ComboFix 09-09-25.01 - yuko 26/09/2009 23:48.1.2 - NTFSx86
Microsoft
Windows Vista
Home Premium 6.0.6001.1.1252.61.1033.18.2045.1065 [GMT 10:00]
Running from: c:\users\yuko\Videos\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2108574972-2298720655-3298363157-500
c:\$recycle.bin\S-1-5-21-3445812990-2868984237-3161298010-500
c:\windows\100955ot-a-viruz58.exe
c:\windows\101365acktoo944z.ocx
c:\windows\10z5759t-a-virus4ad.exe
c:\windows\10z59spy4ca9.dll
c:\windows\11405worm459z.dll
c:\windows\11eeb5ckdozr699.bin
c:\windows\11z49troj2775.bin
c:\windows\12056spamboz259.bin
c:\windows\12e4spywzr95485.exe
c:\windows\12z5hacktool2989.cpl
c:\windows\130245roz397.bin
c:\windows\131adownl5adez9959.dll
c:\windows\13346n9t-a-vz5us2fb.ocx
c:\windows\13595wzr5493.exe
c:\windows\13919z9y555.dll
c:\windows\141039pamboz255.cpl
c:\windows\14205z5rus196.ocx
c:\windows\143dthi59215z.dll
c:\windows\1485thzef2069.dll
c:\windows\14d95ackzoor26519.cpl
c:\windows\15089rzj795.dll
c:\windows\1509z9py52f.ocx
c:\windows\15329virzs44.dll
c:\windows\15354hacktozl945.ocx
c:\windows\158519i5uz603.dll
c:\windows\159n9t-a-vir5z4df.cpl
c:\windows\15beaddware54z19.dll
c:\windows\16039hacz5ool5b2.ocx
c:\windows\16514not-a-vz9us43e.dll
c:\windows\16745worz95b.cpl
c:\windows\17057vi95s6zb.exe
c:\windows\1766threat53z99.exe
c:\windows\1775zno5-9-virus7bc.ocx
c:\windows\18183ha9ztool405.bin
c:\windows\183zroj5b9.ocx
c:\windows\18514szamb5t31f9.exe
c:\windows\1852zwor95d5.bin
c:\windows\18584notza-vir9s721.dll
c:\windows\18959zor5366.ocx
c:\windows\18993nzt-a-virus5f9.bin
c:\windows\19130vz9us356.cpl
c:\windows\191559zambot6f3.dll
c:\windows\1938995oj46z.dll
c:\windows\19497trzj5d7.ocx
c:\windows\19508spzmbot6d4.bin
c:\windows\19515acktozl294.cpl
c:\windows\19599not-a-virus1z8.cpl
c:\windows\19650woz564.ocx
c:\windows\196dsparsz159.dll
c:\windows\197959zambot14b.ocx
c:\windows\19abt5iefz3.ocx
c:\windows\19f05ddzare1870.cpl
c:\windows\1a5abz5kdo9r107.dll
c:\windows\1ab75ownloaderz759.exe
c:\windows\1cc8th9eat5303z.exe
c:\windows\1ez059dware1897.cpl
c:\windows\1f59stealz15.cpl
c:\windows\1z005wo9m751.cpl
c:\windows\1z02795ambote6.exe
c:\windows\1z6dsteal10599.bin
c:\windows\1z995virus3b5.dll
c:\windows\1zc6dow5loader15049.dll
c:\windows\1ze859dware972.bin
c:\windows\20053s9z562.bin
c:\windows\20137zr9j55d5.cpl
c:\windows\20260woz97515.bin
c:\windows\203z9worm295.exe
c:\windows\20592trzj37a5.exe
c:\windows\205a5i9957z.ocx
c:\windows\20735v9ru5zfd.bin
c:\windows\216bzpar5e9589.cpl
c:\windows\219z2troj6e5.cpl
c:\windows\2206addware599z.dll
c:\windows\22490w95m4zc.dll
c:\windows\22609nzt-a-vi9u52cc.dll
c:\windows\22942spzmb9t559.dll
c:\windows\22962vir5z436.dll
c:\windows\22964t9oj2z5.dll
c:\windows\233e9pazse2580.dll
c:\windows\23695owzloader1750.ocx
c:\windows\238995pamzot168.dll
c:\windows\24128h5cktool5z9.bin
c:\windows\243z4w9r579a.exe
c:\windows\24e2t9ief58z.ocx
c:\windows\25029tzoj3a0.ocx
c:\windows\25054h9cktoolz59.ocx
c:\windows\25194hacktooz946.bin
c:\windows\2556addwz9e2350.cpl
c:\windows\2599vir655z.ocx
c:\windows\26492t5oj5z9.dll
c:\windows\26597not-5-viruz7cc.cpl
c:\windows\2670v9zu527e.bin
c:\windows\26z45worm259.bin
c:\windows\27292hacktool59z.bin
c:\windows\2759s5a9se9z7.cpl
c:\windows\27735trojz4f9.bin
c:\windows\27879not-a-5iru920bz.ocx
c:\windows\2795zhief682.dll
c:\windows\279zt5ief10199.dll
c:\windows\28274spam95t79z.cpl
c:\windows\28358not5a-vi9usz7.exe
c:\windows\28369notza-vi5us276.exe
c:\windows\28587ha9kzool5a.bin
c:\windows\285z2not-a-95rus429.exe
c:\windows\29090spam59tz8.exe
c:\windows\29408t5z9469.dll
c:\windows\2955zspy48.ocx
c:\windows\29595hacktooz59f.cpl
c:\windows\295adownloader2z41.cpl
c:\windows\295zs5y37.cpl
c:\windows\29645s9yz695.cpl
c:\windows\29649spz5b95.ocx
c:\windows\29808n5t-z-virus5f2.dll
c:\windows\29925spamzot68f.exe
c:\windows\2993zot-a-virus6595.dll
c:\windows\29f6t5iefz956.cpl
c:\windows\29z6v5r9085.exe
c:\windows\2a4zthreat59952.cpl
c:\windows\2b74v954z9.exe
c:\windows\2bd5t9ief1z18.cpl
c:\windows\2cfb5ir957z.ocx
c:\windows\2dc5bac9door2588z.dll
c:\windows\2f5ezackdoor9305.bin
c:\windows\2f97thzeat4352.ocx
c:\windows\2f9d5ackdoor1972z.bin
c:\windows\2fdfaddwarz5930.dll
c:\windows\2z289tr5j5e0.bin
c:\windows\2z58th9ef2837.ocx
c:\windows\2z594worm345.ocx
c:\windows\2z71sp596.bin
c:\windows\2z822v9rus51d.bin
c:\windows\2zccvi91775.bin
c:\windows\30295hac5too9bcz.exe
c:\windows\30d5zdd9are439.cpl
c:\windows\30eadzware1952.dll
c:\windows\3118zw95m55e.ocx
c:\windows\31593wo5m7zb.dll
c:\windows\3159z5ief53.exe
c:\windows\317z4sp5mbot3cd9.exe
c:\windows\31934z9rm25e.exe
c:\windows\319z1sp9255.ocx
c:\windows\32052tzoj6ff9.dll
c:\windows\32234not-a-vi95sz24.bin
c:\windows\32397zo9m657.exe
c:\windows\32986tro5240z.dll
c:\windows\3360zack59ol8d.ocx
c:\windows\352239py2az.exe
c:\windows\3535v9rus27bz.ocx
c:\windows\35495viruz110.cpl
c:\windows\3595spambotz9.dll
c:\windows\35d2zhrea99822.exe
c:\windows\36589ddwzre998.bin
c:\windows\379athief5z57.dll
c:\windows\392bdo5nl9aderz48.cpl
c:\windows\393estz9l17155.cpl
c:\windows\39a1spywa5z2165.dll
c:\windows\3a0cback9oo52z08.cpl
c:\windows\3a5zspywa952451.cpl
c:\windows\3bczaddware5659.ocx
c:\windows\3dfzthi952662.ocx
c:\windows\3f5abzckdoor975.exe
c:\windows\3f635azkdoor1579.exe
c:\windows\3z964tr5j5a29.bin
c:\windows\3zf8a59ware2805.cpl
c:\windows\4229addware170z5.bin
c:\windows\42cb9dzware359.exe
c:\windows\4359t9reat4z52.dll
c:\windows\4399wo5z797.exe
c:\windows\44435hre9t1z233.ocx
c:\windows\4453sp9mboz9e.bin
c:\windows\4475thr5at5z90.cpl
c:\windows\4595s5ezl1568.cpl
c:\windows\46425dd9are512z.dll
c:\windows\4653bzckdoor5596.exe
c:\windows\4778d5wnlozder1789.ocx
c:\windows\4877zt5a91630.bin
c:\windows\49159iz550.cpl
c:\windows\494bspywarz2045.exe
c:\windows\4a29z5yware182.dll
c:\windows\4ab0zpy5are3295.exe
c:\windows\4b31z5wnl9ader21.ocx
c:\windows\4c54sparz91273.cpl
c:\windows\4c91doznload5r1755.ocx
c:\windows\4d7dthi5fz5859.dll
c:\windows\4e9c5parze90.ocx
c:\windows\4z519teal1037.dll
c:\windows\4za3addw5re6809.bin
c:\windows\4zd5th9ef1331.exe
c:\windows\5000bazkdoor1980.dll
c:\windows\501zs95ware1965.bin
c:\windows\5095sparse198z.bin
c:\windows\50dbs59ware10z2.dll
c:\windows\5156s9ywaze1497.bin
c:\windows\516eszeal2629.exe
c:\windows\522cste5l9z96.ocx
c:\windows\52a7s5yw9rez060.exe
c:\windows\52dfspy5are966z.cpl
c:\windows\5379sparz52508.dll
c:\windows\53839troj52z9.ocx
c:\windows\5489zroj5c8.cpl
c:\windows\549zir10435.exe
c:\windows\54st9al1z64.ocx
c:\windows\5502ad9ware5z1.dll
c:\windows\550aspazse9749.bin
c:\windows\551csp9ware30z6.ocx
c:\windows\5545backdoor3z59.bin
c:\windows\5559spam5otz69.bin
c:\windows\555d5zywa9e6.exe
c:\windows\5568spambzt4349.exe
c:\windows\5585thief693z.dll
c:\windows\5593addwarez919.cpl
c:\windows\55bac9dzo5553.ocx
c:\windows\55bczddware7549.dll
c:\windows\55c8backzoor1819.bin
c:\windows\55cdbackdooz9223.cpl
c:\windows\55z7addw5re3209.dll
c:\windows\5623worm9z5.ocx
c:\windows\569c5pzrse2914.exe
c:\windows\575eaddwaze15439.ocx
c:\windows\57a5ste5z9946.exe
c:\windows\57z0thie92555.cpl
c:\windows\582dspy9are84z.dll
c:\windows\5884not-a-virus799z.ocx
c:\windows\590zt9reat653.ocx
c:\windows\59146t9zj11b.bin
c:\windows\59815parze9683.ocx
c:\windows\5983troz9d25.dll
c:\windows\5995spzware772.ocx
c:\windows\599bs5eal2z46.bin
c:\windows\59b9zddwa5e2994.bin
c:\windows\59desp5warz3022.exe
c:\windows\5a2zst59l1928.dll
c:\windows\5ad0thiez1999.ocx
c:\windows\5azaddw9re485.bin
c:\windows\5b59s9ywzre7.cpl
c:\windows\5b82s5y9are13z6.dll
c:\windows\5b9viz417.ocx
c:\windows\5bd9threzt39225.dll
c:\windows\5c0fth5eat71z9.ocx
c:\windows\5ce9steal458z.dll
c:\windows\5d6ba9kdoorz542.bin
c:\windows\5d9ddownzoade9265.dll
c:\windows\5d9estezl1575.bin
c:\windows\5e5db9ckdoor324z.dll
c:\windows\5f07zown9oader5716.cpl
c:\windows\5fafadd9zre10185.dll
c:\windows\5fz8steal3941.exe
c:\windows\5fzbvir2699.cpl
c:\windows\5z50addware1619.dll
c:\windows\5z5959dware1545.cpl
c:\windows\5z75v9r1377.ocx
c:\windows\5z85s9eal2990.cpl
c:\windows\5zb7t5ie9253.cpl
c:\windows\6018do5nloader91z5.bin
c:\windows\602ft9r5atz890.cpl
c:\windows\6122ha5kzool9a9.bin
c:\windows\61z2worm1659.dll
c:\windows\6250tzi9f2435.cpl
c:\windows\6251stea5z990.cpl
c:\windows\626zspywa5e1498.dll
c:\windows\62ba5hrezt79389.ocx
c:\windows\635fbackdzo91291.bin
c:\windows\65359rzj2fc.exe
c:\windows\6560thiez3197.dll
c:\windows\6565s5a9sez148.exe
c:\windows\6581a5dw9re2z29.dll
c:\windows\6599vir31z3.dll
c:\windows\65b3ad9wzre399.bin
c:\windows\65z69ddware2044.exe
c:\windows\661zsp9ware5369.cpl
c:\windows\6703hac5tool9b6z.bin
c:\windows\6719bzc5door1751.exe
c:\windows\671znot-a-9ir5s23f.bin
c:\windows\6833s5z9bb.bin
c:\windows\6859vir15z.exe
c:\windows\696ado9nloade532z1.dll
c:\windows\6a88z9wn5oader3139.dll
c:\windows\6a93d5wnloadez3025.dll
c:\windows\6az9thi5f920.ocx
c:\windows\6b5bviz1928.exe
c:\windows\6bfcth5eaz46389.ocx
c:\windows\6caaspywz5e2900.dll
c:\windows\6d95thre9tz441.dll
c:\windows\6daz5ack9oor1127.cpl
c:\windows\6f65do9nloaderz116.exe
c:\windows\6z51steal2391.dll
c:\windows\6z9bthreat55929.ocx
c:\windows\6z9fsteal2559.ocx
c:\windows\7090back5ooz2876.dll
c:\windows\709bs9arse3z85.exe
c:\windows\70a5b5c9door188z.exe
c:\windows\72z85ackdoor9813.exe
c:\windows\749szy85.bin
c:\windows\7550thi5fz599.cpl
c:\windows\756cspar9e1z73.exe
c:\windows\75c1thr9atz050.bin
c:\windows\75f0backdooz1952.exe
c:\windows\75f4zpa9se1524.bin
c:\windows\75z0v5r99.dll
c:\windows\76f9st5al14z4.exe
c:\windows\76fbaddz5re987.dll
c:\windows\77b95z91575.ocx
c:\windows\77faz95363.cpl
c:\windows\77z9thie52741.exe
c:\windows\7888tro53z9.dll
c:\windows\795bazkdoor2208.bin
c:\windows\7982sp5rse94z.ocx
c:\windows\7999tzi5f908.dll
c:\windows\7a7dbackdoo931z5.exe
c:\windows\7ba9bac5door2z19.dll
c:\windows\7cz85own9oader2430.ocx
c:\windows\7d12thizf9592.dll
c:\windows\7f63dowzloader19295.exe
c:\windows\7f975zarse1949.dll
c:\windows\7fc9backd5zr2314.ocx
c:\windows\7z51spy7e9.bin
c:\windows\8031zor96d5.bin
c:\windows\8079spambot5z8.bin
c:\windows\811spam9o553z.cpl
c:\windows\8199spamzotb5.cpl
c:\windows\8z15troj915.ocx
c:\windows\8z82not-a-95rus429.dll
c:\windows\900555orm183z.ocx
c:\windows\9043not-a-zi5us2969.cpl
c:\windows\90z88sp5mbot245.dll
c:\windows\912bthre5t4675z.ocx
c:\windows\91604tro575z.dll
c:\windows\9177ztroj515.ocx
c:\windows\9296h9ck5ool7z3.bin
c:\windows\93885hacktoolzf.cpl
c:\windows\93cvz5861.cpl
c:\windows\9416backdzor2405.dll
c:\windows\94175acktzol542.bin
c:\windows\9424t5zj78f.ocx
c:\windows\94c6downl5adzr1190.exe
c:\windows\9512zir3097.cpl
c:\windows\951fspyzare1945.dll
c:\windows\953cbackdoor27z5.dll
c:\windows\95759worme6z.bin
c:\windows\9595wzrm728.dll
c:\windows\959aszar5e3265.cpl
c:\windows\96175rzj7d39.dll
c:\windows\96455zroj49e.exe
c:\windows\99179spy573z.bin
c:\windows\9954nzt-a5virus38c.cpl
c:\windows\9971zteal25155.dll
c:\windows\9b7sparsz155.dll
c:\windows\9bfebazkdoo51365.dll
c:\windows\9d85addwarz2978.exe
c:\windows\9da7szywar5988.bin
c:\windows\9f59do5nloazer1988.bin
c:\windows\9f78adzware2056.bin
c:\windows\9fb9s5yware1368z.exe
c:\windows\9z832virusdb5.cpl
c:\windows\9z835or9b1.bin
c:\windows\a56th9ez568.bin
c:\windows\a59s5y9are875z.ocx
c:\windows\aa09z5al1947.ocx
c:\windows\b71tzi9f2572.exe
c:\windows\bc4spars97z25.cpl
c:\windows\c79thi5z2893.bin
c:\windows\c8cspa9sz3245.bin
c:\windows\d35th9ezt24844.dll
c:\windows\e5cba5kdooz9410.dll
c:\windows\f2f5ddwaze9769.ocx
c:\windows\Installer\20281.msi
c:\windows\system32\1063ztroj659.bin
c:\windows\system32\108z959oj54b.exe
c:\windows\system32\109789py415z.ocx
c:\windows\system32\109dztea52897.ocx
c:\windows\system32\10d6downloa9zr3052.cpl
c:\windows\system32\10z63not-a59irus47b.bin
c:\windows\system32\11367zpy935.cpl
c:\windows\system32\11415ziru96f3.ocx
c:\windows\system32\11719not-a-5irus3bz.ocx
c:\windows\system32\11739no5-a-vizus79c.dll
c:\windows\system32\11855spam9zt4f9.ocx
c:\windows\system32\11954virus9zf.ocx
c:\windows\system32\12225wor97e6z.dll
c:\windows\system32\1235szam9ot20f.dll
c:\windows\system32\129559ot-a-vizus28e.bin
c:\windows\system32\1317zot5a-viru9292.bin
c:\windows\system32\13643z95mbot2e8.dll
c:\windows\system32\1459spzrse937.bin
c:\windows\system32\1470zspa9bot651.bin
c:\windows\system32\14809pa5zot653.dll
c:\windows\system32\149eaddwa5e219z.exe
c:\windows\system32\14d9th9ef5z31.exe
c:\windows\system32\150199rz5355.exe
c:\windows\system32\1516vi59z7e9.exe
c:\windows\system32\15284not-95vizus6df.exe
c:\windows\system32\15489zr1156.bin
c:\windows\system32\15499zirus475.ocx
c:\windows\system32\156baddwa9e218z.ocx
c:\windows\system32\1572z5ambot499.cpl
c:\windows\system32\159ddoznloader1984.cpl
c:\windows\system32\15eaddwarez5069.exe
c:\windows\system32\15z09py5are2289.cpl
c:\windows\system32\16461zr5j159.cpl
c:\windows\system32\166z2viru569b.dll
c:\windows\system32\16775not-a-vi9us4za.ocx
c:\windows\system32\16797zackto5l111.cpl
c:\windows\system32\16acspywa9z2915.ocx
c:\windows\system32\17399zack5ool5c2.exe
c:\windows\system32\174zs9a5se2047.cpl
c:\windows\system32\17945zief593.dll
c:\windows\system32\17edbackd5zr395.cpl
c:\windows\system32\17z05h9cktool4465.bin
c:\windows\system32\18125not5a-viru94zc.cpl
c:\windows\system32\187819pambot7z15.dll
c:\windows\system32\1892ztroj645.bin
c:\windows\system32\18954tzoj375.bin
c:\windows\system32\19055spambot16z9.bin
c:\windows\system32\19364s5y52z.dll
c:\windows\system32\19455sp9mzot384.dll
c:\windows\system32\19548spz53f.cpl
c:\windows\system32\19689w5rz2f1.ocx
c:\windows\system32\1968zwo5m457.ocx
c:\windows\system32\1992zpy6195.dll
c:\windows\system32\19939t5oz6c7.exe
c:\windows\system32\199559pambot33z.ocx
c:\windows\system32\19997szam5ot923.dll
c:\windows\system32\19c8spywar5z59.dll
c:\windows\system32\19d3downloader59z3.exe
c:\windows\system32\1c48s9yware5z07.exe
c:\windows\system32\1c5dow9loader2152z.exe
c:\windows\system32\1cz85ackdoor1039.exe
c:\windows\system32\1fathz9f1155.dll
c:\windows\system32\1z013w9rm725.bin
c:\windows\system32\1z419w5r94da.cpl
c:\windows\system32\1z9785orm7d9.dll
c:\windows\system32\1zf29t5al78.dll
c:\windows\system32\202455irzs977.bin
c:\windows\system32\2053n9z-a-viruscc5.bin
c:\windows\system32\2066495rm6e4z.bin
c:\windows\system32\215195ormz31.bin
c:\windows\system32\21857vi9us5z7.cpl
c:\windows\system32\21950spy9f2z.ocx
c:\windows\system32\22396virus51z.ocx
c:\windows\system32\22914t5oj419z.ocx
c:\windows\system32\23929szy7195.exe
c:\windows\system32\2399z5cktool90.dll
c:\windows\system32\239fad5ware1z67.cpl
c:\windows\system32\24599wozm575.exe
c:\windows\system32\24azs95ware1684.exe
c:\windows\system32\24e9s95wzre963.cpl
c:\windows\system32\2501backdo9r243z5.bin
c:\windows\system32\2507zt9oj4365.dll
c:\windows\system32\25335z9y4f8.bin
c:\windows\system32\25453zroj691.exe
c:\windows\system32\25523wor9250z.ocx
c:\windows\system32\25556spazbo9593.dll
c:\windows\system32\25564zo9m1e1.bin
c:\windows\system32\258fste9l3122z.dll
c:\windows\system32\259thrzat24947.ocx
c:\windows\system32\25b9threzt23935.ocx
c:\windows\system32\25c7sp9zare2979.ocx
c:\windows\system32\25z6s9eal827.exe
c:\windows\system32\260599pyz76.bin
c:\windows\system32\26197sp935z.ocx
c:\windows\system32\263099acktozl2615.exe
c:\windows\system32\26851not-a-vir5s795z.ocx
c:\windows\system32\27298spa5botz3d.ocx
c:\windows\system32\272zsp95are555.dll
c:\windows\system32\27379hack5oolza9.ocx
c:\windows\system32\27868wozm5a9.dll
c:\windows\system32\27994worz959.bin
c:\windows\system32\27z5t9reat9196.dll
c:\windows\system32\2833addw9rez075.bin
c:\windows\system32\2855backdo9rz731.ocx
c:\windows\system32\28852spamzot7f59.dll
c:\windows\system32\289zhief5999.bin
c:\windows\system32\291fspyza5e350.dll
c:\windows\system32\29294hack9ooz4385.ocx
c:\windows\system32\29295spambotz5d.ocx
c:\windows\system32\292z9hreat305145.cpl
c:\windows\system32\297955irus5d4z.dll
c:\windows\system32\29916sp9m5oz4f5.bin
c:\windows\system32\29925wo5m120z.ocx
c:\windows\system32\29990z9rus5d5.bin
c:\windows\system32\29a6downlozde52293.exe
c:\windows\system32\29a9s95az1197.cpl
c:\windows\system32\2db05hrz9t14919.dll
c:\windows\system32\2df5thi59z69.cpl
c:\windows\system32\2ee2backdzor29915.ocx
c:\windows\system32\2f03tzie95759.dll
c:\windows\system32\2z13spars59052.ocx
c:\windows\system32\2z161sp9m5ot38c.cpl
c:\windows\system32\2z284s5y944.cpl
c:\windows\system32\2z501spy798.dll
c:\windows\system32\2z50st9al782.ocx
c:\windows\system32\3015spambzt5905.bin
c:\windows\system32\30599spzmbot739.cpl
c:\windows\system32\309125irus3zf9.exe
c:\windows\system32\30955d9ware2z08.dll
c:\windows\system32\31053troj589z.dll
c:\windows\system32\312z5s59mbot7b8.exe
c:\windows\system32\31534spz569.cpl
c:\windows\system32\324359zoj572.ocx
c:\windows\system32\3254spa9zo52a9.dll
c:\windows\system32\3254threatz089.ocx
c:\windows\system32\325zthr9at24659.bin
c:\windows\system32\3297z9t-a-vir5s740.dll
c:\windows\system32\329aspywzre14745.exe
c:\windows\system32\32z25sp93ff.cpl
c:\windows\system32\3365downloader1159z.ocx
c:\windows\system32\3461no9za-viru54f1.ocx
c:\windows\system32\3515backzoo992.exe
c:\windows\system32\352779rzj13f.cpl
c:\windows\system32\3555sp9warz997.bin
c:\windows\system32\35929wozm5c8.cpl
c:\windows\system32\3598thief255z.bin
c:\windows\system32\375ath9ezt17128.bin
c:\windows\system32\3846hacktool5z59.cpl
c:\windows\system32\3904v5r16z5.exe
c:\windows\system32\395dthizf5.exe
c:\windows\system32\399zstea91651.bin
c:\windows\system32\3ab6bac5doz93035.ocx
c:\windows\system32\3adcth9eat5185z.exe
c:\windows\system32\3b0athiefz9545.bin
c:\windows\system32\3b73zparse30975.cpl
c:\windows\system32\3bb9zir5025.cpl
c:\windows\system32\3c0eb9zkdoor3573.ocx
c:\windows\system32\3c35t9zef2496.ocx
c:\windows\system32\3c67down95adzr766.cpl
c:\windows\system32\3e2c9p5rze632.bin
c:\windows\system32\3f2d9i5z631.bin
c:\windows\system32\3f51threaz11956.cpl
c:\windows\system32\3z15st9al944.ocx
c:\windows\system32\3z342t9oj54.exe
c:\windows\system32\3z735n9t-a-virus4e6.ocx
c:\windows\system32\4012zorm95.ocx
c:\windows\system32\40659ackt5ol69fz.cpl
c:\windows\system32\419dthze5915.ocx
c:\windows\system32\41f6addzar59004.ocx
c:\windows\system32\43985r9ze.bin
c:\windows\system32\4478not-a-5iruszfb9.ocx
c:\windows\system32\449aspazse20115.exe
c:\windows\system32\4505hreat17z319.bin
c:\windows\system32\450a5o9nlzader2468.dll
c:\windows\system32\4595s9eal1153z.ocx
c:\windows\system32\459ethief289z.dll
c:\windows\system32\45bf59r256z.bin
c:\windows\system32\45z0t9oj15a5.ocx
c:\windows\system32\45z69dd5are2627.ocx
c:\windows\system32\45zbs9arse1117.exe
c:\windows\system32\4925doznloader9821.dll
c:\windows\system32\4974ha95tooz5a2.bin
c:\windows\system32\499espa5se1z20.dll
c:\windows\system32\49e8downloader529z.ocx
c:\windows\system32\49z8steal455.ocx
c:\windows\system32\4aeddownlo5der1901z.bin
c:\windows\system32\4b09ztea53993.bin
c:\windows\system32\4c26do5zlo9der1785.dll
c:\windows\system32\4c5tzief5069.cpl
c:\windows\system32\4d76backdoo9265z.ocx
c:\windows\system32\4e4csparz56269.dll
c:\windows\system32\4f18st5zl9762.cpl
c:\windows\system32\4f99tzief23845.bin
c:\windows\system32\4faz5ir29849.dll
c:\windows\system32\5052spyzare1695.ocx
c:\windows\system32\50d8thre9tz3338.dll
c:\windows\system32\5142t5oj19z.exe
c:\windows\system32\51565vi9uz664.cpl
c:\windows\system32\5179s9ambzt2d0.ocx
c:\windows\system32\51z85worm459.dll
c:\windows\system32\521679ot-a-vizus29a.dll
c:\windows\system32\52396spy4za.bin
c:\windows\system32\52z55ir595.dll
c:\windows\system32\535fd9wnloader1z935.ocx
c:\windows\system32\54d9pywaze2652.bin
c:\windows\system32\55564troj469z.exe
c:\windows\system32\555zt9reat13567.bin
c:\windows\system32\5561do9nloader787z.ocx
c:\windows\system32\56571zro9544.exe
c:\windows\system32\56a15ddware2979z.cpl
c:\windows\system32\56f0downloadzr519.exe
c:\windows\system32\56z6thie92015.cpl
c:\windows\system32\56z7v5r2986.ocx
c:\windows\system32\5754zparse579.cpl
c:\windows\system32\57969spambot4b7z.dll
c:\windows\system32\5895worm59fz.exe
c:\windows\system32\5905thzef20249.bin
c:\windows\system32\593spy57z.exe
c:\windows\system32\5954stea91479z.ocx
c:\windows\system32\5968d9wnloadez314.ocx
c:\windows\system32\59cth9eat1020z.cpl
c:\windows\system32\59z2w59m501.exe
c:\windows\system32\59z9d5wnloader2580.exe
c:\windows\system32\59zbackdoor2510.cpl
c:\windows\system32\5a9cspywar5524z.cpl
c:\windows\system32\5a9zaddw9re5773.cpl
c:\windows\system32\5bz7th9eat29431.dll
c:\windows\system32\5c50th9ez1594.bin
c:\windows\system32\5c5eback9zor3215.bin
c:\windows\system32\5c68thief19z95.exe
c:\windows\system32\5c97thief2953z.exe
c:\windows\system32\5c9ethiez1015.exe
c:\windows\system32\5cb6a9dware83z.cpl
c:\windows\system32\5d5395wnloaderz5.ocx
c:\windows\system32\5ef3thr9at590z3.ocx
c:\windows\system32\5f809p5rse1051z.cpl
c:\windows\system32\5fd7th9eat4z9.bin
c:\windows\system32\5z799spy4d0.cpl
c:\windows\system32\5z873viru921f.exe
c:\windows\system32\5za59ownloader3173.dll
c:\windows\system32\6093tr5j7zd.bin
c:\windows\system32\609asparz91652.exe
c:\windows\system32\6135ztea91083.dll
c:\windows\system32\6475wormz9f.bin
c:\windows\system32\64835pyware869z.cpl
c:\windows\system32\64adownloade9z588.bin
c:\windows\system32\64f5spzr9e2648.exe
c:\windows\system32\65b1add9aze1155.bin
c:\windows\system32\660zsp9ware2255.exe
c:\windows\system32\661zs9y151.exe
c:\windows\system32\66e4zhi9f950.ocx
c:\windows\system32\67z19hreat35764.dll
c:\windows\system32\685ztroj5995.ocx
c:\windows\system32\686as5eal9z79.cpl
c:\windows\system32\68zthi5f794.exe
c:\windows\system32\6965zroj759.ocx
c:\windows\system32\6990zir5841.ocx
c:\windows\system32\69zaback5oor19349.dll
c:\windows\system32\69zbspyware2657.cpl
c:\windows\system32\6a35v9r6z5.ocx
c:\windows\system32\6c98z5arse1476.ocx
c:\windows\system32\6dbbaczdoo91975.bin
c:\windows\system32\6effspazs59090.cpl
c:\windows\system32\6f6bback95or2z.ocx
c:\windows\system32\6z5s9y535.cpl
c:\windows\system32\7010spazb5t5049.dll
c:\windows\system32\7043zo9nloader1500.ocx
c:\windows\system32\7052v9r23z5.dll
c:\windows\system32\7081not-z-5i9us5fc.exe
c:\windows\system32\7414zac59oor1606.ocx
c:\windows\system32\750zthrea926762.cpl
c:\windows\system32\75769iz1039.dll
c:\windows\system32\75c1thzef1393.cpl
c:\windows\system32\761znot-9-virus357.exe
c:\windows\system32\7698tzo5922.bin
c:\windows\system32\77975hreat156z2.dll
c:\windows\system32\77a0s5ywaz92756.ocx
c:\windows\system32\7966spar5e595z.ocx
c:\windows\system32\7982hack5o9l6z5.dll
c:\windows\system32\7b9cth9efz857.exe
c:\windows\system32\7cb9vir1z985.bin
c:\windows\system32\7d0eback9zo572.dll
c:\windows\system32\7d99thzeat21554.bin
c:\windows\system32\7e5fsteal2519z.bin
c:\windows\system32\7f36b5zkdoo92753.cpl
c:\windows\system32\7z5bspywar9843.cpl
c:\windows\system32\7zffvi525259.exe
c:\windows\system32\8099hacztool5e25.exe
c:\windows\system32\85z5viru9789.ocx
c:\windows\system32\872sp5wzre3619.cpl
c:\windows\system32\8983n5tz9-virus72f.ocx
c:\windows\system32\8a4spazs598.exe
c:\windows\system32\8cfdownloadzr5949.dll
c:\windows\system32\90164not-z-virus5be.ocx
c:\windows\system32\90485not-z-vi5us70b.bin
c:\windows\system32\915e5ddware2583z.exe
c:\windows\system32\916eadd5aze391.exe
c:\windows\system32\9170virus4az5.dll
c:\windows\system32\91c7spzrse509.ocx
c:\windows\system32\9380thie52z00.dll
c:\windows\system32\94673virusz58.dll
c:\windows\system32\94959troz265.ocx
c:\windows\system32\94aszywa5e9659.cpl
c:\windows\system32\95518zacktool178.bin
c:\windows\system32\957virz6559.exe
c:\windows\system32\95935hackzool470.cpl
c:\windows\system32\9596addware27z6.exe
c:\windows\system32\95fdvirz681.dll
c:\windows\system32\96dbzir16385.exe
c:\windows\system32\97591spamzot50b.exe
c:\windows\system32\9866virz506.cpl
c:\windows\system32\990zhac5too959b.dll
c:\windows\system32\9959zpy3555.dll
c:\windows\system32\995ztroj6d3.bin
c:\windows\system32\9ac5azdware3130.exe
c:\windows\system32\9b60d5wnloaderz93.dll
c:\windows\system32\9d9bac5zoor1190.dll
c:\windows\system32\9e4ast5az470.cpl
c:\windows\system32\9f83sp5rze1294.ocx
c:\windows\system32\9fezthreat25964.dll
c:\windows\system32\9z210spy6f35.ocx
c:\windows\system32\9z49hac5tool5f.cpl
c:\windows\system32\9z559worm52e.cpl
c:\windows\system32\a83a9dwaze30935.cpl
c:\windows\system32\af19hi5fz6.cpl
c:\windows\system32\az5t9rea528538.exe
c:\windows\system32\b54doznloade91418.cpl
c:\windows\system32\d5zsteal2439.cpl
c:\windows\system32\db5spywzre3983.ocx
c:\windows\system32\ecbzddw9re559.cpl
c:\windows\system32\fa4t5z9f995.bin
c:\windows\system32\z03055ac9tool1d0.ocx
c:\windows\system32\z059vir9s65b.ocx
c:\windows\system32\z0993w5rm442.cpl
c:\windows\system32\z0e9steal854.ocx
c:\windows\system32\z115vir794.cpl
c:\windows\system32\z1509pambot126.bin
c:\windows\system32\z178addwa5e1970.cpl
c:\windows\system32\z1839tro578f.cpl
c:\windows\system32\z2530no5-a-v9rus609.dll
c:\windows\system32\z3541spambot789.ocx
c:\windows\system32\z4017hackto5968c.ocx
c:\windows\system32\z5084n5t-a-v9rus37d.dll
c:\windows\system32\z528not-a9virus269.exe
c:\windows\system32\z5553virus9c.cpl
c:\windows\system32\z695acktoole5.dll
c:\windows\system32\z76eadd9a5e1134.ocx
c:\windows\system32\z7ac9hief10745.dll
c:\windows\system32\z93fd9wnloader5097.ocx
c:\windows\system32\z95069orm730.cpl
c:\windows\system32\z966tr5j4b2.dll
c:\windows\system32\z988stea52083.dll
c:\windows\system32\zc7edown9oade52649.dll
c:\windows\system32\zf0spars95240.exe
c:\windows\system32\zf5bste9l1293.bin
c:\windows\z0745i9us161.exe
c:\windows\z0ab9te5l3072.cpl
c:\windows\z1564tr5j499.bin
c:\windows\z2003hac9tool152.bin
c:\windows\z289troj1935.bin
c:\windows\z3196spam95t478.bin
c:\windows\z355thief69.cpl
c:\windows\z44955py7cf.cpl
c:\windows\z47bt5ie92357.cpl
c:\windows\z5099s9ambot4a3.bin
c:\windows\z55as9arse885.ocx
c:\windows\z579vir77.dll
c:\windows\z593backdoor182.cpl
c:\windows\z595spyware20599.cpl
c:\windows\z601v95us16d.exe
c:\windows\z6b5spa9se5207.ocx
c:\windows\z70spy5are32159.cpl
c:\windows\z755s9y78e.ocx
c:\windows\z772hack5ool43d9.dll
c:\windows\z94ethre5t869.ocx
c:\windows\z972s5y199.bin
c:\windows\z9ebth9ef5188.ocx
c:\windows\za46t9rea59314.exe
c:\windows\za50sp9ware1515.ocx
c:\windows\za52bac9door804.ocx
c:\windows\za93vir13865.cpl
c:\windows\zcd9steal1568.ocx
c:\windows\ze1bspywa95444.cpl
c:\windows\zfbbst9al951.bin
.
((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.
2009-09-26 14:07 . 2009-09-26 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-25 13:06 . 2009-09-10 04:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 13:06 . 2009-09-25 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 13:06 . 2009-09-10 04:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 11:04 . 2009-09-25 11:04 -------- d-----w- c:\program files\Trend Micro
2009-09-25 05:09 . 2009-09-25 05:09 -------- d-----w- c:\users\yuko\AppData\Roaming\Malwarebytes
2009-09-25 05:08 . 2009-09-25 05:08 -------- d-----w- c:\progra~2\Malwarebytes
2009-09-25 04:50 . 2009-09-25 04:51 -------- d-----w- c:\users\yuko\AppData\Roaming\GetRightToGo
2009-09-24 23:17 . 2009-09-24 23:17 552 ----a-w- c:\users\yuko\AppData\Local\d3d8caps.dat
2009-09-08 11:47 . 2009-09-08 11:47 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-07 05:31 . 2008-12-17 09:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-07 05:31 . 2008-12-11 03:26 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 11:48 . 2008-11-20 15:12 -------- d-----w- c:\program files\DivX
2009-09-06 14:32 . 2008-05-21 19:18 -------- d-----w- c:\program files\Java
2009-08-21 05:53 . 2009-02-07 04:53 -------- d-----w- c:\users\yuko\AppData\Roaming\Apple Computer
2009-08-21 05:48 . 2009-08-21 05:48 -------- d-----w- c:\program files\Safari
2009-08-21 05:44 . 2009-08-21 05:43 -------- d-----w- c:\program files\iTunes
2009-08-21 05:44 . 2009-08-21 05:43 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-21 05:43 . 2009-08-21 05:43 -------- d-----w- c:\program files\iPod
2009-08-21 05:43 . 2008-11-06 09:27 -------- d-----w- c:\program files\Common Files\Apple
2009-08-21 05:38 . 2008-11-06 09:26 -------- d-----w- c:\progra~2\Apple
2009-08-21 05:32 . 2009-08-21 05:32 -------- d-----w- c:\program files\Bonjour
2009-08-08 05:40 . 2009-01-14 09:04 680 ----a-w- c:\users\yuko\AppData\Local\d3d9caps.dat
2009-07-24 19:23 . 2008-12-15 10:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 02:16 . 2009-07-09 02:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 02:16 . 2009-07-09 02:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe" [2009-02-13 162744]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-03-07 3558136]
"Google Update"="c:\users\yuko\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-20 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP reƖ Assistant\HPWAMain.exe" [2007-11-20 488752]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"WMAAD"="c:\program files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-08 110592]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-01-23 423200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\downloads\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-20 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E989D08D-63DF-446B-A0C1-18D07C741591}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1400A56D-A8C3-4183-8CB8-47024AE509A5}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{444D51B1-4D0D-4896-89EE-F2A6A0902ACD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A308AF96-6AB4-4C71-BEFD-333549BB032E}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{312A614E-66C3-49D1-9D0A-BB2BEABF6602}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{4FB1212B-00CE-41C4-B1FB-B59D5BF21242}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{A3683CA3-2455-435A-8B56-29261D8CEF31}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{81D89D6E-83B1-47A9-A078-664061E53FD3}"= UDP:c:\users\yuko\Downloads\BitComet\BitComet.exe:BitComet.exe
"{B90994FF-B57D-4716-B322-062C22D7CAED}"= TCP:c:\users\yuko\Downloads\BitComet\BitComet.exe:BitComet.exe
"{0C4A797D-9C81-4FEB-A5AC-62DD2C9C3648}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{63440E81-B593-441E-B9BC-D29D1D9A1F38}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6C9D8E19-D991-406C-B00F-847C2141B9E2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{83E06369-3FE5-41A9-B0DD-055DF13E56EA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3D0786CE-B21A-419F-9F8A-8A2999A77947}"= UDP:18521:BitComet 18521 TCP
"{9223258C-E275-4E2A-88F4-4FED11CB1EC0}"= TCP:18521:BitComet 18521 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [16/08/2008 11:15 PM 15416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090910.001\IDSvix86.sys [11/09/2009 12:17 PM 272432]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe [16/08/2008 11:11 PM 73728]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 4:50 PM 30312]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [25/02/2009 11:31 PM 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 5:08 PM 533360]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19/03/2008 9:24 AM 19456]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [19/02/2008 5:37 AM 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [22/05/2008 5:13 AM 341328]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [13/01/2008 12:32 PM 23888]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [22/05/2008 3:28 AM 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 7:23 AM 52736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 11:58 PM 102448]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [1/04/2008 9:14 PM 81296]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 1:31 PM 41008]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [16/11/2008 2:59 PM 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [16/11/2008 2:59 PM 67760]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [18/12/2008 3:25 AM 29181272]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3445812990-2868984237-3161298010-1003Core.job
- c:\users\yuko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-20 05:17]
2009-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3445812990-2868984237-3161298010-1003UA.job
- c:\users\yuko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-20 05:17]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://ninemsn.com.au/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnbuInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-AU\local\search.html
IE: &D&ownload &with BitComet - c:\users\yuko\Downloads\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\users\yuko\Downloads\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\users\yuko\Downloads\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-27 00:08
Windows 6.0.6001 Service Pack 1 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-09-26 0:10
ComboFix-quarantined-files.txt 2009-09-26 14:10
Pre-Run: 138,152,755,200 bytes free
Post-Run: 138,112,548,864 bytes free
932 --- E O F --- 2009-03-12 02:57