Jump to content


Photo

infected with vpanele.com virus


  • This topic is locked This topic is locked
25 replies to this topic

#1 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 12 March 2009 - 12:26 PM

hi all,

Im currently infected with this virus vpanele.com. I can't get rid of it even i reformat my com. Anyone could be able to help regarding this? Currently no anti virus in my com. Below are my Hjackthis logfile. Hopefully anyone can help me regarding this. Even my inet speed is slow and sometime total bytes i receive/send can shoot up to 100million bytes even when i'm not downloading anything. thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:53 PM, on 3/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\SpywareDetector\SDMainService.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\winIogon.exe
C:\WINDOWS\System32\firewall.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\RunServices: [Paner vPanle] vPanele.com
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{479B98CF-D2BB-4570-8FF9-761A80B3913E}: NameServer = 165.21.100.88 165.21.83.88
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: SDMainSvc - Max Secure Software - C:\Program Files\SpywareDetector\SDMainService.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

--
End of file - 3157 bytes

#2 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 12 March 2009 - 02:35 PM

hello

Please run the MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#3 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 12 March 2009 - 02:58 PM

Hi here are the report.


Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-YHPQ4-QRV3H-C4MRQ
Windows Product Key Hash: dIS7tSBd7QhjgaeUohwDWQG1vrg=
Windows Product ID: 55274-640-1767777-23165
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.1.0.pro
ID: {E54FE9E3-DF5D-486D-8B26-1521921D2716}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E54FE9E3-DF5D-486D-8B26-1521921D2716}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010100.1.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-C4MRQ</PKey><PID>55274-640-1767777-23165</PID><PIDType>1</PIDType><SID>S-1-5-21-1275210071-1708537768-839522115</SID><SYSTEM><Manufacturer>GBT___</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F1</Version><SMBIOSVersion major="2" minor="3"/><Date>20051027******.******+***</Date></BIOS><HWID>78A533470184405D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP|13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP|13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

#4 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 12 March 2009 - 03:43 PM

I just did a scan with PandaActive Scan 2.0 online scanning and they found Trj/Buzus.AH, W32/Virutas.FG, Generic Malware ,Trj/Downloader.MDW.

Cookie/Atlas DMT - C:\Documents and Settings\lution\Cookies\lution@atdmt[2].txt
Cookie/Doubleclick - C:\Documents and Settings\lution\Cookies\lution@doubleclick[2].txt

Under Vulnerabilities all these, not sure got any big threat.

MS06-025
MS06-018
MS06-013
MS06-046
MS06-011
MS05-052
MS06-057
MS06-045
MS05-053
MS05-051
MS06-022
MS05-050
MS06-053
MS06-021
MS06-008
MS06-052
MS06-042
MS06-007
MS06-041
MS06-006
MS06-001
MS06-040
MS05-054
MS06-055
MS06-032
MS06-065
MS05-049
MS06-064
MS06-051
MS06-030
MS06-063
MS06-050
MS06-036
MS06-015
MS06-035
MS06-002

And i got another question here, whether if i bought a new com, will i still get infected using the current internet boardband provider? Because i discover that they been stealing my internet speed thus causing my com to slow down when on net.
thanks.

#5 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 12 March 2009 - 04:35 PM

you need to validate your windows before we can help

http://www.microsoft...rs/Details.aspx
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#6 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 12 March 2009 - 04:42 PM

Hi i completed my validation for my windows.

Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-YHPQ4-QRV3H-C4MRQ
Windows Product Key Hash: dIS7tSBd7QhjgaeUohwDWQG1vrg=
Windows Product ID: 55274-640-1767777-23165
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.1.0.pro
ID: {E54FE9E3-DF5D-486D-8B26-1521921D2716}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 1.6.28.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E54FE9E3-DF5D-486D-8B26-1521921D2716}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010100.1.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-C4MRQ</PKey><PID>55274-640-1767777-23165</PID><PIDType>1</PIDType><SID>S-1-5-21-1275210071-1708537768-839522115</SID><SYSTEM><Manufacturer>GBT___</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F1</Version><SMBIOSVersion major="2" minor="3"/><Date>20051027******.******+***</Date></BIOS><HWID>78A533470184405D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP|13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP|13D90:SYNNEX TECHNOLOGY INTERNATIONAL CORP
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

#7 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 12 March 2009 - 08:14 PM

hello

Download Rooter.exe to your desktop
  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#8 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 13 March 2009 - 04:23 AM

hi here the report.

Microsoft Windows XP Professional (5.1.2600) Service Pack 1

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:76308 Mo/Free:2993 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Fri 03/13/2009|11:18

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Prevx\prevx.exe
---------- C:\Program Files\SpywareDetector\SDMainService.exe
---------- C:\Program Files\SpywareDetector\SDService.exe
---------- C:\Program Files\Prevx\prevx.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\WINDOWS\System32\igfxtray.exe
---------- C:\WINDOWS\System32\hkcmd.exe
---------- C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
---------- C:\Program Files\SpywareDetector\SDActiveMonitor.exe
---------- C:\Program Files\MSN Messenger\MsnMsgr.Exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Documents and Settings\lution\Desktop\dv61wu8x.exe
---------- C:\WINDOWS\System32\wuauclt.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
---------- C:\Program Files\MSN Messenger\usnsvc.exe
---------- C:\WINDOWS\System32\wuauclt.exe
---------- C:\WINDOWS\System32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Fri 03/13/2009|11:19

----------------------\\ Scan completed at 11:19

#9 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 13 March 2009 - 09:19 PM

any reason you haven't updated to SP2?
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    %systemroot%\System32\antiwpa.dll
    %systemroot%\SYSTEM32\wpa.dll
    %systemroot%\setup\scripts\biestart.exe
    %systemroot%\system32\drivers\royal.sys
    %systemroot%\system32\serauth1.dll
    %systemroot%\system32\serauth2.dll
    %systemroot%\system32\sysaudio.sys
    %systemroot%\system32\wdmaud.sys
    %systemroot%\system32\aeaudio.sys

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#10 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 14 March 2009 - 06:03 AM

I just reformat my com and found out i can't get rid of the virus even reformated. And my disc only install SP1, so it is advisable to install SP2 now?

Here the report.

OTListIt logfile created on: 3/14/2009 12:58:09 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\lution\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.48 Mb Total Physical Memory | 186.11 Mb Available Physical Memory | 38.81% Memory free
1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.37% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 66.06 Gb Free Space | 88.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEN
Current User Name: lution
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\SpywareDetector\SDMainService.exe (Max Secure Software )
PRC - C:\Program Files\SpywareDetector\SDService.exe (Max Secure Software )
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (Alcatel Bell)
PRC - C:\Program Files\SpywareDetector\SDActiveMonitor.exe (Max Secure Software Pvt. Ltd.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\lution\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (CSIScanner [Auto | Running]) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (SDMainSvc [Auto | Running]) -- C:\Program Files\SpywareDetector\SDMainService.exe (Max Secure Software )
SRV - (SDService [Auto | Running]) -- C:\Program Files\SpywareDetector\SDService.exe (Max Secure Software )
SRV - (uploadmgr [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WmdmPmSp [Auto | Running]) -- C:\WINDOWS\System32\mspmspsv.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (alcan5wn [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys (Alcatel Bell)
DRV - (alcaudsl [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys (Alcatel Bell)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pxscan [Boot | Running]) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation )
DRV - (SDManager [System | Running]) -- C:\Program Files\SpywareDetector\SDManager.sys (Max Secure Software Pvt. Ltd.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 NtKrnlpa.info
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO (Max Secure Software Pvt. Ltd.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon (Alcatel Bell)
O4 - HKCU..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe File not found
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {3253534D-9980-0010-8000-00AA00389B71} http://download.micr...980/wms9dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\SpywareDetector\SDNotify.dll - C:\Program Files\SpywareDetector\SDNotify.dll (Max Secure Software)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/14 12:56:13 | 00,505,344 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lution\Desktop\OTListIt2.exe
[2009/03/13 11:18:37 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/13 11:18:30 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Rooter.exe
[2009/03/12 23:19:36 | 00,295,424 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\dv61wu8x.exe
[2009/03/12 21:10:36 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\jznqkbgw.exe
[2009/03/12 21:10:35 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\aitk.exe
[2009/03/12 20:03:34 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/03/12 20:03:13 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\SDFix.exe
[2009/03/12 19:56:25 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/03/12 19:56:08 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\LopSD.exe
[2009/03/12 19:54:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/03/12 19:54:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/12 19:54:46 | 01,561,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lution\Desktop\MGADiag.exe
[2009/03/12 19:46:49 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009/03/12 19:46:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/03/12 19:46:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/12 19:46:41 | 00,000,000 | ---D | C] -- C:\!FixIEDef
[2009/03/12 19:46:28 | 01,130,036 | ---- | C] (Malwareteks.com) -- C:\Documents and Settings\lution\Desktop\FixIEDef.exe
[2009/03/12 19:12:50 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/03/12 19:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/03/12 19:12:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\HijackThis.lnk
[2009/03/12 19:12:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/12 19:11:28 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\lution\Desktop\HJTInstall.exe
[2009/03/12 19:07:46 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\bvth.exe
[2009/03/12 19:07:45 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\dmmeyj.exe
[2009/03/12 19:01:48 | 00,311,591 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\AntiRootkit.zip
[2009/03/12 18:52:08 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\oqqsu.exe
[2009/03/10 17:01:22 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\pqsx.exe
[2009/03/10 17:01:20 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\ylorez.exe
[2009/03/08 17:25:58 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\ktcj.exe
[2009/03/08 17:25:56 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\uchm.exe
[2009/03/08 09:12:18 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ueps.exe
[2009/03/08 09:12:16 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\akcc.exe
[2009/03/06 22:41:01 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tfnqojhd.exe
[2009/03/05 00:23:22 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zlbeeit.exe
[2009/03/05 00:23:21 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\fbcpkwfd.exe
[2009/03/04 18:29:06 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\azojtee.exe
[2009/03/04 18:29:03 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\uhfwiiaw.exe
[2009/03/03 22:43:40 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\gepcenbw.exe
[2009/03/03 22:43:40 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\mszot.exe
[2009/03/03 20:29:17 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\unlfwsjz.exe
[2009/03/03 20:29:17 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\iacfh.exe
[2009/03/02 21:46:14 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\oisz.exe
[2009/03/02 21:46:14 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\vcll.exe
[2009/03/02 15:31:08 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\frwcn.exe
[2009/03/02 15:31:08 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\dqlaok.exe
[2009/03/01 23:45:22 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\txzmbpto.exe
[2009/03/01 23:45:22 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\uuujkif.exe
[2009/03/01 19:34:38 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\usbfafc.exe
[2009/03/01 19:34:34 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\upmf.exe
[2009/03/01 19:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lution\Local Settings\Application Data\Identities
[2009/03/01 01:00:45 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\dmss.exe
[2009/03/01 01:00:45 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\hiawvlyq.exe
[2009/03/01 00:58:45 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\izpvx.exe
[2009/03/01 00:58:45 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\rikreng.exe
[2009/02/28 14:10:59 | 00,100,316 | ---- | C] () -- C:\WINDOWS\System32\inaa.exe
[2009/02/28 14:10:50 | 00,100,316 | ---- | C] () -- C:\WINDOWS\System32\huuki.exe
[2009/02/28 13:58:53 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\tvxxuub.exe
[2009/02/28 13:53:53 | 00,118,557 | ---- | C] () -- C:\WINDOWS\System32\udstqj.exe
[2009/02/28 13:53:53 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\cgmsgp.exe
[2009/02/28 00:47:39 | 00,045,053 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 4.jpg
[2009/02/28 00:45:52 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\xkaapmwi.exe
[2009/02/28 00:28:52 | 00,017,860 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 3.jpg
[2009/02/28 00:28:30 | 00,021,239 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 2.jpg
[2009/02/28 00:28:20 | 00,023,240 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 1.jpg
[2009/02/27 20:35:59 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\qouxbnse.exe
[2009/02/27 20:30:59 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\htyc.exe
[2009/02/25 18:27:01 | 70,664,752 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\lution\Desktop\avg_avwt_stf_all_8_237a1428.exe
[2009/02/25 18:22:56 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\whxno.exe
[2009/02/25 18:22:53 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\nzqtxjd.exe
[2009/02/23 16:32:35 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\drhgu.exe
[2009/02/23 14:50:41 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\giekv.exe
[2009/02/22 17:55:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\mftjks.exe
[2009/02/22 17:54:11 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2009/02/22 17:54:11 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2009/02/22 17:54:10 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2009/02/22 17:54:10 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2009/02/22 17:54:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2009/02/22 17:54:10 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2009/02/22 17:54:10 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2009/02/22 17:54:10 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2009/02/22 17:54:01 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2009/02/22 17:54:01 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2009/02/22 17:54:01 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2009/02/22 17:54:01 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2009/02/22 17:54:01 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2009/02/22 17:54:01 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2009/02/22 17:54:01 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2009/02/22 17:54:01 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2009/02/22 17:54:01 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2009/02/22 17:54:01 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2009/02/22 17:54:01 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2009/02/22 17:54:01 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2009/02/22 17:54:00 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/02/22 17:54:00 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2009/02/22 17:54:00 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2009/02/22 17:54:00 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2009/02/22 17:54:00 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2009/02/22 17:54:00 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2009/02/22 17:54:00 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2009/02/22 17:54:00 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2009/02/22 17:53:55 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2009/02/22 17:53:55 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2009/02/22 17:53:55 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2009/02/22 17:53:55 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2009/02/22 17:53:55 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2009/02/22 17:53:55 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2009/02/22 17:53:55 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2009/02/22 17:53:55 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2009/02/22 17:53:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2009/02/22 17:53:47 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/02/22 17:53:46 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/02/22 17:53:46 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2009/02/22 17:53:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2009/02/22 17:53:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2009/02/22 17:53:45 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec.dll
[2009/02/22 17:53:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2009/02/22 17:53:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2009/02/22 17:53:45 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2009/02/22 17:53:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2009/02/22 17:53:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2009/02/22 17:53:25 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2009/02/22 17:53:24 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/02/22 17:53:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/02/22 17:53:24 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2009/02/22 17:53:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/02/22 17:53:24 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/02/22 17:53:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/02/22 17:53:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/02/22 17:53:24 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2009/02/22 17:53:23 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2009/02/22 17:53:22 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2009/02/22 17:53:22 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2009/02/22 17:53:22 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2009/02/22 17:53:22 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2009/02/22 17:53:22 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2009/02/22 17:53:22 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2009/02/22 17:53:22 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2009/02/22 17:53:22 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2009/02/22 17:53:22 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2009/02/22 17:53:22 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2009/02/22 17:53:21 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2009/02/22 17:53:17 | 00,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2009/02/22 17:53:17 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imekr61.ime
[2009/02/22 17:53:16 | 00,827,438 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2009/02/22 17:53:16 | 00,340,013 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2009/02/22 17:52:32 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/02/22 17:52:32 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009/02/22 17:52:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/02/22 17:52:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\jogoi.exe
[2009/02/22 16:03:38 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\xgpa.exe
[2009/02/22 15:47:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\bgsuoti.exe
[2009/02/22 12:24:12 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\nnocue.exe
[2009/02/22 12:19:09 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\bcstu.exe
[2009/02/21 23:18:10 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\odmepal.exe
[2009/02/21 18:26:32 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\YouTube Downloader.lnk
[2009/02/21 18:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2009/02/21 18:26:20 | 05,637,845 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\youtubedownloader.exe
[2009/02/21 18:02:51 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\kcua.exe
[2009/02/21 16:19:16 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\vrcrz.exe
[2009/02/21 16:19:16 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\nudz.exe
[2009/02/17 22:44:33 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\qfwwmu.exe
[2009/02/17 22:26:32 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\gkzb.exe
[2009/02/16 22:22:30 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Cheat Engine.lnk
[2009/02/16 22:22:29 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/02/16 22:22:29 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2009/02/16 22:22:28 | 00,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2009/02/16 20:46:23 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tuhyi.exe
[2009/02/16 20:41:20 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ofrvwln.exe
[2009/02/16 13:56:01 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ipeafcrw.exe
[2009/02/16 13:53:57 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\sojtijpr.exe
[2009/02/16 00:36:48 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\rjgg.exe
[2009/02/16 00:30:07 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\edfxi.exe
[2009/02/15 22:55:48 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zlbcsu.exe
[2009/02/15 22:46:43 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zcdcitpk.exe
[2009/02/15 20:34:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tanog.exe
[2009/02/15 12:21:05 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tkqkuu.exe
[2009/02/15 12:14:07 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\suhpox.exe
[2009/02/15 00:05:02 | 00,022,536 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/02/15 00:05:01 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/02/15 00:04:58 | 00,000,065 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/15 00:04:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/02/14 23:45:29 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\oiqofma.exe
[2009/02/14 23:42:37 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\tlcgnp.exe
[2009/02/14 23:09:57 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\pbhuv.exe
[2009/02/14 23:09:57 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\hvozx.exe
[2009/02/14 22:31:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zmkh.exe
[2009/02/14 22:31:25 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ksemxfz.exe
[2009/02/14 22:12:13 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\riakz.exe
[2009/02/14 22:00:09 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\gqfnkupb.exe
[2009/02/14 12:49:19 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\jgrfyymm.exe
[2009/02/14 12:40:18 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ofeooexk.exe
[2009/02/14 00:28:21 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ztuao.exe
[2009/02/13 23:24:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\ddwhwau.exe
[2009/02/13 12:29:02 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\egoftpth.exe
[2009/02/13 12:27:01 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zftohst.exe
[2009/02/13 10:48:07 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\zzytlnc.exe
[2009/02/13 10:38:16 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\rgrnitmt.exe
[2009/02/12 22:28:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\cwik.exe
[2009/02/12 22:16:28 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\hzgg.exe
[2009/02/12 20:44:27 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\lvovkj.exe
[2009/02/12 20:35:04 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\msdejefu.exe
[2009/02/12 20:17:30 | 00,044,097 | ---- | C] () -- C:\WINDOWS\System32\lbgr.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/14 12:56:18 | 00,505,344 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lution\Desktop\OTListIt2.exe
[2009/03/14 12:54:40 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\lution\My Documents\My Sharing Folders.lnk
[2009/03/14 12:53:56 | 00,000,063 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll
[2009/03/14 12:53:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/14 12:53:53 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/03/14 12:53:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/14 01:25:13 | 03,222,122 | -H-- | M] () -- C:\Documents and Settings\lution\Local Settings\Application Data\IconCache.db
[2009/03/13 11:18:34 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Rooter.exe
[2009/03/12 23:49:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/12 23:19:47 | 00,295,424 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\dv61wu8x.exe
[2009/03/12 23:13:35 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/12 23:13:35 | 00,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/12 23:13:35 | 00,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/12 21:10:36 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\jznqkbgw.exe
[2009/03/12 21:10:36 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\aitk.exe
[2009/03/12 20:03:21 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\SDFix.exe
[2009/03/12 19:56:20 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\LopSD.exe
[2009/03/12 19:54:50 | 01,561,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lution\Desktop\MGADiag.exe
[2009/03/12 19:46:34 | 01,130,036 | ---- | M] (Malwareteks.com) -- C:\Documents and Settings\lution\Desktop\FixIEDef.exe
[2009/03/12 19:12:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\HijackThis.lnk
[2009/03/12 19:11:35 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\lution\Desktop\HJTInstall.exe
[2009/03/12 19:07:46 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\bvth.exe
[2009/03/12 19:07:45 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\dmmeyj.exe
[2009/03/12 19:06:32 | 00,000,532 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/12 19:01:49 | 00,311,591 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\AntiRootkit.zip
[2009/03/12 18:52:08 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\oqqsu.exe
[2009/03/10 17:01:22 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\pqsx.exe
[2009/03/10 17:01:20 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\ylorez.exe
[2009/03/08 17:25:59 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\ktcj.exe
[2009/03/08 17:25:56 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\uchm.exe
[2009/03/08 09:12:18 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ueps.exe
[2009/03/08 09:12:17 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\akcc.exe
[2009/03/06 22:41:01 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\tfnqojhd.exe
[2009/03/06 21:55:37 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2009/03/05 00:23:22 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\fbcpkwfd.exe
[2009/03/05 00:23:22 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zlbeeit.exe
[2009/03/04 19:26:01 | 00,022,536 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/03/04 19:25:57 | 00,000,065 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/04 18:29:06 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\azojtee.exe
[2009/03/04 18:29:03 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\uhfwiiaw.exe
[2009/03/03 22:43:41 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\gepcenbw.exe
[2009/03/03 22:43:41 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\mszot.exe
[2009/03/03 20:29:18 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\unlfwsjz.exe
[2009/03/03 20:29:17 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\iacfh.exe
[2009/03/02 21:46:15 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\oisz.exe
[2009/03/02 21:46:14 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\vcll.exe
[2009/03/02 15:31:08 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\frwcn.exe
[2009/03/02 15:31:08 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\dqlaok.exe
[2009/03/01 23:45:22 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\txzmbpto.exe
[2009/03/01 23:45:22 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\uuujkif.exe
[2009/03/01 19:34:38 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\usbfafc.exe
[2009/03/01 19:34:35 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\upmf.exe
[2009/03/01 01:00:46 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\dmss.exe
[2009/03/01 01:00:46 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\hiawvlyq.exe
[2009/03/01 00:58:46 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\izpvx.exe
[2009/03/01 00:58:45 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\rikreng.exe
[2009/02/28 14:11:02 | 00,100,316 | ---- | M] () -- C:\WINDOWS\System32\inaa.exe
[2009/02/28 14:10:51 | 00,100,316 | ---- | M] () -- C:\WINDOWS\System32\huuki.exe
[2009/02/28 13:58:54 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\tvxxuub.exe
[2009/02/28 13:53:54 | 00,118,557 | ---- | M] () -- C:\WINDOWS\System32\udstqj.exe
[2009/02/28 13:53:53 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\cgmsgp.exe
[2009/02/28 00:47:31 | 00,045,053 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 4.jpg
[2009/02/28 00:45:52 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\xkaapmwi.exe
[2009/02/28 00:21:18 | 00,017,860 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 3.jpg
[2009/02/28 00:20:40 | 00,023,240 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 1.jpg
[2009/02/28 00:20:40 | 00,021,239 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 2.jpg
[2009/02/27 20:35:59 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\qouxbnse.exe
[2009/02/27 20:30:59 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\htyc.exe
[2009/02/25 18:27:00 | 70,664,752 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\lution\Desktop\avg_avwt_stf_all_8_237a1428.exe
[2009/02/25 18:22:57 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\whxno.exe
[2009/02/25 18:22:53 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\nzqtxjd.exe
[2009/02/23 16:32:36 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\drhgu.exe
[2009/02/23 14:50:41 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\giekv.exe
[2009/02/23 14:48:48 | 00,095,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/22 17:55:04 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\mftjks.exe
[2009/02/22 17:52:05 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\jogoi.exe
[2009/02/22 16:03:38 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\xgpa.exe
[2009/02/22 15:47:04 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\bgsuoti.exe
[2009/02/22 12:24:13 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\nnocue.exe
[2009/02/22 12:19:10 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\bcstu.exe
[2009/02/21 23:18:10 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\odmepal.exe
[2009/02/21 18:26:32 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\YouTube Downloader.lnk
[2009/02/21 18:26:20 | 05,637,845 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\youtubedownloader.exe
[2009/02/21 18:02:51 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\kcua.exe
[2009/02/21 16:19:16 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\vrcrz.exe
[2009/02/21 16:19:16 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\nudz.exe
[2009/02/17 22:44:33 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\qfwwmu.exe
[2009/02/17 22:26:33 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\gkzb.exe
[2009/02/16 22:22:30 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Cheat Engine.lnk
[2009/02/16 20:46:23 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\tuhyi.exe
[2009/02/16 20:41:20 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ofrvwln.exe
[2009/02/16 13:56:02 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ipeafcrw.exe
[2009/02/16 13:53:58 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\sojtijpr.exe
[2009/02/16 00:36:48 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\rjgg.exe
[2009/02/16 00:30:07 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\edfxi.exe
[2009/02/15 22:55:48 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zlbcsu.exe
[2009/02/15 22:46:43 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zcdcitpk.exe
[2009/02/15 20:34:05 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\tanog.exe
[2009/02/15 12:21:06 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\tkqkuu.exe
[2009/02/15 12:14:07 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\suhpox.exe
[2009/02/14 23:45:29 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\oiqofma.exe
[2009/02/14 23:42:37 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\tlcgnp.exe
[2009/02/14 23:09:58 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\hvozx.exe
[2009/02/14 23:09:57 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\pbhuv.exe
[2009/02/14 22:31:28 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zmkh.exe
[2009/02/14 22:31:25 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ksemxfz.exe
[2009/02/14 22:12:13 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\riakz.exe
[2009/02/14 22:00:10 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\gqfnkupb.exe
[2009/02/14 12:49:20 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\jgrfyymm.exe
[2009/02/14 12:40:19 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ofeooexk.exe
[2009/02/14 00:28:21 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ztuao.exe
[2009/02/13 23:24:28 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\ddwhwau.exe
[2009/02/13 12:29:02 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\egoftpth.exe
[2009/02/13 12:27:01 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zftohst.exe
[2009/02/13 10:48:08 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\zzytlnc.exe
[2009/02/13 10:38:16 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\rgrnitmt.exe
[2009/02/12 22:28:28 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\cwik.exe
[2009/02/12 22:16:28 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\hzgg.exe
[2009/02/12 20:44:28 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\lvovkj.exe
[2009/02/12 20:35:04 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\msdejefu.exe
[2009/02/12 20:17:30 | 00,044,097 | ---- | M] () -- C:\WINDOWS\System32\lbgr.exe

========== LOP Check ==========

[2009/03/12 19:54:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/02/27 20:32:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/03/12 19:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/03/04 19:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/03/12 19:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/02/08 17:33:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\lution\Application Data
[2009/02/08 15:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lution\Application Data\Adobe
[2009/02/08 15:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lution\Application Data\Identities
[2009/02/08 17:33:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lution\Application Data\InstallShield
[2009/02/08 15:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lution\Application Data\Macromedia
[2009/03/01 19:34:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\lution\Application Data\Microsoft
[2009/02/08 15:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lution\Application Data\Sun
[2002/11/25 20:44:56 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/14 12:53:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Custom Scans ==========



========== Net Services ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\NetSvcs

6to4 - -
AppMgmt - C:\WINDOWS\System32\appmgmts.dll - (Microsoft Corporation)
AudioSrv - C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation)
Browser - C:\WINDOWS\System32\browser.dll - (Microsoft Corporation)
CryptSvc - C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation)
DMServer - C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp.)
DHCP - C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation)
ERSvc - C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation)
EventSystem - C:\WINDOWS\System32\es.dll - (Microsoft Corporation)
FastUserSwitchingCompatibility - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
HidServ - C:\WINDOWS\System32\hidserv.dll - (Microsoft Corporation)
Ias - -
Iprip - -
Irmon - -
LanmanServer - C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation)
LanmanWorkstation - C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation)
Messenger - C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation)
Netman - C:\WINDOWS\System32\netman.dll - (Microsoft Corporation)
Nla - C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation)
Ntmssvc - C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation)
NWCWorkstation - -
Nwsapagent - -
Rasauto - C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation)
Rasman - C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation)
Remoteaccess - C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation)
Schedule - C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation)
Seclogon - C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation)
SENS - C:\WINDOWS\system32\sens.dll - (Microsoft Corporation)
Sharedaccess - C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation)
SRService - C:\WINDOWS\System32\srsvc.dll - (Microsoft Corporation)
Tapisrv - C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation)
Themes - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
TrkWks - C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation)
W32Time - C:\WINDOWS\System32\w32time.dll - (Microsoft Corporation)
WZCSVC - C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation)
Wmi - C:\WINDOWS\System32\advapi32.dll - (Microsoft Corporation)
WmdmPmSp - C:\WINDOWS\System32\mspmspsv.dll - (Microsoft Corporation)
winmgmt - C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
TermService - C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation)
wuauserv - C:\WINDOWS\System32\wuauserv.dll - (Microsoft Corporation)
BITS - C:\WINDOWS\System32\qmgr.dll - (Microsoft Corporation)
ShellHWDetection - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
uploadmgr - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)

======= End Net Services =========




========== SafeBoot-Minimal Settings ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\

AppMgmt - %SystemRoot%\System32\appmgmts.dll - (Microsoft Corporation)
Base - Driver Group
Boot Bus Extender - Driver Group
Boot file system - Driver Group
CryptSvc - %SystemRoot%\System32\cryptsvc.dll - (Microsoft Corporation)
dmadmin - %SystemRoot%\System32\dmadmin.exe - (Microsoft Corp., Veritas Software)
dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys - (Microsoft Corp., Veritas Software)
dmio.sys - %SystemRoot%\System32\drivers\dmio.sys - (Microsoft Corp., Veritas Software)
dmload.sys - %SystemRoot%\System32\drivers\dmload.sys - (Microsoft Corp., Veritas Software.)
dmserver - %SystemRoot%\System32\dmserver.dll - (Microsoft Corp.)
EventLog - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
File system - Driver Group
Filter - Driver Group
HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
Netlogon - %SystemRoot%\System32\lsass.exe - (Microsoft Corporation)
PCI Configuration - Driver Group
PlugPlay - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
PNP Filter - Driver Group
Primary disk - Driver Group
RpcSs - %SystemRoot%\system32\rpcss.dll - (Microsoft Corporation)
SCSI Class - Driver Group
sermouse.sys - Driver
sr.sys - %SystemRoot%\System32\DRIVERS\sr.sys - (Microsoft Corporation)
SRService - %SystemRoot%\System32\srsvc.dll - (Microsoft Corporation)
System Bus Extender - Driver Group
vga.sys - Driver
vgasave.sys - %SystemRoot%\System32\drivers\vga.sys - (Microsoft Corporation)
WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
{36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} - System
{4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

======= End SafeBoot-Minimal =========



========== SafeBoot-Network Settings ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\

AFD - %SystemRoot%\System32\drivers\afd.sys - (Microsoft Corporation)
AppMgmt - %SystemRoot%\System32\appmgmts.dll - (Microsoft Corporation)
Base - Driver Group
Boot Bus Extender - Driver Group
Boot file system - Driver Group
Browser - %SystemRoot%\System32\browser.dll - (Microsoft Corporation)
CryptSvc - %SystemRoot%\System32\cryptsvc.dll - (Microsoft Corporation)
Dhcp - %SystemRoot%\System32\dhcpcsvc.dll - (Microsoft Corporation)
dmadmin - %SystemRoot%\System32\dmadmin.exe - (Microsoft Corp., Veritas Software)
dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys - (Microsoft Corp., Veritas Software)
dmio.sys - %SystemRoot%\System32\drivers\dmio.sys - (Microsoft Corp., Veritas Software)
dmload.sys - %SystemRoot%\System32\drivers\dmload.sys - (Microsoft Corp., Veritas Software.)
dmserver - %SystemRoot%\System32\dmserver.dll - (Microsoft Corp.)
DnsCache - %SystemRoot%\System32\dnsrslvr.dll - (Microsoft Corporation)
EventLog - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
File system - Driver Group
Filter - Driver Group
HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
LanmanServer - %SystemRoot%\System32\srvsvc.dll - (Microsoft Corporation)
LanmanWorkstation - %SystemRoot%\System32\wkssvc.dll - (Microsoft Corporation)
LmHosts - %SystemRoot%\System32\lmhsvc.dll - (Microsoft Corporation)
Messenger - %SystemRoot%\System32\msgsvc.dll - (Microsoft Corporation)
NDIS - %SystemRoot%\System32\drivers\ndis.sys - (Microsoft Corporation)
NDIS Wrapper - Driver Group
Ndisuio - %SystemRoot%\System32\DRIVERS\ndisuio.sys - (Microsoft Corporation)
NetBIOS - %SystemRoot%\System32\DRIVERS\netbios.sys - (Microsoft Corporation)
NetBIOSGroup - Driver Group
NetBT - %SystemRoot%\System32\DRIVERS\netbt.sys - (Microsoft Corporation)
NetDDEGroup - Driver Group
Netlogon - %SystemRoot%\System32\lsass.exe - (Microsoft Corporation)
NetMan - %SystemRoot%\System32\netman.dll - (Microsoft Corporation)
Network - Driver Group
NetworkProvider - Driver Group
NtLmSsp - %SystemRoot%\System32\lsass.exe - (Microsoft Corporation)
PCI Configuration - Driver Group
PlugPlay - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
PNP Filter - Driver Group
PNP_TDI - Driver Group
Primary disk - Driver Group
rdpcdd.sys - %SystemRoot%\System32\DRIVERS\RDPCDD.sys - (Microsoft Corporation)
rdpdd.sys - %SystemRoot%\System32\rdpdd.dll - (Microsoft Corporation)
rdpwd.sys - %SystemRoot%\System32\drivers\rdpwd.sys - (Microsoft Corporation)
rdsessmgr - %SystemRoot%\system32\sessmgr.exe - (Microsoft Corporation)
RpcSs - %SystemRoot%\system32\rpcss.dll - (Microsoft Corporation)
SCSI Class - Driver Group
sermouse.sys - Driver
sr.sys - %SystemRoot%\System32\DRIVERS\sr.sys - (Microsoft Corporation)
SRService - %SystemRoot%\System32\srsvc.dll - (Microsoft Corporation)
Streams Drivers - Driver Group
System Bus Extender - Driver Group
Tcpip - %SystemRoot%\System32\DRIVERS\tcpip.sys - (Microsoft Corporation)
TDI - Driver Group
tdpipe.sys - %SystemRoot%\System32\drivers\tdpipe.sys - (Microsoft Corporation)
tdtcp.sys - %SystemRoot%\System32\drivers\tdtcp.sys - (Microsoft Corporation)
termservice - %SystemRoot%\System32\termsrv.dll - (Microsoft Corporation)
UploadMgr - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
vga.sys - Driver
vgasave.sys - %SystemRoot%\System32\drivers\vga.sys - (Microsoft Corporation)
WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
WZCSVC - %SystemRoot%\System32\wzcsvc.dll - (Microsoft Corporation)
{36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} - Net
{4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} - System
{4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

======= End SafeBoot-Network =========



========== ActiveX Components ==========

{08B0E5C0-4FCB-11CF-AAA5-00401C608500}: Microsoft VM
{08B0E5C0-4FCB-11CF-AAA5-00401C608555}: Internet Explorer Classes for Java
{10072CEC-8CC1-11D1-986E-00A0C955B42F}: Vector Graphics Rendering (VML)
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}: NetShow
{22d6f312-b0f6-11d0-94ab-0080c74c7e95}: Microsoft Windows Media Player 6.4
{283807B5-2C60-11D0-A31D-00AA00B92C03}: DirectAnimation
{2C7339CF-2B09-4501-B3F3-F3508C9228ED}: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
{306D6C21-C1B6-4629-986C-E59E1875B8AF}: "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser
{36f8ec70-c29a-11d1-b5c7-0000f8051515}: Dynamic HTML Data Binding for Java
{3af36230-a269-11d1-b5bf-0000f8051515}: Offline Browsing Pack
{3bf42070-b3b1-11d1-b5c5-0000f8051515}: Uniscribe
{4278c270-a269-11d1-b5bf-0000f8051515}: Advanced Authoring
{44BBA840-CC51-11CF-AAFA-00AA00B6015C}: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
{44BBA842-CC51-11CF-AAFA-00AA00B6015B}: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
{44BBA848-CC51-11CF-AAFA-00AA00B6015C}: DirectShow
{44BBA855-CC51-11CF-AAFA-00AA00B6015C}: Microsoft DirectX
{44BBA855-CC51-11CF-AAFA-00AA00B6015F}: DirectDrawEx
{45ea75a0-a269-11d1-b5bf-0000f8051515}: Internet Explorer Help
{4f216970-c90c-11d1-b5c7-0000f8051515}: DirectAnimation Java Classes
{4f645220-306d-11d2-995d-00c04f98bbc9}: Microsoft Windows Script 5.6
{5945c046-1e7d-11d1-bc44-00c04fd912be}: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser
{5A8D6EE0-3E18-11D0-821E-444553540000}: ICW
{5fd399c0-a70a-11d1-9948-00c04f98bbc9}: Internet Explorer Setup Tools
{630b1da0-b465-11d1-9948-00c04f98bbc9}: Browsing Enhancements
{6BF52A52-394A-11d3-B153-00C04F79FAA6}: Microsoft Windows Media Player 8
{6fab99d0-bab8-11d1-994a-00c04f98bbc9}: MSN Site Access
{7790769C-0471-11d2-AF11-00C04FA35D02}: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
{89820200-ECBD-11cf-8B85-00AA005B4340}: regsvr32.exe /s /n /i:U shell32.dll
{89820200-ECBD-11cf-8B85-00AA005B4383}: %SystemRoot%\system32\ie4uinit.exe
{9381D8F2-0288-11D0-9501-00AA00B911A5}: Dynamic HTML Data Binding
{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}:
{C9E9A340-D1F1-11D0-821E-444553540600}: Internet Explorer Core Fonts
{CC2A9BA0-3BDD-11D0-821E-444553540000}: Task Scheduler
{D27CDB6E-AE6D-11cf-96B8-444553540000}: Adobe Flash Player
{de5aed00-a4bf-11d1-9948-00c04f98bbc9}: HTML Help
{E92B03AB-B707-11d2-9CBD-0000F87A369E}: Active Directory Service Interface
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}: C:\WINDOWS\inf\unregmp2.exe /ShowWMP
>{26923b43-4d38-484f-9b9e-de460746276c}: %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

======= End ActiveX =========


< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\serauth1.dll >

< %systemroot%\system32\serauth2.dll >

< %systemroot%\system32\sysaudio.sys >

< %systemroot%\system32\wdmaud.sys >

< %systemroot%\system32\aeaudio.sys >
< End of report >

#11 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 14 March 2009 - 06:04 AM

OTListIt Extras logfile created on: 3/14/2009 12:58:09 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\lution\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.48 Mb Total Physical Memory | 186.11 Mb Available Physical Memory | 38.81% Memory free
1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.37% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 66.06 Gb Free Space | 88.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEN
Current User Name: lution
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{B7DE6498-9764-4657-846F-832EE3E6718D}" = SpeedTouch USB
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"HijackThis" = HijackThis 2.0.2
"PCSI" = Prevx CSI
"SpywareDetector_is1" = Spyware Detector

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2009 8:05:54 AM | Computer Name = BEN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/12/2009 8:05:54 AM | Computer Name = BEN | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 3/12/2009 11:05:26 AM | Computer Name = BEN | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/12/2009 11:05:26 AM | Computer Name = BEN | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 3/12/2009 12:16:04 PM | Computer Name = BEN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module mshtml.dll, version 6.0.2800.1106, fault address 0x000a643a.

Error - 3/12/2009 12:17:40 PM | Computer Name = BEN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module mshtml.dll, version 6.0.2800.1106, fault address 0x000a643a.

Error - 3/12/2009 11:31:41 PM | Computer Name = BEN | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/12/2009 11:33:22 PM | Computer Name = BEN | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/12/2009 11:35:35 PM | Computer Name = BEN | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/12/2009 11:56:17 PM | Computer Name = BEN | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/13/2009 10:21:49 AM | Computer Name = BEN | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 3/13/2009 11:02:59 AM | Computer Name = BEN | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 3/13/2009 11:02:59 AM | Computer Name = BEN | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 3/13/2009 1:13:47 PM | Computer Name = BEN | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 3/13/2009 1:13:47 PM | Computer Name = BEN | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 3/14/2009 12:54:12 AM | Computer Name = BEN | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 3/14/2009 12:54:12 AM | Computer Name = BEN | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 3/14/2009 12:54:12 AM | Computer Name = BEN | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 3/14/2009 12:54:23 AM | Computer Name = BEN | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 3/14/2009 12:54:23 AM | Computer Name = BEN | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.


< End of report >

#12 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 14 March 2009 - 07:49 PM

hello

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    &#58;OTLI
    PRC - C&#58;\WINDOWS\explorer.exe &#40;Microsoft Corporation&#41;
    &#91;2009/03/12 23&#58;19&#58;36 | 00,295,424 | ---- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\lution\Desktop\dv61wu8x.exe
    &#91;2009/03/12 21&#58;10&#58;36 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\jznqkbgw.exe
    &#91;2009/03/12 21&#58;10&#58;35 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\aitk.exe
    &#91;2009/03/12 19&#58;07&#58;46 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\bvth.exe
    &#91;2009/03/12 19&#58;07&#58;45 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\dmmeyj.exe
    &#91;2009/03/12 19&#58;01&#58;48 | 00,311,591 | ---- | C&#93; &#40;&#41; -- C&#58;\Documents and Settings\lution\Desktop\AntiRootkit.zip
    &#91;2009/03/12 18&#58;52&#58;08 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\oqqsu.exe
    &#91;2009/03/10 17&#58;01&#58;22 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\pqsx.exe
    &#91;2009/03/10 17&#58;01&#58;20 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\ylorez.exe
    &#91;2009/03/08 17&#58;25&#58;58 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\ktcj.exe
    &#91;2009/03/08 17&#58;25&#58;56 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\uchm.exe
    &#91;2009/03/08 09&#58;12&#58;18 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\ueps.exe
    &#91;2009/03/08 09&#58;12&#58;16 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\akcc.exe
    &#91;2009/03/06 22&#58;41&#58;01 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\tfnqojhd.exe
    &#91;2009/03/05 00&#58;23&#58;22 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\zlbeeit.exe
    &#91;2009/03/05 00&#58;23&#58;21 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\fbcpkwfd.exe
    &#91;2009/03/04 18&#58;29&#58;06 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\azojtee.exe
    &#91;2009/03/04 18&#58;29&#58;03 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\uhfwiiaw.exe
    &#91;2009/03/03 22&#58;43&#58;40 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\gepcenbw.exe
    &#91;2009/03/03 22&#58;43&#58;40 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\mszot.exe
    &#91;2009/03/03 20&#58;29&#58;17 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\unlfwsjz.exe
    &#91;2009/03/03 20&#58;29&#58;17 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\iacfh.exe
    &#91;2009/03/02 21&#58;46&#58;14 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\oisz.exe
    &#91;2009/03/02 21&#58;46&#58;14 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\vcll.exe
    &#91;2009/03/02 15&#58;31&#58;08 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\frwcn.exe
    &#91;2009/03/02 15&#58;31&#58;08 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\dqlaok.exe
    &#91;2009/03/01 23&#58;45&#58;22 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\txzmbpto.exe
    &#91;2009/03/01 23&#58;45&#58;22 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\uuujkif.exe
    &#91;2009/03/01 19&#58;34&#58;38 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\usbfafc.exe
    &#91;2009/03/01 19&#58;34&#58;34 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\upmf.exe
    &#91;2009/03/01 01&#58;00&#58;45 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\dmss.exe
    &#91;2009/03/01 01&#58;00&#58;45 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\hiawvlyq.exe
    &#91;2009/03/01 00&#58;58&#58;45 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\izpvx.exe
    &#91;2009/03/01 00&#58;58&#58;45 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\rikreng.exe
    &#91;2009/02/28 14&#58;10&#58;59 | 00,100,316 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\inaa.exe
    &#91;2009/02/28 14&#58;10&#58;50 | 00,100,316 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\huuki.exe
    &#91;2009/02/28 13&#58;58&#58;53 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\tvxxuub.exe
    &#91;2009/02/28 13&#58;53&#58;53 | 00,118,557 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\udstqj.exe
    &#91;2009/02/28 13&#58;53&#58;53 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\cgmsgp.exe
    &#91;2009/02/28 00&#58;45&#58;52 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\xkaapmwi.exe
    &#91;2009/02/27 20&#58;35&#58;59 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\qouxbnse.exe
    &#91;2009/02/27 20&#58;30&#58;59 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\htyc.exe
    &#91;2009/02/25 18&#58;22&#58;56 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\whxno.exe
    &#91;2009/02/25 18&#58;22&#58;53 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\nzqtxjd.exe
    &#91;2009/02/23 16&#58;32&#58;35 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\drhgu.exe
    &#91;2009/02/23 14&#58;50&#58;41 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\giekv.exe
    &#91;2009/02/22 17&#58;55&#58;04 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\mftjks.exe
    &#91;2009/02/22 17&#58;52&#58;04 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\jogoi.exe
    &#91;2009/02/22 16&#58;03&#58;38 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\xgpa.exe
    &#91;2009/02/22 15&#58;47&#58;04 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\bgsuoti.exe
    &#91;2009/02/22 12&#58;24&#58;12 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\nnocue.exe
    &#91;2009/02/22 12&#58;19&#58;09 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\bcstu.exe
    &#91;2009/02/21 23&#58;18&#58;10 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\odmepal.exe
    &#91;2009/02/21 18&#58;02&#58;51 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\kcua.exe
    &#91;2009/02/21 16&#58;19&#58;16 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\vrcrz.exe
    &#91;2009/02/21 16&#58;19&#58;16 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\nudz.exe
    &#91;2009/02/17 22&#58;44&#58;33 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\qfwwmu.exe
    &#91;2009/02/17 22&#58;26&#58;32 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\gkzb.exe
    &#91;2009/02/16 20&#58;46&#58;23 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\tuhyi.exe
    &#91;2009/02/16 20&#58;41&#58;20 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\ofrvwln.exe
    &#91;2009/02/16 13&#58;56&#58;01 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\ipeafcrw.exe
    &#91;2009/02/16 13&#58;53&#58;57 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\sojtijpr.exe
    &#91;2009/02/16 00&#58;36&#58;48 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\rjgg.exe
    &#91;2009/02/16 00&#58;30&#58;07 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\edfxi.exe
    &#91;2009/02/15 22&#58;55&#58;48 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\zlbcsu.exe
    &#91;2009/02/15 22&#58;46&#58;43 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\zcdcitpk.exe
    &#91;2009/02/15 20&#58;34&#58;04 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\tanog.exe
    &#91;2009/02/15 12&#58;21&#58;05 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\tkqkuu.exe
    &#91;2009/02/15 12&#58;14&#58;07 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\suhpox.exe
    &#91;2009/02/14 23&#58;45&#58;29 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\oiqofma.exe
    &#91;2009/02/14 23&#58;42&#58;37 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\tlcgnp.exe
    &#91;2009/02/14 23&#58;09&#58;57 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\pbhuv.exe
    &#91;2009/02/14 23&#58;09&#58;57 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\hvozx.exe
    &#91;2009/02/14 22&#58;31&#58;28 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\zmkh.exe
    &#91;2009/02/14 22&#58;31&#58;25 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\ksemxfz.exe
    &#91;2009/02/14 22&#58;12&#58;13 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\riakz.exe
    &#91;2009/02/14 22&#58;00&#58;09 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\gqfnkupb.exe
    &#91;2009/02/14 12&#58;49&#58;19 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\jgrfyymm.exe
    &#91;2009/02/14 12&#58;40&#58;18 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\ofeooexk.exe
    &#91;2009/02/14 00&#58;28&#58;21 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\ztuao.exe
    &#91;2009/02/13 23&#58;24&#58;28 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\ddwhwau.exe
    &#91;2009/02/13 12&#58;29&#58;02 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\egoftpth.exe
    &#91;2009/02/13 12&#58;27&#58;01 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\zftohst.exe
    &#91;2009/02/13 10&#58;48&#58;07 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\zzytlnc.exe
    &#91;2009/02/13 10&#58;38&#58;16 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\rgrnitmt.exe
    &#91;2009/02/12 22&#58;28&#58;28 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\cwik.exe
    &#91;2009/02/12 22&#58;16&#58;28 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\hzgg.exe
    &#91;2009/02/12 20&#58;44&#58;27 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\lvovkj.exe
    &#91;2009/02/12 20&#58;35&#58;04 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\msdejefu.exe
    &#91;2009/02/12 20&#58;17&#58;30 | 00,044,097 | ---- | C&#93; &#40;&#41; -- C&#58;\WINDOWS\System32\lbgr.exe
    
    &#58;Services
    
    &#58;Reg
    
    &#58;Files
    
    &#58;Commands
    &#91;purity&#93;
    &#91;emptytemp&#93;
    &#91;start explorer&#93;
    &#91;Reboot&#93;
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#13 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 15 March 2009 - 05:52 AM

hi here the report.

OTListIt logfile created on: 3/15/2009 12:48:06 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\lution\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.48 Mb Total Physical Memory | 187.94 Mb Available Physical Memory | 39.20% Memory free
1.10 Gb Paging File | 0.85 Gb Available in Paging File | 77.75% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 66.24 Gb Free Space | 88.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEN
Current User Name: lution
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\SpywareDetector\SDMainService.exe (Max Secure Software )
PRC - C:\Program Files\SpywareDetector\SDService.exe (Max Secure Software )
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (Alcatel Bell)
PRC - C:\Program Files\SpywareDetector\SDActiveMonitor.exe (Max Secure Software Pvt. Ltd.)
PRC - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\lution\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (CSIScanner [Auto | Running]) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (SDMainSvc [Auto | Running]) -- C:\Program Files\SpywareDetector\SDMainService.exe (Max Secure Software )
SRV - (SDService [Auto | Running]) -- C:\Program Files\SpywareDetector\SDService.exe (Max Secure Software )
SRV - (uploadmgr [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WmdmPmSp [Auto | Running]) -- C:\WINDOWS\System32\mspmspsv.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (alcan5wn [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys (Alcatel Bell)
DRV - (alcaudsl [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys (Alcatel Bell)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pxscan [Boot | Running]) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation )
DRV - (SDManager [System | Running]) -- C:\Program Files\SpywareDetector\SDManager.sys (Max Secure Software Pvt. Ltd.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 NtKrnlpa.info
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO (Max Secure Software Pvt. Ltd.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon (Alcatel Bell)
O4 - HKCU..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe File not found
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ()
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {3253534D-9980-0010-8000-00AA00389B71} http://download.micr...980/wms9dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\SpywareDetector\SDNotify.dll - C:\Program Files\SpywareDetector\SDNotify.dll (Max Secure Software)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/15 12:42:50 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/14 12:56:13 | 00,505,344 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lution\Desktop\OTListIt2.exe
[2009/03/13 11:18:37 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/13 11:18:30 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Rooter.exe
[2009/03/12 20:03:34 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/03/12 20:03:13 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\SDFix.exe
[2009/03/12 19:56:25 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/03/12 19:56:08 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\LopSD.exe
[2009/03/12 19:54:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/03/12 19:54:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/12 19:54:46 | 01,561,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lution\Desktop\MGADiag.exe
[2009/03/12 19:46:49 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009/03/12 19:46:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/03/12 19:46:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/12 19:46:41 | 00,000,000 | ---D | C] -- C:\!FixIEDef
[2009/03/12 19:46:28 | 01,130,036 | ---- | C] (Malwareteks.com) -- C:\Documents and Settings\lution\Desktop\FixIEDef.exe
[2009/03/12 19:12:50 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/03/12 19:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/03/12 19:12:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\HijackThis.lnk
[2009/03/12 19:12:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/12 19:11:28 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\lution\Desktop\HJTInstall.exe
[2009/03/01 19:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lution\Local Settings\Application Data\Identities
[2009/02/28 00:47:39 | 00,045,053 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 4.jpg
[2009/02/28 00:28:52 | 00,017,860 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 3.jpg
[2009/02/28 00:28:30 | 00,021,239 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 2.jpg
[2009/02/28 00:28:20 | 00,023,240 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 1.jpg
[2009/02/25 18:27:01 | 70,664,752 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\lution\Desktop\avg_avwt_stf_all_8_237a1428.exe
[2009/02/22 17:54:11 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2009/02/22 17:54:11 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2009/02/22 17:54:10 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2009/02/22 17:54:10 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2009/02/22 17:54:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2009/02/22 17:54:10 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2009/02/22 17:54:10 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2009/02/22 17:54:10 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2009/02/22 17:54:01 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2009/02/22 17:54:01 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2009/02/22 17:54:01 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2009/02/22 17:54:01 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2009/02/22 17:54:01 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2009/02/22 17:54:01 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2009/02/22 17:54:01 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2009/02/22 17:54:01 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2009/02/22 17:54:01 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2009/02/22 17:54:01 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2009/02/22 17:54:01 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2009/02/22 17:54:01 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2009/02/22 17:54:00 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/02/22 17:54:00 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2009/02/22 17:54:00 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2009/02/22 17:54:00 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2009/02/22 17:54:00 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2009/02/22 17:54:00 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2009/02/22 17:54:00 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2009/02/22 17:54:00 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2009/02/22 17:53:55 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2009/02/22 17:53:55 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2009/02/22 17:53:55 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2009/02/22 17:53:55 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2009/02/22 17:53:55 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2009/02/22 17:53:55 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2009/02/22 17:53:55 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2009/02/22 17:53:55 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2009/02/22 17:53:55 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2009/02/22 17:53:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2009/02/22 17:53:47 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/02/22 17:53:46 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/02/22 17:53:46 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2009/02/22 17:53:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2009/02/22 17:53:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2009/02/22 17:53:45 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec.dll
[2009/02/22 17:53:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2009/02/22 17:53:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2009/02/22 17:53:45 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2009/02/22 17:53:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2009/02/22 17:53:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2009/02/22 17:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2009/02/22 17:53:25 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2009/02/22 17:53:24 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/02/22 17:53:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/02/22 17:53:24 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2009/02/22 17:53:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/02/22 17:53:24 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/02/22 17:53:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/02/22 17:53:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/02/22 17:53:24 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2009/02/22 17:53:23 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2009/02/22 17:53:22 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2009/02/22 17:53:22 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2009/02/22 17:53:22 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2009/02/22 17:53:22 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2009/02/22 17:53:22 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2009/02/22 17:53:22 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2009/02/22 17:53:22 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2009/02/22 17:53:22 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2009/02/22 17:53:22 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2009/02/22 17:53:22 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2009/02/22 17:53:21 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2009/02/22 17:53:17 | 00,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2009/02/22 17:53:17 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imekr61.ime
[2009/02/22 17:53:16 | 00,827,438 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2009/02/22 17:53:16 | 00,340,013 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2009/02/22 17:52:32 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/02/22 17:52:32 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/02/22 17:52:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009/02/22 17:52:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/02/21 18:26:32 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\YouTube Downloader.lnk
[2009/02/21 18:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2009/02/21 18:26:20 | 05,637,845 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\youtubedownloader.exe
[2009/02/16 22:22:30 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\lution\Desktop\Cheat Engine.lnk
[2009/02/16 22:22:29 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/02/16 22:22:29 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2009/02/16 22:22:28 | 00,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2009/02/15 00:05:02 | 00,022,536 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/02/15 00:05:01 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/02/15 00:04:58 | 00,000,065 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/15 00:04:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/15 12:49:06 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\lution\My Documents\My Sharing Folders.lnk
[2009/03/15 12:44:47 | 00,000,063 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll
[2009/03/15 12:44:46 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/03/15 12:44:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/15 12:44:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/14 13:20:45 | 03,222,252 | -H-- | M] () -- C:\Documents and Settings\lution\Local Settings\Application Data\IconCache.db
[2009/03/14 12:56:18 | 00,505,344 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lution\Desktop\OTListIt2.exe
[2009/03/13 11:18:34 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Rooter.exe
[2009/03/12 23:49:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/12 23:13:35 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/12 23:13:35 | 00,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/12 23:13:35 | 00,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/12 20:03:21 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\SDFix.exe
[2009/03/12 19:56:20 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\LopSD.exe
[2009/03/12 19:54:50 | 01,561,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lution\Desktop\MGADiag.exe
[2009/03/12 19:46:34 | 01,130,036 | ---- | M] (Malwareteks.com) -- C:\Documents and Settings\lution\Desktop\FixIEDef.exe
[2009/03/12 19:12:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\HijackThis.lnk
[2009/03/12 19:11:35 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\lution\Desktop\HJTInstall.exe
[2009/03/12 19:06:32 | 00,000,532 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/06 21:55:37 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2009/03/04 19:26:01 | 00,022,536 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/03/04 19:25:57 | 00,000,065 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/02/28 00:47:31 | 00,045,053 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 4.jpg
[2009/02/28 00:21:18 | 00,017,860 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 3.jpg
[2009/02/28 00:20:40 | 00,023,240 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 1.jpg
[2009/02/28 00:20:40 | 00,021,239 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Kris Allen 2.jpg
[2009/02/25 18:27:00 | 70,664,752 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\lution\Desktop\avg_avwt_stf_all_8_237a1428.exe
[2009/02/23 14:48:48 | 00,095,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/21 18:26:32 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\YouTube Downloader.lnk
[2009/02/21 18:26:20 | 05,637,845 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\youtubedownloader.exe
[2009/02/16 22:22:30 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\lution\Desktop\Cheat Engine.lnk
< End of report >

#14 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 15 March 2009 - 02:46 PM

hello

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    &#58;OTLI
    PRC - C&#58;\WINDOWS\explorer.exe &#40;Microsoft Corporation&#41;
    O4 - HKCU..\Run&#58; &#91;12CFG914-K641-26SF-N31P&#93; C&#58;\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe File not found
    
    &#58;Services
    
    &#58;Reg
    
    &#58;Files
    
    &#58;Commands
    &#91;purity&#93;
    &#91;emptytemp&#93;
    &#91;start explorer&#93;
    &#91;Reboot&#93;
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done


Download Flash_Disinfector.exe from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.


Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#15 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 16 March 2009 - 04:42 PM

hi here mbam log.

Malwarebytes' Anti-Malware 1.34
Database version: 1854
Windows 5.1.2600 Service Pack 1

3/16/2009 8:45:17 PM
mbam-log-2009-03-16 (20-45-17).txt

Scan type: Quick Scan
Objects scanned: 54954
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

#16 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 16 March 2009 - 04:44 PM

KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 16, 2009
Operating System: Microsoft Windows XP Professional Service Pack 1 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 16, 2009 14:09:03
Records in database: 1916188


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Files scanned 17433
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 00:23:55

No malware has been detected. The scan area is clean.
The selected area was scanned.

#17 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 16 March 2009 - 08:31 PM

hello

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#18 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 17 March 2009 - 05:07 AM

hi here the logfile.

ComboFix 09-03-15.01 - lution 2009-03-17 12:02:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.479.163 [GMT 8:00]
Running from: c:\documents and settings\lution\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.

2009-03-17 11:58 . 2009-03-17 11:58 <DIR> d-------- c:\windows\LastGood
2009-03-16 20:58 . 2009-03-16 20:58 <DIR> d-------- c:\windows\Sun
2009-03-16 20:57 . 2009-03-16 20:57 <DIR> d-------- c:\program files\Java
2009-03-16 20:57 . 2009-03-16 20:57 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-16 20:57 . 2009-03-16 20:57 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-16 20:36 . 2009-03-16 20:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-16 20:36 . 2009-03-16 20:36 <DIR> d-------- c:\documents and settings\lution\Application Data\Malwarebytes
2009-03-16 20:36 . 2009-03-16 20:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-16 20:36 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-16 20:36 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-15 13:32 . 2009-03-15 13:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-15 13:22 . 2009-03-17 11:58 <DIR> d-------- c:\program files\ESET
2009-03-15 12:42 . 2009-03-15 12:42 <DIR> d-------- C:\_OTListIt
2009-03-13 11:18 . 2009-03-15 13:46 <DIR> d-------- C:\Rooter$
2009-03-12 20:03 . 2009-03-15 13:46 <DIR> d-------- C:\SDFix
2009-03-12 19:56 . 2009-03-15 13:43 <DIR> d-------- C:\Lop SD
2009-03-12 19:54 . 2009-03-12 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-12 19:46 . 2009-03-15 13:49 <DIR> d-------- c:\windows\ERUNT
2009-03-12 19:46 . 2009-03-12 19:46 <DIR> d-------- C:\ERDNT
2009-03-12 19:46 . 2009-03-12 19:46 <DIR> d-------- C:\!FixIEDef
2009-03-12 19:12 . 2009-03-12 19:12 <DIR> d-------- c:\program files\Trend Micro
2009-03-12 19:12 . 2009-03-17 11:59 <DIR> d-------- c:\program files\Panda Security
2009-02-22 17:53 . 2002-11-25 20:44 1,783,864 --a------ c:\windows\system32\WINPY.MB
2009-02-22 17:52 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-02-22 17:52 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-02-22 17:52 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd106.dll
2009-02-22 17:52 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-02-22 17:52 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-02-22 17:52 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-02-21 18:26 . 2009-03-15 13:46 <DIR> d-------- c:\program files\YouTube Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 14:52 --------- d-----w c:\program files\Cheat Engine
2009-03-16 14:34 --------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI
2009-03-15 05:45 --------- d-----w c:\program files\Warcraft III
2009-03-15 05:44 --------- d-----w c:\program files\Garena
2009-03-15 05:43 --------- d-----w c:\program files\AvRack
2009-03-15 05:43 --------- d-----w c:\program files\Alcatel
2009-03-04 11:26 22,536 ----a-w c:\windows\system32\drivers\pxscan.sys
2009-02-14 16:05 --------- d-----w c:\program files\Prevx
2009-02-08 09:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 09:33 --------- d-----w c:\documents and settings\lution\Application Data\InstallShield
2009-02-08 08:14 --------- d-----w c:\program files\SpywareDetector
2009-02-08 07:55 2,829 ----a-w c:\windows\War3Unin.pif
2009-02-08 07:55 139,264 ----a-w c:\windows\War3Unin.exe
2009-02-08 07:33 --------- d-----w c:\program files\Real
2009-02-08 07:33 --------- d-----w c:\program files\MSN Messenger
2009-02-08 07:17 --------- d-----w c:\program files\Intel
2009-02-08 07:15 --------- d-----w c:\program files\Realtek Sound Manager
2009-02-08 07:14 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-08 07:07 --------- d-----w c:\program files\microsoft frontpage
2009-02-08 07:06 558,142 ----a-w c:\windows\java\Packages\JJJDVDZV.ZIP
2009-02-08 07:06 155,995 ----a-w c:\windows\java\Packages\GNZPN35R.ZIP
2009-01-08 03:20 1,060,864 ----a-w c:\windows\system32\CheckDll.dll
2009-01-07 09:20 13,776 ----a-w c:\windows\system32\SDEarlyDelete.exe
.

------- Sigcheck -------

2002-08-29 18:41 1004032 2ff37c053c7c76a6a8e369836278e944 c:\windows\EXPLORER.EXE
2002-08-29 18:41 1004032 2ff37c053c7c76a6a8e369836278e944 c:\windows\system32\dllcache\explorer.exe

2002-08-29 18:41 13312 03543d06398c22667718cc62879af622 c:\windows\system32\ctfmon.exe
2002-08-29 18:41 13312 03543d06398c22667718cc62879af622 c:\windows\system32\dllcache\ctfmon.exe

2002-11-25 20:45 58368 79afca5caece28db9c1fef5769e46f73 c:\windows\system32\spoolsv.exe
2002-11-25 20:45 51200 6d20bd8885992257605a0fa200466c2c c:\windows\system32\dllcache\spoolsv.exe

2002-08-29 18:41 22016 870aee4f38f7a0f30e31b836003b6de3 c:\windows\system32\userinit.exe
2002-08-29 18:41 22016 870aee4f38f7a0f30e31b836003b6de3 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2002-08-20 1511424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-11-02 126976]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 4247552]
"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [2009-01-07 1364944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-16 148888]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
2008-12-01 11:15 475136 c:\program files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-15 22536]
R1 SDManager;SDManager;c:\program files\SpywareDetector\SDManager.sys [2009-02-08 13696]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-15 4150840]
R2 SDMainSvc;SDMainSvc;c:\program files\SpywareDetector\SDMainService.exe [2009-02-08 923088]
R2 SDService;SDService;c:\program files\SpywareDetector\SDService.exe [2009-02-08 1713616]
R4 ehdrv;ehdrv;c:\windows\System32\DRIVERS\ehdrv.sys --> c:\windows\System32\DRIVERS\ehdrv.sys [?]
R4 epfwtdir;epfwtdir;c:\windows\System32\DRIVERS\epfwtdir.sys --> c:\windows\System32\DRIVERS\epfwtdir.sys [?]
.
.
------- Supplementary Scan -------
.
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: {479B98CF-D2BB-4570-8FF9-761A80B3913E} = 165.21.100.88 165.21.83.88
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://www.eset.com.sg/softdown/files/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 12:04:04
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\System32\ODBC32.dll
c:\windows\System32\msctfime.ime
c:\program files\SpywareDetector\SDNotify.dll

- - - - - - - > 'lsass.exe'(632)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-03-17 12:04:50
ComboFix-quarantined-files.txt 2009-03-17 04:04:49

Pre-Run: 69,436,956,672 bytes free
Post-Run: 69,641,543,680 bytes free

winxpsp1_en_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

147

#19 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 18 March 2009 - 09:44 PM

hello
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\spoolsv.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Repeat it for this file

c:\windows\explorer.exe
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#20 lapppy

lapppy

    Member

  • Members
  • PipPip
  • 15 posts

Posted 19 March 2009 - 12:21 PM

hi here the report.

VirSCAN.org Scanned Report :
Scanned time : 2009/03/19 19:17:34 (SGT)
Scanner results: 89% Scanner(33/37) found malware!
File Name : spoolsv.exe
File Size : 58368 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 79afca5caece28db9c1fef5769e46f73
SHA1 : 8c13200b9d5fdde7b84d58e85afeda7c06c657c3
Online report : http://virscan.org/r...de34c8d3c8.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090318163345 2009-03-18 2.48 Virus.Win32.Virut.av!IK
AhnLab V3 2009.03.19.03 2009.03.19 2009-03-19 1.08 Win32/Virut.B
AntiVir 7.9.0.120 7.1.2.190 2009-03-19 1.97 W32/Virut.AX
Antiy 2.0.18 20090319.2221056 2009-03-19 0.12 -
Authentium 5.1.1 200903182337 2009-03-18 1.10 W32/Virut.7116 (Possible)
AVAST! 3.0.1 090318-0 2009-03-18 0.88 Win32:Virtob
AVG 7.5.52.442 270.11.15/2004 2009-03-16 2.37 -
BitDefender 7.81008.2799669 7.24289 2009-03-19 2.60 Win32.Virtob.8.Gen
CA (VET) 9.0.0.143 31.6.6405 2009-03-19 6.66 Win32/Virut.7115 virus.
ClamAV 0.94.2 9135 2009-03-19 0.02 W32.Virut-17
Comodo 3.8 1066 2009-03-18 0.75 -
CP Secure 1.1.0.715 2009.03.19 2009-03-19 7.43 W32.Virut.av
Dr.Web 4.44.0.9170 2009.03.19 2009-03-19 4.27 Win32.Virut.30
F-Prot 4.4.4.56 20090318 2009-03-18 1.09 W32/Virut.7116
F-Secure 5.51.6100 2009.03.19.07 2009-03-19 4.91 Virus.Win32.Virut.av [AVP]
Fortinet 2.81-3.117 10.175 2009-03-18 0.18 W32/Virut.AV
GData 19.4070/19.267 20090319 2009-03-19 3.70 Virus.Win32.Virut.av [Engine:A]
ViRobot 20090318 2009.03.18 2009-03-18 0.41 Win32.Virut.S
Ikarus T3.1.01.48 2009.03.19.72447 2009-03-19 3.90 Virus.Win32.Virut.av
JiangMin 11.0.706 2009.03.19 2009-03-19 1.74 Win32/Virut.af
Kaspersky 5.5.10 2009.03.19 2009-03-19 0.04 Virus.Win32.Virut.av
KingSoft 2009.2.5.15 2009.3.19.14 2009-03-19 0.60 Win32.Virut.ar.40960
McAfee 5.3.00 5557 2009-03-18 2.67 W32/Virut.gen.a
Microsoft 1.4502 2009.03.19 2009-03-19 4.88 Virus:Win32/Virut.AC
mks_vir 2.01 2009.03.19 2009-03-19 2.79 -
Norman 6.00.06 6.00.00 2009-03-18 8.01 W32/Virut.AG
Panda 9.05.01 2009.03.19 2009-03-19 1.63 W32/Virutas.FG
Trend Micro 8.700-1004 5.904.04 2009-03-18 0.02 PE_VIRUT.AV
Quick Heal 10.00 2009.03.19 2009-03-19 0.95 W32.Virut.Z
Rising 20.0 21.21.32.00 2009-03-19 0.94 Win32.Virut.an
Sophos 2.84.1 4.39 2009-03-19 2.11 W32/Virut-W
Sunbelt 5049 5049 2009-03-18 0.90 Win32.Virut.av (v)
Symantec 1.3.0.24 20090318.006 2009-03-18 0.17 W32.Virut.W
nProtect 20090319.01 3349088 2009-03-19 4.49 Virus/W32.Virut.K
The Hacker 6.3.2.7 v00285 2009-03-19 0.64 W32/Virut.av
VBA32 3.12.10.1 20090318.1617 2009-03-18 1.62 Virus.Win32.Virut.2
VirusBuster 4.5.11.10 10.102.14/982681 2009-03-18 1.23 Win32.Virut.Gen.4




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users