22 17:52 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll

2009-02-22 17:52 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll

2009-02-22 17:52 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd106.dll

2009-02-22 17:52 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll

2009-02-22 17:52 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll

2009-02-22 17:52 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll

2009-02-21 18:26 . 2009-03-15 13:46 <DIR> d-------- c:\program files\YouTube Downloader

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-16 14:52 --------- d-----w c:\program files\Cheat Engine

2009-03-16 14:34 --------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI

2009-03-15 05:45 --------- d-----w c:\program files\Warcraft III

2009-03-15 05:44 --------- d-----w c:\program files\Garena

2009-03-15 05:43 --------- d-----w c:\program files\AvRack

2009-03-15 05:43 --------- d-----w c:\program files\Alcatel

2009-03-04 11:26 22,536 ----a-w c:\windows\system32\drivers\pxscan.sys

2009-02-14 16:05 --------- d-----w c:\program files\Prevx

2009-02-08 09:33 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-08 09:33 --------- d-----w c:\documents and settings\lution\Application Data\InstallShield

2009-02-08 08:14 --------- d-----w c:\program files\SpywareDetector

2009-02-08 07:55 2,829 ----a-w c:\windows\War3Unin.pif

2009-02-08 07:55 139,264 ----a-w c:\windows\War3Unin.exe

2009-02-08 07:33 --------- d-----w c:\program files\Real

2009-02-08 07:33 --------- d-----w c:\program files\MSN Messenger

2009-02-08 07:17 --------- d-----w c:\program files\Intel

2009-02-08 07:15 --------- d-----w c:\program files\Realtek Sound Manager

2009-02-08 07:14 --------- d-----w c:\program files\Common Files\InstallShield

2009-02-08 07:07 --------- d-----w c:\program files\microsoft frontpage

2009-02-08 07:06 558,142 ----a-w c:\windows\java\Packages\JJJDVDZV.ZIP

2009-02-08 07:06 155,995 ----a-w c:\windows\java\Packages\GNZPN35R.ZIP

2009-01-08 03:20 1,060,864 ----a-w c:\windows\system32\CheckDll.dll

2009-01-07 09:20 13,776 ----a-w c:\windows\system32\SDEarlyDelete.exe

.

 

------- Sigcheck -------

 

2002-08-29 18:41 1004032 2ff37c053c7c76a6a8e369836278e944 c:\windows\EXPLORER.EXE

2002-08-29 18:41 1004032 2ff37c053c7c76a6a8e369836278e944 c:\windows\system32\dllcache\explorer.exe

 

2002-08-29 18:41 13312 03543d06398c22667718cc62879af622 c:\windows\system32\ctfmon.exe

2002-08-29 18:41 13312 03543d06398c22667718cc62879af622 c:\windows\system32\dllcache\ctfmon.exe

 

2002-11-25 20:45 58368 79afca5caece28db9c1fef5769e46f73 c:\windows\system32\spoolsv.exe

2002-11-25 20:45 51200 6d20bd8885992257605a0fa200466c2c c:\windows\system32\dllcache\spoolsv.exe

 

2002-08-29 18:41 22016 870aee4f38f7a0f30e31b836003b6de3 c:\windows\system32\userinit.exe

2002-08-29 18:41 22016 870aee4f38f7a0f30e31b836003b6de3 c:\windows\system32\dllcache\userinit.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2002-08-20 1511424]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-11-02 155648]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-11-02 126976]

"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]

"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [2009-01-07 1364944]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-16 148888]

"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]

2008-12-01 11:15 475136 c:\program files\SpywareDetector\SDNotify.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

 

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-15 22536]

R1 SDManager;SDManager;c:\program files\SpywareDetector\SDManager.sys [2009-02-08 13696]

R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-15 4150840]

R2 SDMainSvc;SDMainSvc;c:\program files\SpywareDetector\SDMainService.exe [2009-02-08 923088]

R2 SDService;SDService;c:\program files\SpywareDetector\SDService.exe [2009-02-08 1713616]

R4 ehdrv;ehdrv;c:\windows\System32\DRIVERS\ehdrv.sys --> c:\windows\System32\DRIVERS\ehdrv.sys [?]

R4 epfwtdir;epfwtdir;c:\windows\System32\DRIVERS\epfwtdir.sys --> c:\windows\System32\DRIVERS\epfwtdir.sys [?]

.

.

------- Supplementary Scan -------

.

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

TCP: {479B98CF-D2BB-4570-8FF9-761A80B3913E} = 165.21.100.88 165.21.83.88

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://www.eset.com.sg/softdown/files/OnlineScanner.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-17 12:04:04

Windows 5.1.2600 Service Pack 1 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(576)

c:\windows\System32\ODBC32.dll

c:\windows\System32\msctfime.ime

c:\program files\SpywareDetector\SDNotify.dll

 

- - - - - - - > 'lsass.exe'(632)

c:\windows\System32\dssenh.dll

.

Completion time: 2009-03-17 12:04:50

ComboFix-quarantined-files.txt 2009-03-17 04:04:49

 

Pre-Run: 69,436,956,672 bytes free

Post-Run: 69,641,543,680 bytes free

 

winxpsp1_en_pro_bf.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

 

147

Share this post


Link to post
Share on other sites

hello

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\spoolsv.exe

    [*]Click on the Upload button

    [*]If a pop-up appears saying the file has been scanned already, please select the ReScan button.

    [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

    [*]Paste the contents of the Clipboard in your next reply.

Repeat it for this file

 

c:\windows\explorer.exe

Share this post


Link to post
Share on other sites

hi here the report.

 

VirSCAN.org Scanned Report :

Scanned time : 2009/03/19 19:17:34 (SGT)

Scanner results: 89% Scanner(33/37) found malware!

File Name : spoolsv.exe

File Size : 58368 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 79afca5caece28db9c1fef5769e46f73

SHA1 : 8c13200b9d5fdde7b84d58e85afeda7c06c657c3

Online report : http://virscan.org/report/fcf289bc24902cdd...de34c8d3c8.html

 

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.0.0.32 20090318163345 2009-03-18 2.48 Virus.Win32.Virut.av!IK

AhnLab V3 2009.03.19.03 2009.03.19 2009-03-19 1.08 Win32/Virut.B

AntiVir 7.9.0.120 7.1.2.190 2009-03-19 1.97 W32/Virut.AX

Antiy 2.0.18 20090319.2221056 2009-03-19 0.12 -

Authentium 5.1.1 200903182337 2009-03-18 1.10 W32/Virut.7116 (Possible)

AVAST! 3.0.1 090318-0 2009-03-18 0.88 Win32:Virtob

AVG 7.5.52.442 270.11.15/2004 2009-03-16 2.37 -

BitDefender 7.81008.2799669 7.24289 2009-03-19 2.60 Win32.Virtob.8.Gen

CA (VET) 9.0.0.143 31.6.6405 2009-03-19 6.66 Win32/Virut.7115 virus.

ClamAV 0.94.2 9135 2009-03-19 0.02 W32.Virut-17

Comodo 3.8 1066 2009-03-18 0.75 -

CP Secure 1.1.0.715 2009.03.19 2009-03-19 7.43 W32.Virut.av

Dr.Web 4.44.0.9170 2009.03.19 2009-03-19 4.27 Win32.Virut.30

F-Prot 4.4.4.56 20090318 2009-03-18 1.09 W32/Virut.7116

F-Secure 5.51.6100 2009.03.19.07 2009-03-19 4.91 Virus.Win32.Virut.av [AVP]

Fortinet 2.81-3.117 10.175 2009-03-18 0.18 W32/Virut.AV

GData 19.4070/19.267 20090319 2009-03-19 3.70 Virus.Win32.Virut.av [Engine:A]

ViRobot 20090318 2009.03.18 2009-03-18 0.41 Win32.Virut.S

Ikarus T3.1.01.48 2009.03.19.72447 2009-03-19 3.90 Virus.Win32.Virut.av

JiangMin 11.0.706 2009.03.19 2009-03-19 1.74 Win32/Virut.af

Kaspersky 5.5.10 2009.03.19 2009-03-19 0.04 Virus.Win32.Virut.av

KingSoft 2009.2.5.15 2009.3.19.14 2009-03-19 0.60 Win32.Virut.ar.40960

McAfee 5.3.00 5557 2009-03-18 2.67 W32/Virut.gen.a

Microsoft 1.4502 2009.03.19 2009-03-19 4.88 Virus:Win32/Virut.AC

mks_vir 2.01 2009.03.19 2009-03-19 2.79 -

Norman 6.00.06 6.00.00 2009-03-18 8.01 W32/Virut.AG

Panda 9.05.01 2009.03.19 2009-03-19 1.63 W32/Virutas.FG

Trend Micro 8.700-1004 5.904.04 2009-03-18 0.02 PE_VIRUT.AV

Quick Heal 10.00 2009.03.19 2009-03-19 0.95 W32.Virut.Z

Rising 20.0 21.21.32.00 2009-03-19 0.94 Win32.Virut.an

Sophos 2.84.1 4.39 2009-03-19 2.11 W32/Virut-W

Sunbelt 5049 5049 2009-03-18 0.90 Win32.Virut.av (v)

Symantec 1.3.0.24 20090318.006 2009-03-18 0.17 W32.Virut.W

nProtect 20090319.01 3349088 2009-03-19 4.49 Virus/W32.Virut.K

The Hacker 6.3.2.7 v00285 2009-03-19 0.64 W32/Virut.av

VBA32 3.12.10.1 20090318.1617 2009-03-18 1.62 Virus.Win32.Virut.2

VirusBuster 4.5.11.10 10.102.14/982681 2009-03-18 1.23 Win32.Virut.Gen.4

Share this post


Link to post
Share on other sites

hi here another report.

 

VirSCAN.org Scanned Report :

Scanned time : 2009/03/19 19:27:46 (SGT)

Scanner results: 3% Scanner(1/37) found malware!

File Name : explorer.exe

File Size : 1004032 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 2ff37c053c7c76a6a8e369836278e944

SHA1 : f1a28771c8e6e0b98ef9c80d38b4299623f0990c

Online report : http://virscan.org/report/cfbf52e25f71f05b...b8d714bfd1.html

 

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.0.0.32 20090318163345 2009-03-18 3.80 -

AhnLab V3 2009.03.19.03 2009.03.19 2009-03-19 2.44 -

AntiVir 7.9.0.120 7.1.2.190 2009-03-19 1.99 -

Antiy 2.0.18 20090319.2221056 2009-03-19 0.12 -

Authentium 5.1.1 200903182337 2009-03-18 2.56 -

AVAST! 3.0.1 090318-0 2009-03-18 0.93 -

AVG 7.5.52.442 270.11.15/2004 2009-03-16 2.52 -

BitDefender 7.81008.2799669 7.24289 2009-03-19 2.61 -

CA (VET) 9.0.0.143 31.6.6405 2009-03-19 10.06 -

ClamAV 0.94.2 9135 2009-03-19 0.17 -

Comodo 3.8 1066 2009-03-18 0.80 -

CP Secure 1.1.0.715 2009.03.19 2009-03-19 7.68 -

Dr.Web 4.44.0.9170 2009.03.19 2009-03-19 4.55 -

F-Prot 4.4.4.56 20090318 2009-03-18 1.09 W32/Patched.E.gen!Eldorado (generic, not disinfectable)

F-Secure 5.51.6100 2009.03.19.07 2009-03-19 0.07 -

Fortinet 2.81-3.117 10.175 2009-03-18 0.26 -

GData 19.4070/19.267 20090319 2009-03-19 3.63 -

ViRobot 20090318 2009.03.18 2009-03-18 0.99 -

Ikarus T3.1.01.48 2009.03.19.72447 2009-03-19 4.08 -

JiangMin 11.0.706 2009.03.19 2009-03-19 1.67 -

Kaspersky 5.5.10 2009.03.19 2009-03-19 0.05 -

KingSoft 2009.2.5.15 2009.3.19.14 2009-03-19 0.91 -

McAfee 5.3.00 5557 2009-03-18 2.76 -

Microsoft 1.4502 2009.03.19 2009-03-19 4.10 -

mks_vir 2.01 2009.03.19 2009-03-19 2.74 -

Norman 6.00.06 6.00.00 2009-03-18 8.01 -

Panda 9.05.01 2009.03.19 2009-03-19 2.13 -

Trend Micro 8.700-1004 5.904.04 2009-03-18 0.05 -

Quick Heal 10.00 2009.03.19 2009-03-19 1.26 -

Rising 20.0 21.21.32.00 2009-03-19 1.06 -

Sophos 2.84.1 4.39 2009-03-19 2.17 -

Sunbelt 5049 5049 2009-03-18 0.70 -

Symantec 1.3.0.24 20090318.006 2009-03-18 0.33 -

nProtect 20090319.01 3349088 2009-03-19 4.11 -

The Hacker 6.3.2.7 v00285 2009-03-19 0.57 -

VBA32 3.12.10.1 20090318.1617 2009-03-18 1.74 -

VirusBuster 4.5.11.10 10.102.14/982681 2009-03-18 1.47 -

Share this post


Link to post
Share on other sites

hello

 

You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

 

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

  • Backup all your documents and important items only.
  • DO NOT backup any executable files (,exe .scr .html or .htm)
  • Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files
  • Reformat and Reinstall as outlined HERE

 

I suggest you do the following immediately:

  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Share this post


Link to post
Share on other sites

hi, do i need to call up my internet provider to change the passwords as well? Beacause i'm planning to change to wireless connection but will it be infected again after i changed my passwords for internet provider?

how about connecting to internet using a new com, will i get infected now?

Do i still need to do a scan on my com after i reformat?

sry for asking so much questions. And thanks alots for ur help all this while.

Appreciated with your great helps ;)

Share this post


Link to post
Share on other sites

Wouldn't hurt to call them up and change them to be safe

 

No to your other questions. Once you format everything will be fine

Share this post


Link to post
Share on other sites

i just reformatted my com.. now my com is free from virus.

i found out that the previous time when i reformat i didn't delete my old file

rather i overwrite it therefore the virus is still there... but after following the guide it did helps.

Thanks so much for the guideline and helps. I think this thread can be closed.

i already upgrade to XPservice pack2 and install anti virus hope it helps. thanks again.

:)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0