lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Problems Getting Rid of Security Veteran - "Trojan-Downloaded.Ruins" Still Exist

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 30th Sep 2009, 14:00
Member Group
  
Today, I downloaded Security Veteran by accident. This happened when I was watching free episodes of South Park at allsp.com - a window came up saying I had over 20 viruses and I could download Security Veteran to get rid of them. Thinking my anti-virus program (Systamec Endpoint) had conflicted with Windows Defender and turned itself off I installed SV; it then claimed that I had 782 viruses! Suffice to say, SV then started interfering with IE and my taskbar. Phoned up the IT Helpdesk (I'm at uni) and was then told that SV was in fact malware and I probably didn't have any viruses! Therefore, I googled SV and discovered it was bogus: one website recommended I ran Malwarebytes' Anti-Malware and Spyware Doctor. I ran the first program and it found some malware, which it then destroyed. I then ran Spyware Doctor which stated I still had malware installed, including "Trojan-Downloaded.Ruins" According to ThreatExpert it can ruin downloads, install itself in your taskbar and mess up your registry. The only problem was that I'd have to pay £30 if SD was gonna remove it! As a student on a limited budget, I wouldn't be willing to shell out £30 for something I probably would only use once.

In order to try and remove it, I read the sticky on the "viruses and malware" section of this forum and took the following measures:

-Deleted Java and installed the newest version
-Ran CCleaner
- Ran SUPERAntiSpyware - free edition - found a few threats (all tracking cookies) and removed them
-Ran Malwarebytes' Anti-Malware - didn't find any problems

I even ran McAfee's security scan (alreadly installed on my laptop) and that didn't find any problems

So, I then ran Spyware Doctor and guess what! "Trojan-Downloader.Ruins" is still there!!

Is there any way of getting rid of that trojan for free? In fact, should I wait until next tuesday when the uni's IT helpdesk will be running a laptop clinic where I could get any spyware removed? After all, my laptop seems to be running normally.
  #2  
Old 30th Sep 2009, 15:12
Moderator Group
  
Quote:
Originally Posted by tom91 View Post

Is there any way of getting rid of that trojan for free?
Yes. But you have to post alll of the logs I ask for until given the all clear.

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
__________________
  #3  
Old 30th Sep 2009, 16:29
Member Group
  
Update: I've done more research on SV and turns out it's very dangerous. So I've paid £30 to register my copy of Spyware Doctor and it's now removed any traces. Phew...
  #4  
Old 30th Sep 2009, 16:44
Moderator Group
  
We could have done it for free here.

There might still be traces or even more of the malware left. Trojan-Downloader.Ruins also installs a rootkit so it's best to check that it was properly removed. If you will post the logs I ask for we can make sure all of the malware is completely gone, not just the symptoms.

Spyware Doctor isn't bad but it isn't the best either.
__________________
  #5  
Old 4th Oct 2009, 06:54
Member Group
  
Thanks for your help, but how do I obtain these "logs". SpywareDoctor doesn't seem to have this feature.

And originally I was going to try and remove it manually, but I didn't want to mess up my laptop!
  #6  
Old 4th Oct 2009, 09:51
Moderator Group
  
From the second post.

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
__________________
  #7  
Old 15th Oct 2009, 12:08
Member Group
  
Ok, well I thought Secure Veteran had gone for good, but I'm running SUPERAntiSpyware & it claims I still have 9 items of Secure Veteran left! Also, as I've paid for a couple of items using my debit card (on Amazon and a railway company's website), should I cancel my debit card in case SecureVeteran has stolen my credit card details?

Anyway, here are the two logs you requested. Sorry for not posting them earlier:

DDS

DDS (Ver_09-09-29.01) - NTFSx86
Run by Thomas at 20:00:14.42 on 15/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.82 [GMT 1:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\NILaunch.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Thomas\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\s wg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IW_Drop_Icon] c:\program files\pinnacle\instantcddvd\instantwrite\iwctrl.ex e /DropDisc
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Net-It Launcher] c:\windows\system32\NILaunch.exe
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mca fee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mic ros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: QuickDefine - c:\program files\common files\microsoft shared\reference titles\eddefine.htm
IE: QuickTranslate - c:\program files\common files\microsoft shared\reference titles\edtrans.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240836473796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thomas\applic~1\mozilla\firefox\profil es\1f7j90nn.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-30 206256]
R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [2003-8-1 29239]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2009-9-27 58856]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2009-9-27 333928]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.s ys [2001-10-4 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2003-8-27 187392]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.s ys [2002-12-13 64000]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2006-1-11 191092]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd ~1\20091013.021\NAVENG.SYS [2009-10-14 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\viru sd~1\20091013.021\NAVEX15.SYS [2009-10-14 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [2009-7-22 23888]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStb y.sys [2006-1-11 6100]

=============== Created Last 30 ================

2009-10-15 16:56 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-10-15 16:56 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-15 16:54 <DIR> --d----- c:\program files\iPod
2009-10-15 16:53 <DIR> --d----- c:\program files\iTunes
2009-10-15 16:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-15 16:52 <DIR> --d----- c:\program files\Bonjour
2009-10-13 09:35 6,891 a------- c:\windows\system32\5edownz9ader102.dll
2009-10-12 06:01 7,503 a------- c:\windows\system32\331fth59at1109z.exe
2009-10-11 04:54 13,829 a------- c:\windows\system32\7944hack5ozl5f4.ocx
2009-10-10 10:22 8,281 a------- c:\windows\system32\5546vir595bz.ocx
2009-10-09 12:34 17,849 a------- c:\windows\system32\2z9ba9kdoo5589.bin
2009-10-07 05:59 7,477 a------- c:\windows\z4546w9rm885.bin
2009-10-06 22:54 3,999 a------- c:\windows\19c9addware5z09.ocx
2009-10-05 10:40 11,150 a------- c:\windows\9z5avir1392.bin
2009-10-05 08:59 9,362 a------- c:\windows\system32\18c2thz5at19699.bin
2009-10-04 14:09 <DIR> --d----- c:\docume~1\thomas\applic~1\Trusteer
2009-10-04 14:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trusteer
2009-10-04 14:09 <DIR> --d----- c:\program files\Trusteer
2009-10-03 01:54 11,940 a------- c:\windows\4317v9r5s49z.bin
2009-10-02 06:21 15,157 a------- c:\windows\29359spz716.cpl
2009-10-01 17:59 <DIR> --d----- c:\program files\common files\McAfee
2009-10-01 17:58 <DIR> --d----- c:\program files\McAfee
2009-10-01 11:18 16,832 a------- c:\windows\system32\amcompat.tlb
2009-10-01 11:18 23,392 a------- c:\windows\system32\nscompat.tlb
2009-10-01 10:56 221,184 a------- c:\windows\system32\wmpns.dll
2009-10-01 10:56 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-09-30 18:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-30 18:31 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-30 18:31 <DIR> --d----- c:\docume~1\thomas\applic~1\SUPERAntiSpyware.com
2009-09-30 18:31 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-30 18:16 <DIR> --d----- c:\program files\CCleaner
2009-09-30 18:08 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-30 18:08 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-30 13:47 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-30 13:46 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-30 13:46 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-30 13:46 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-30 13:46 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-30 13:46 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-30 13:46 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-30 13:46 <DIR> --d----- c:\docume~1\thomas\applic~1\PC Tools
2009-09-30 13:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-30 13:39 <DIR> --d----- c:\docume~1\thomas\applic~1\Malwarebytes
2009-09-30 13:39 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 13:39 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-30 13:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-30 13:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-29 08:25 215,920 a------- c:\windows\system32\muweb.dll
2009-09-29 08:25 274,288 a------- c:\windows\system32\mucltui.dll
2009-09-29 08:25 16,736 a------- c:\windows\system32\mucltui.dll.mui
2009-09-28 18:20 <DIR> --dsh--- c:\documents and settings\thomas\IECompatCache
2009-09-28 14:27 <DIR> --d----- c:\documents and settings\thomas\Tracing
2009-09-28 14:25 <DIR> --d----- c:\program files\Microsoft
2009-09-28 14:25 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-09-28 14:22 <DIR> --d----- c:\program files\common files\Windows Live
2009-09-28 11:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-09-28 11:06 <DIR> --d----- c:\program files\McAfee Security Scan
2009-09-28 02:27 <DIR> --dsh--- c:\documents and settings\thomas\PrivacIE
2009-09-28 02:24 <DIR> --dsh--- c:\documents and settings\thomas\IETldCache
2009-09-28 02:16 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-09-28 02:15 <DIR> --d----- c:\windows\ie8updates
2009-09-28 02:14 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-09-28 02:14 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-09-28 02:07 <DIR> -cd-h--- c:\windows\ie8
2009-09-28 01:42 <DIR> --d----- C:\Google
2009-09-27 21:39 <DIR> --d----- c:\windows\system32\scripting
2009-09-27 21:39 <DIR> --d----- c:\windows\l2schemas
2009-09-27 21:39 <DIR> --d----- c:\windows\system32\en
2009-09-27 21:39 <DIR> --d----- c:\windows\system32\bits
2009-09-27 21:29 <DIR> --d----- c:\windows\ServicePackFiles
2009-09-27 21:19 <DIR> --d----- c:\windows\network diagnostic
2009-09-27 21:04 <DIR> --d----- c:\windows\EHome
2009-09-27 20:47 25,471 -------- c:\windows\system32\drivers\watv10nt.sys
2009-09-27 20:47 22,271 -------- c:\windows\system32\drivers\watv06nt.sys
2009-09-27 20:47 11,935 -------- c:\windows\system32\drivers\wadv11nt.sys
2009-09-27 20:47 11,871 -------- c:\windows\system32\drivers\wadv09nt.sys
2009-09-27 20:47 11,807 -------- c:\windows\system32\drivers\wadv07nt.sys
2009-09-27 20:47 11,295 -------- c:\windows\system32\drivers\wadv08nt.sys
2009-09-27 20:46 129,535 -------- c:\windows\system32\drivers\slnt7554.sys
2009-09-27 20:46 166,912 -------- c:\windows\system32\drivers\s3gnbm.sys
2009-09-27 20:46 1,897,408 -------- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 20:46 452,736 -------- c:\windows\system32\drivers\mtxparhm.sys
2009-09-27 20:46 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-09-27 20:46 11,868 -------- c:\windows\system32\drivers\mdmxsdk.sys
2009-09-27 20:46 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-09-27 20:46 685,056 -------- c:\windows\system32\drivers\hsfcxts2.sys
2009-09-27 20:46 220,032 -------- c:\windows\system32\drivers\hsfbs2s2.sys
2009-09-27 20:46 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-09-27 19:34 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-27 19:34 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-09-27 19:33 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-09-27 19:00 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-27 19:00 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2009-09-27 19:00 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-27 19:00 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-27 18:59 726,528 ac------ c:\windows\system32\dllcache\jscript.dll
2009-09-27 18:55 <DIR> --d----- c:\program files\Symantec
2009-09-27 18:50 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-09-27 18:50 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-09-27 18:50 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-09-27 18:50 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-09-27 18:50 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-09-27 18:48 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-09-26 11:42 12,281 a------- c:\windows\system32\54110n9t-a-virus7e5z.ocx
2009-09-24 09:17 13,906 a------- c:\windows\7bz59ir9175.exe
2009-09-24 08:54 6,295 a------- c:\windows\46fzthreat9515.dll
2009-09-24 03:45 10,168 a------- c:\windows\system32\1e4zsparse5797.bin
2009-09-24 00:26 8,793 a------- c:\windows\system32\24957wormzbb.exe
2009-09-23 21:05 <DIR> --d----- C:\Train Store
2009-09-23 19:57 <DIR> --d----- c:\program files\J A Formoso
2009-09-22 04:41 15,990 a------- c:\windows\system32\8155wormz59.exe
2009-09-21 18:57 8,838 a------- c:\windows\12573tzo5599.exe
2009-09-20 11:00 7,700 a------- c:\windows\5965t9oj2z15.exe
2009-09-20 07:59 7,074 a------- c:\windows\system32\59edownloader95z.bin
2009-09-19 20:10 18,180 a------- c:\windows\ed5downloade960z.bin
2009-09-18 15:52 4,633 a------- c:\windows\system32\9a5fthrzat205005.bin
2009-09-17 10:40 7,923 a------- c:\windows\system32\6d96threat2457z.dll

==================== Find3M ====================

2009-09-27 21:47 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-12 06:00 15,456 a------- c:\windows\3de8thief5z599.dll
2009-09-11 02:45 10,188 a------- c:\windows\29980wozm59b5.dll
2009-09-10 06:34 9,031 a------- c:\windows\system32\445cvir9844z.bin
2009-09-09 22:18 16,699 a------- c:\windows\29142spz59c9.bin
2009-09-08 16:36 12,174 a------- c:\windows\2790downloader5957z.dll
2009-09-06 08:41 18,042 a------- c:\windows\197fdown5oader346z.exe
2009-09-05 22:53 10,084 a------- c:\windows\1535sza9se3137.dll
2009-09-05 01:28 4,786 a------- c:\windows\598bstzal1157.exe
2009-09-04 03:56 11,152 a------- c:\windows\system32\6192zroj359.dll
2009-09-02 14:25 11,150 a------- c:\windows\system32\64dthre5t66z49.exe
2009-09-02 04:31 8,093 a------- c:\windows\903b5hiez2204.exe
2009-09-01 23:31 17,439 a------- c:\windows\1365vzr9s6cd.exe
2009-09-01 14:33 15,758 a------- c:\windows\z5d15ownloader2909.bin
2009-08-27 17:03 9,811 a------- c:\windows\6958threa9z0335.exe
2009-08-25 22:35 9,674 a------- c:\windows\system32\5224virzs9ab.dll
2009-08-24 18:10 17,682 a------- c:\windows\581tzre9t25261.dll
2009-08-24 17:37 4,390 a------- c:\windows\system32\6904nzt-a-5ir9s82.exe
2009-08-22 23:51 10,934 a------- c:\windows\99600zot5a-virus5ae.bin
2009-08-21 14:16 5,290 a------- c:\windows\system32\44e8st5al299z.bin
2009-08-20 22:01 10,308 a------- c:\windows\281925ot-a-v9rus1z8.exe
2009-08-16 12:22 16,433 a------- c:\windows\system32\d9cadzwa9e520.exe
2009-08-12 13:15 17,018 a------- c:\windows\system32\9437download5r2408z.exe
2009-08-08 06:06 15,492 a------- c:\windows\system32\29zaspyware185.bin
2009-08-08 05:48 12,761 a------- c:\windows\system32\956ha5k9ozla6.dll
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 05:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 05:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-26 16:12 6,239 a------- c:\windows\system32\90651szam5ot723.exe
2009-07-26 06:42 11,778 a------- c:\windows\6d55sparze19805.bin
2009-07-25 00:43 5,199 a------- c:\windows\59500zorm5a9.dll
2009-07-23 03:22 15,918 a------- c:\windows\system32\35c4thre9t22z15.exe
2009-07-22 23:50 10,947 a------- c:\windows\system32\9c37backdzor2539.dll
2009-07-22 21:16 16,246 a------- c:\windows\3z550not-a-v59us112.bin
2009-07-22 16:40 625,032 a------- c:\windows\system32\SymNeti.dll
2009-07-22 16:40 242,056 a------- c:\windows\system32\SymRedir.dll
2009-07-22 16:40 107,848 a------- c:\windows\system32\SymVPN.dll
2009-07-22 16:40 89,088 a------- c:\windows\system32\atl71.dll
2009-07-22 16:40 49,480 a------- c:\windows\system32\FwsVpn.dll
2009-07-19 14:12 8,723 a------- c:\windows\z2432troj995.exe
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2006-04-03 21:24 11,817,800 a------- c:\program files\GoogleEarth.exe

============= FINISH: 20:01:35.37 ===============

Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 27/01/2006 15:48:43
System Uptime: 15/10/2009 19:20:53 (1 hours ago)

Motherboard: Uniwill | | 255KI / 259KI Series
Processor: Mobile AMD Sempron(tm) Processor 3100+ | CPU 1 | 1404/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 34.107 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 04/10/2009 13:46:00 - System Checkpoint
RP2: 04/10/2009 14:06:35 - Spyware Doctor: Cleaning Threats
RP3: 04/10/2009 14:09:05 - Installed Rapport
RP4: 06/10/2009 13:39:20 - Spyware Doctor: Cleaning Threats
RP5: 07/10/2009 16:37:43 - Installed Adobe Reader 9.1.
RP6: 07/10/2009 16:44:54 - Removed Acrobat.com
RP7: 09/10/2009 12:40:18 - System Checkpoint
RP8: 10/10/2009 17:27:01 - System Checkpoint
RP9: 11/10/2009 18:26:58 - System Checkpoint
RP10: 12/10/2009 09:11:29 - Spyware Doctor: Cleaning Threats
RP11: 13/10/2009 15:15:16 - System Checkpoint
RP12: 14/10/2009 15:42:12 - System Checkpoint
RP13: 15/10/2009 16:53:22 - Installed iTunes

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Athlon 64 Processor Driver
Belarc Advisor 7.2
Bonjour
Boots F2CD Picture Suite
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Clarkson Screen Saver
Creative Jukebox Driver
Creative Removable Disk Manager
Creative System Information
Creative Zen Micro
ELR Add-on pack
Encarta Research Organizer World English
Encyclopaedia Britannica Student Library CD
Google Desktop
Google Desktop Plugin - FishTank
Google Desktop Plugin - London Tube Status
Google Desktop Plugin - VerseOfTheDay
Google Desktop Plugin - Word-a-Day
Google Toolbar for Internet Explorer
Hornby Virtual Railway 2
Hornby Virtual Railway Expansion Pack 1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
InterVideo WinDVD 4
iTunes
Java(TM) 6 Update 16
KAZ (Keyboarding A-Z) Version 16
Kaz Guardian Angel 2.1
LiveUpdate 3.3 (Symantec Corporation)
Lotus SmartSuite Release 9.5
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
Max Media Creator
MaxDrive PS2
McAfee Security Scan
McAfee SiteAdvisor
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia 2000 World English
Microsoft Encarta World English Dictionary
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Natural Language Search
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Train Simulator
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.5.3)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My DSC
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Pinnacle InstantCD/DVD Suite
QuickTime
Rapport
RealPlayer
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung Samples Installer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SiS 900 PCI Fast Ethernet Adapter Driver
Spelling Dictionaries Support For Adobe Reader 9
Spyware Doctor 6.1
SUPERAntiSpyware Free Edition
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Train Store V3.2
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951978)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

15/10/2009 20:00:38, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
15/10/2009 19:28:06, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
15/10/2009 17:11:41, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
12/10/2009 10:29:22, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
09/10/2009 14:52:15, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
09/10/2009 12:04:32, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
08/10/2009 19:25:52, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
08/10/2009 17:20:27, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

Apologies that posting has been somewhat sporadic.
  #8  
Old 15th Oct 2009, 12:47
Member Group
  
I've finished running SUPERAntiSpyware, and this is the log it produced:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/15/2009 at 08:16 PM

Application Version : 4.29.1002

Core Rules Database Version : 4168
Trace Rules Database Version: 2068

Scan type : Quick Scan
Total Scan Time : 00:44:47

Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 498
Registry threats detected : 9
File items scanned : 39332
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\Thomas\Cookies\thomas@revsci[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@doubleclick[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@msnportal.112.2o7[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@bs.serving-sys[1].txt
C:\Documents and Settings\Thomas\Cookies\thomas@serving-sys[2].txt
C:\Documents and Settings\Thomas\Cookies\thomas@atdmt[2].txt

Rogue.SecureVeteran
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEC UREVETERANSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEC UREVETERANSVC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEC UREVETERANSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEC UREVETERANSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEC UREVETERANSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEC UREVETERANSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEC UREVETERANSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEC UREVETERANSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEC UREVETERANSVC\0000#DeviceDesc

Don't know if this is any help
  #9  
Old 15th Oct 2009, 12:54
Moderator Group
  
Anything that involves online banking is an extremely high risk.

I suggest you do the following IMMEDIATELY:

  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer change ALL of your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer. If you do the attacker can get the new passwords and transaction information. Refrain from using this computer for online-banking/financial purpose until we give it all clear.

Also see here:

When should I re-format? How should I reinstall?.
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Folder::
c:\program files\messenger
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
  #10  
Old 15th Oct 2009, 15:44
Member Group
  
Thanks very much for your help! I've cancelled any debit cards I may have used when online and run ComboFix as well. Hopefully it's all clear from now on!

Anyway, here's the log ComboFix produced:
ComboFix 09-10-15.01 - Thomas 15/10/2009 23:11.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.202 [GMT 1:00]
Running from: c:\documents and settings\Thomas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Thomas\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Thomas\Tom's Documents\ZbThumbnail.info
c:\program files\messenger
c:\program files\messenger\custsat.dll
c:\program files\messenger\logowin.gif
c:\program files\messenger\lvback.gif
c:\program files\messenger\msgsc.dll
c:\program files\messenger\msgslang.dll
c:\program files\messenger\msmsgs.exe
c:\program files\messenger\newalert.wav
c:\program files\messenger\newemail.wav
c:\program files\messenger\online.wav
c:\program files\messenger\type.wav
c:\program files\messenger\xpmsgr.chm
c:\recycler\S-1-5-21-1229272821-73586283-839522115-1003
c:\windows\101399rzj5d.cpl
c:\windows\104az5r3059.cpl
c:\windows\106a9ddware155z.ocx
c:\windows\10799spam5o93za.bin
c:\windows\116z5worm59c.cpl
c:\windows\119865r9jz82.dll
c:\windows\11z69pyw5re1575.exe
c:\windows\12573tzo5599.exe
c:\windows\129085ot-9-virus7z8.bin
c:\windows\130z5py694.ocx
c:\windows\1335b5c9door21z1.ocx
c:\windows\1335sparse9335z.dll
c:\windows\13395orm3z6.ocx
c:\windows\134745zambo9229.cpl
c:\windows\1365vzr9s6cd.exe
c:\windows\13z959py5c5.dll
c:\windows\14364za5kto9l309.ocx
c:\windows\1491zir1355.dll
c:\windows\14z59worm19b.dll
c:\windows\14z99spy5db9.exe
c:\windows\14zbbackdoo51099.bin
c:\windows\150459zcktool404.cpl
c:\windows\15139hacztool18a9.bin
c:\windows\15194zorm556.cpl
c:\windows\1535sza9se3137.dll
c:\windows\154aaddwarz917.ocx
c:\windows\154z4virus4f9.cpl
c:\windows\15580viruz9af.ocx
c:\windows\15926ha5ktool511z.cpl
c:\windows\15d2vir9z50.cpl
c:\windows\15z885roj93.bin
c:\windows\16056vi5z956f.bin
c:\windows\16089vi5us9z6.bin
c:\windows\166zvir2595.dll
c:\windows\16909ac5door17z9.cpl
c:\windows\16999s5yz56.exe
c:\windows\16aza9dwa5e2539.cpl
c:\windows\170sparse14z59.ocx
c:\windows\17290vzr5s2c9.ocx
c:\windows\17375vir5s219z.exe
c:\windows\175919py50ez.ocx
c:\windows\17648s95mbzt2a4.exe
c:\windows\18825zr9j243.dll
c:\windows\18ezsp5war9536.cpl
c:\windows\18z09worm255.cpl
c:\windows\19065szambot5e.dll
c:\windows\1924zirus557.exe
c:\windows\19694z5ambot187.dll
c:\windows\197fdown5oader346z.exe
c:\windows\19c9addware5z09.ocx
c:\windows\19z00sp5mbot671.bin
c:\windows\1af9hreat7545z.exe
c:\windows\1c989teaz25195.dll
c:\windows\1d1zs9y5are2837.ocx
c:\windows\1d3espyw5re249z.ocx
c:\windows\1e839ddwa5z2129.cpl
c:\windows\1feftzie51910.bin
c:\windows\1z2v9rus4a5.dll
c:\windows\1z580n5t-a-vir9s436.ocx
c:\windows\1z65tr9j7e15.bin
c:\windows\1z945pyware1819.ocx
c:\windows\20344spz95f.ocx
c:\windows\20797vz95s237.ocx
c:\windows\20950not-a5vz9us535.cpl
c:\windows\20955worm15z.bin
c:\windows\20956worz9d3.dll
c:\windows\21954v5ruz5e8.exe
c:\windows\21c2v5r69z9.bin
c:\windows\22733hackt5ol9dz.dll
c:\windows\22z49vir5s369.cpl
c:\windows\2395trojz96.cpl
c:\windows\24590z5ambot233.exe
c:\windows\248209rojz5f5.exe
c:\windows\24z25sp9mbot765.cpl
c:\windows\26305spy2z9.exe
c:\windows\2790downloader5957z.dll
c:\windows\281925ot-a-v9rus1z8.exe
c:\windows\29359spz716.cpl
c:\windows\2981dow5loaderz156.bin
c:\windows\29929s956z7.dll
c:\windows\29953not-a-vir5s4z2.cpl
c:\windows\29980wozm59b5.dll
c:\windows\2z57vir1692.dll
c:\windows\30275not-a-vi9zs395.dll
c:\windows\3070t95ezt22879.bin
c:\windows\315t9reatz559.cpl
c:\windows\3399t5oz9f0.cpl
c:\windows\3657vir2692z.cpl
c:\windows\366ezownloade929155.dll
c:\windows\39368t5ojz48.exe
c:\windows\3962vzrus5b79.exe
c:\windows\39z10ha5ktoolda.cpl
c:\windows\3de8thief5z599.dll
c:\windows\3z9cthie91795.cpl
c:\windows\4039downloadz51719.bin
c:\windows\4154spywaze8389.dll
c:\windows\425esze9l3170.dll
c:\windows\4317v9r5s49z.bin
c:\windows\436zt59j743.dll
c:\windows\4495szeal804.bin
c:\windows\45259zckdoor1463.exe
c:\windows\45d9sp9warz328.cpl
c:\windows\45esparse9z44.bin
c:\windows\4959down5zade91743.exe
c:\windows\4ac99hze546.dll
c:\windows\4az85ac9door2481.dll
c:\windows\4bc0szywar515939.exe
c:\windows\4e0aad5zare1559.cpl
c:\windows\4f9atzr5at990.exe
c:\windows\4z79s5arse439.cpl
c:\windows\4zb9ba5k9oor649.bin
c:\windows\504ddo9nloazer595.cpl
c:\windows\5122trzj5559.dll
c:\windows\5148wormz39.exe
c:\windows\51bespywa9e250z.dll
c:\windows\5355st5al925z.cpl
c:\windows\53sp5499z.dll
c:\windows\5437ba9zdoor2073.cpl
c:\windows\54a3v9rz96.dll
c:\windows\550ztroj915.dll
c:\windows\5523z9py5e6.exe
c:\windows\5524tzre9t158.dll
c:\windows\5599viruz51b.cpl
c:\windows\56725wo9m54z.bin
c:\windows\578threat19z.dll
c:\windows\581tzre9t25261.dll
c:\windows\5867spzw9re851.cpl
c:\windows\5995thzeat9921.cpl
c:\windows\59e7spywzre1203.dll
c:\windows\5a1zth9eat194.cpl
c:\windows\5b62addz5re1494.exe
c:\windows\6159spyzare450.dll
c:\windows\61fvir9z53.dll
c:\windows\624dsp5w9re46z.exe
c:\windows\6499s5yware2z08.cpl
c:\windows\64dbsp5r9e983z.bin
c:\windows\65f6s9ywzre1435.dll
c:\windows\67f795r22z.dll
c:\windows\690a5parze3030.dll
c:\windows\695asparse25z3.dll
c:\windows\69z7download59441.bin
c:\windows\6d3ethreaz91150.dll
c:\windows\74a9addwar523z4.dll
c:\windows\75afzir2909.cpl
c:\windows\7641not9a-vzrus795.cpl
c:\windows\7965spar5e1699z.exe
c:\windows\79addw9re29z45.dll
c:\windows\79ddth5z9356.cpl
c:\windows\7a99viz855.cpl
c:\windows\7bz59ir9175.exe
c:\windows\7faestza526009.cpl
c:\windows\8395s5azbot3d79.exe
c:\windows\8893troj7e5z.exe
c:\windows\8z05spambot6669.dll
c:\windows\950zvir2598.dll
c:\windows\9592spa9bot6e0z.cpl
c:\windows\9639trzj25b.cpl
c:\windows\9859roj5fz5.dll
c:\windows\9879zro9589.exe
c:\windows\99158virusz.exe
c:\windows\9985wormza5.cpl
c:\windows\9f5es5zal1557.dll
c:\windows\9fe4ad5ware317z.dll
c:\windows\9z5avir1392.bin
c:\windows\ed5downloade960z.bin
c:\windows\system32\152599rojzcc.dll
c:\windows\system32\155a9ackdozr2031.dll
c:\windows\system32\19f5steal23z2.exe
c:\windows\system32\1e4zsparse5797.bin
c:\windows\system32\20850not-a-vir9s69fz.bin
c:\windows\system32\2105zspy499.dll
c:\windows\system32\21151troj59z.exe
c:\windows\system32\211z4vir5s179.bin
c:\windows\system32\2392not5a-virus3z9.exe
c:\windows\system32\259z5hack5ool6ca9.dll
c:\windows\system32\280zvir29945.bin
c:\windows\system32\28737viru53a9z.exe
c:\windows\system32\292s9ambot50cz.bin
c:\windows\system32\2e10b5ckdzor899.bin
c:\windows\system32\2z7959irus33e.dll
c:\windows\system32\2z9ba9kdoo5589.bin
c:\windows\system32\31153szy2759.exe
c:\windows\system32\339dzddware18095.exe
c:\windows\system32\493es9ezl655.exe
c:\windows\system32\4ae4spar5e2994z.exe
c:\windows\system32\51629not-a-vzr9s1aa.bin
c:\windows\system32\52094troj7ddz.bin
c:\windows\system32\530aviz1596.dll
c:\windows\system32\5655s9yware2z5.bin
c:\windows\system32\56a5t5ie93080z.dll
c:\windows\system32\5882st5alz409.exe
c:\windows\system32\58f35ackdoor2925z.dll
c:\windows\system32\5cbthiez8669.exe
c:\windows\system32\5d69zir2597.bin
c:\windows\system32\6569down5ozder919.dll
c:\windows\system32\7fzabackdoor9250.dll
c:\windows\system32\8155wormz59.exe
c:\windows\system32\9605zpy405.dll
c:\windows\system32\f9aspyware9005z.bin
c:\windows\winhelp.ini
c:\windows\z08529py7f3.exe
c:\windows\z207spars91050.cpl
c:\windows\z658spy6995.cpl
c:\windows\zd39thief10765.dll
c:\windows\zf6e5hreat90911.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-12-25 22:28 . 2009-12-25 22:28 9564 ----a-w- c:\windows\system32\15570szambot9d7.exe
2009-12-23 02:28 . 2009-12-23 02:28 7755 ----a-w- c:\windows\system32\23901zot-a-5irus731.dll
2009-12-18 01:37 . 2009-12-18 01:37 2698 ----a-w- c:\windows\system32\z45n9t-a-viru524.dll
2009-12-13 08:23 . 2009-12-13 08:23 2528 ----a-w- c:\windows\7e6evi5z292.bin
2009-12-10 10:47 . 2009-12-10 10:47 5292 ----a-w- c:\windows\system32\1093b9ckdo5rz51.bin
2009-12-07 08:25 . 2009-12-07 08:25 5197 ----a-w- c:\windows\system32\24473spa9bot5z5.exe
2009-12-03 21:01 . 2009-12-03 21:01 5146 ----a-w- c:\windows\system32\2f01viz9570.bin
2009-12-01 02:45 . 2009-12-01 02:45 7864 ----a-w- c:\windows\system32\5d6zhre9t24991.exe
2009-11-14 02:27 . 2009-11-14 02:27 4661 ----a-w- c:\windows\system32\3d29do9n5zader101.bin
2009-11-09 07:38 . 2009-11-09 07:38 7484 ----a-w- c:\windows\system32\3z71hac59ool14e.exe
2009-11-03 17:43 . 2009-11-03 17:43 7331 ----a-w- c:\windows\system32\23474v9r5s42z.dll
2009-11-03 14:10 . 2009-11-03 14:10 9945 ----a-w- c:\windows\system32\6ae5stzal18559.dll
2009-10-21 02:43 . 2009-10-21 02:43 6383 ----a-w- c:\windows\3f59addwaze593.bin
2009-10-13 08:35 . 2009-10-13 08:35 6891 ----a-w- c:\windows\system32\5edownz9ader102.dll
2009-10-12 05:01 . 2009-10-12 05:01 7503 ----a-w- c:\windows\system32\331fth59at1109z.exe
2009-10-08 13:26 . 2009-10-08 13:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-10-07 15:35 . 2009-10-07 15:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-07 15:32 . 2009-10-07 18:14 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\Adobe
2009-10-07 15:31 . 2009-10-07 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-07 15:24 . 2009-10-07 15:24 -------- d-----w- c:\windows\Sun
2009-10-07 04:59 . 2009-10-07 04:59 7477 ----a-w- c:\windows\z4546w9rm885.bin
2009-10-05 07:59 . 2009-10-05 07:59 9362 ----a-w- c:\windows\system32\18c2thz5at19699.bin
2009-10-04 18:57 . 2009-10-04 18:57 0 ----a-w- c:\windows\nsreg.dat
2009-10-04 18:57 . 2009-10-04 18:57 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\Mozilla
2009-10-04 13:09 . 2009-10-04 13:09 -------- d-----w- c:\documents and settings\Thomas\Application Data\Trusteer
2009-10-04 13:09 . 2009-10-04 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
2009-10-04 13:09 . 2009-10-04 13:09 -------- d-----w- c:\program files\Trusteer
2009-10-01 17:00 . 2009-10-06 16:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-01 16:59 . 2009-10-01 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-10-01 16:59 . 2009-10-01 16:59 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-01 16:58 . 2009-10-02 00:09 -------- d-----w- c:\program files\McAfee
2009-10-01 09:56 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-01 09:56 . 2009-10-01 09:56 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-01 09:52 . 2009-10-01 09:54 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-01 09:52 . 2009-10-01 09:52 -------- d-----w- c:\windows\system32\LogFiles
2009-09-30 17:32 . 2009-09-30 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-30 17:31 . 2009-10-15 18:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-30 17:31 . 2009-09-30 17:31 -------- d-----w- c:\documents and settings\Thomas\Application Data\SUPERAntiSpyware.com
2009-09-30 17:31 . 2009-09-30 17:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-30 17:16 . 2009-09-30 17:16 -------- d-----w- c:\program files\CCleaner
2009-09-30 17:08 . 2009-09-30 17:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 17:07 . 2009-09-30 17:07 -------- d-----w- c:\program files\Java
2009-09-30 12:47 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-30 12:46 . 2009-08-24 13:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-30 12:46 . 2009-08-19 10:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-30 12:46 . 2009-09-30 12:50 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-30 12:46 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-30 12:46 . 2009-10-12 08:12 -------- d-----w- c:\program files\Spyware Doctor
2009-09-30 12:46 . 2009-09-30 12:46 -------- d-----w- c:\documents and settings\Thomas\Application Data\PC Tools
2009-09-30 12:46 . 2009-09-30 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-30 12:45 . 2009-10-12 09:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-30 12:39 . 2009-09-30 12:39 -------- d-----w- c:\documents and settings\Thomas\Application Data\Malwarebytes
2009-09-30 12:39 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 12:39 . 2009-09-30 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 12:39 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 12:39 . 2009-09-30 12:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 10:07 . 2009-10-01 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 07:25 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-09-29 07:25 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-09-28 17:20 . 2009-09-28 17:20 -------- d-sh--w- c:\documents and settings\Thomas\IECompatCache
2009-09-28 13:27 . 2009-10-15 19:25 -------- d-----w- c:\documents and settings\Thomas\Tracing
2009-09-28 13:25 . 2009-09-28 13:25 -------- d-----w- c:\program files\Microsoft
2009-09-28 13:25 . 2009-09-28 13:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-28 13:24 . 2009-09-28 13:25 -------- d-----w- c:\program files\Windows Live
2009-09-28 13:22 . 2009-09-28 13:22 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-28 12:55 . 2009-09-28 12:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-28 10:06 . 2009-09-28 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-28 10:06 . 2009-09-28 10:06 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-28 01:27 . 2009-09-28 01:27 -------- d-sh--w- c:\documents and settings\Thomas\PrivacIE
2009-09-28 01:24 . 2009-09-28 01:24 -------- d-sh--w- c:\documents and settings\Thomas\IETldCache
2009-09-28 01:16 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-28 01:15 . 2009-09-28 01:15 -------- d-----w- c:\windows\ie8updates
2009-09-28 01:14 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-28 01:14 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-28 01:07 . 2009-09-28 01:13 -------- dc-h--w- c:\windows\ie8
2009-09-28 00:42 . 2009-09-28 00:42 -------- d-----w- C:\Google
2009-09-27 20:39 . 2009-09-27 20:39 -------- d-----w- c:\windows\system32\scripting
2009-09-27 20:39 . 2009-09-27 20:39 -------- d-----w- c:\windows\l2schemas
2009-09-27 20:39 . 2009-09-27 20:39 -------- d-----w- c:\windows\system32\en
2009-09-27 20:39 . 2009-09-27 20:39 -------- d-----w- c:\windows\system32\bits
2009-09-27 20:29 . 2009-09-27 20:41 -------- d-----w- c:\windows\ServicePackFiles
2009-09-27 20:04 . 2009-09-27 20:04 -------- d-----w- c:\windows\EHome
2009-09-27 19:47 . 2004-08-03 21:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-09-27 19:47 . 2004-08-03 21:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-09-27 19:47 . 2004-08-03 21:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-09-27 19:47 . 2004-08-03 21:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-09-27 19:47 . 2004-08-03 21:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-09-27 19:47 . 2004-08-03 21:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2009-09-27 19:46 . 2004-08-03 21:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
2009-09-27 19:46 . 2004-08-03 21:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
2009-09-27 19:46 . 2004-08-03 21:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 19:46 . 2004-08-03 21:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2009-09-27 19:46 . 2004-08-03 21:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-09-27 19:46 . 2004-08-03 21:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-09-27 19:46 . 2004-08-03 21:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-09-27 19:46 . 2004-08-03 21:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-09-27 18:34 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-27 18:33 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-09-27 18:04 . 2009-09-27 18:04 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\Symantec
2009-09-27 18:00 . 2009-09-27 18:01 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-27 18:00 . 2009-09-27 18:01 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-27 17:59 . 2009-06-22 06:44 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2009-09-27 17:55 . 2009-09-27 18:01 -------- d-----w- c:\program files\Symantec
2009-09-27 17:50 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-27 17:50 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-09-27 17:50 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-09-27 17:50 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-09-27 17:50 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-27 17:48 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-09-24 07:54 . 2009-09-24 07:54 6295 ----a-w- c:\windows\46fzthreat9515.dll
2009-09-23 23:26 . 2009-09-23 23:26 8793 ----a-w- c:\windows\system32\24957wormzbb.exe
2009-09-23 20:05 . 2009-09-23 20:08 -------- d-----w- C:\Train Store
2009-09-23 18:57 . 2009-09-23 18:57 -------- d-----w- c:\program files\J A Formoso
2009-09-20 10:00 . 2009-09-20 10:00 7700 ----a-w- c:\windows\5965t9oj2z15.exe
2009-09-20 06:59 . 2009-09-20 06:59 7074 ----a-w- c:\windows\system32\59edownloader95z.bin
2009-09-18 14:52 . 2009-09-18 14:52 4633 ----a-w- c:\windows\system32\9a5fthrzat205005.bin
2009-09-17 09:40 . 2009-09-17 09:40 7923 ----a-w- c:\windows\system32\6d96threat2457z.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-15 15:59 . 2009-10-15 15:59 -------- d-----w- c:\documents and settings\Thomas\Application Data\Apple Computer
2009-10-15 15:56 . 2009-10-15 15:53 -------- d-----w- c:\program files\iTunes
2009-10-15 15:56 . 2009-10-15 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-15 15:54 . 2009-10-15 15:54 -------- d-----w- c:\program files\iPod
2009-10-15 15:54 . 2009-10-15 15:46 -------- d-----w- c:\program files\Common Files\Apple
2009-10-15 15:53 . 2009-10-15 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-15 15:52 . 2009-10-15 15:52 -------- d-----w- c:\program files\Bonjour
2009-10-15 15:51 . 2006-02-13 11:55 -------- d-----w- c:\program files\QuickTime
2009-10-15 15:47 . 2009-10-15 15:47 -------- d-----w- c:\program files\Apple Software Update
2009-10-15 15:46 . 2009-10-15 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-07 18:07 . 2006-01-27 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-30 20:23 . 2006-01-27 15:53 98176 ----a-w- c:\documents and settings\Thomas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-28 00:42 . 2006-04-04 11:14 -------- d-----w- c:\program files\Google
2009-09-27 18:05 . 2006-02-01 16:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-27 18:04 . 2006-02-01 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-27 18:01 . 2009-09-27 18:00 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-27 18:01 . 2009-09-27 18:00 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-10 05:34 . 2009-09-10 05:34 9031 ----a-w- c:\windows\system32\445cvir9844z.bin
2009-09-09 21:18 . 2009-09-09 21:18 16699 ----a-w- c:\windows\29142spz59c9.bin
2009-09-05 19:01 . 2009-09-05 19:01 -------- d-----w- c:\program files\Western Digital
2009-09-05 00:28 . 2009-09-05 00:28 4786 ----a-w- c:\windows\598bstzal1157.exe
2009-09-04 02:56 . 2009-09-04 02:56 11152 ----a-w- c:\windows\system32\6192zroj359.dll
2009-09-02 13:25 . 2009-09-02 13:25 11150 ----a-w- c:\windows\system32\64dthre5t66z49.exe
2009-09-02 03:31 . 2009-09-02 03:31 8093 ----a-w- c:\windows\903b5hiez2204.exe
2009-09-01 13:33 . 2009-09-01 13:33 15758 ----a-w- c:\windows\z5d15ownloader2909.bin
2009-08-27 16:03 . 2009-08-27 16:03 9811 ----a-w- c:\windows\6958threa9z0335.exe
2009-08-25 21:35 . 2009-08-25 21:35 9674 ----a-w- c:\windows\system32\5224virzs9ab.dll
2009-08-24 16:37 . 2009-08-24 16:37 4390 ----a-w- c:\windows\system32\6904nzt-a-5ir9s82.exe
2009-08-22 22:51 . 2009-08-22 22:51 10934 ----a-w- c:\windows\99600zot5a-virus5ae.bin
2009-08-21 13:16 . 2009-08-21 13:16 5290 ----a-w- c:\windows\system32\44e8st5al299z.bin
2009-08-16 11:22 . 2009-08-16 11:22 16433 ----a-w- c:\windows\system32\d9cadzwa9e520.exe
2009-08-12 12:15 . 2009-08-12 12:15 17018 ----a-w- c:\windows\system32\9437download5r2408z.exe
2009-08-08 05:06 . 2009-08-08 05:06 15492 ----a-w- c:\windows\system32\29zaspyware185.bin
2009-08-08 04:48 . 2009-08-08 04:48 12761 ----a-w- c:\windows\system32\956ha5k9ozla6.dll
2009-08-06 18:24 . 2006-01-11 11:56 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2006-01-11 11:56 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2006-01-11 11:56 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2005-05-26 03:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2006-01-11 11:56 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2006-01-11 18:34 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2006-01-11 11:56 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2006-01-11 11:56 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-01-11 18:34 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2006-01-11 18:34 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2006-01-11 18:34 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-26 15:12 . 2009-07-26 15:12 6239 ----a-w- c:\windows\system32\90651szam5ot723.exe
2009-07-26 05:42 . 2009-07-26 05:42 11778 ----a-w- c:\windows\6d55sparze19805.bin
2009-07-24 23:43 . 2009-07-24 23:43 5199 ----a-w- c:\windows\59500zorm5a9.dll
2009-07-23 02:22 . 2009-07-23 02:22 15918 ----a-w- c:\windows\system32\35c4thre9t22z15.exe
2009-07-22 22:50 . 2009-07-22 22:50 10947 ----a-w- c:\windows\system32\9c37backdzor2539.dll
2009-07-22 20:16 . 2009-07-22 20:16 16246 ----a-w- c:\windows\3z550not-a-v59us112.bin
2009-07-19 13:12 . 2009-07-19 13:12 8723 ----a-w- c:\windows\z2432troj995.exe
2006-04-03 20:24 . 2006-04-04 11:14 11817800 ----a-w- c:\program files\GoogleEarth.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e" [2003-11-19 1134080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-09-28 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-28 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-28 634880]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCh eck.exe" [2003-11-10 406016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"Net-It Launcher"="c:\windows\system32\NILaunch.exe" [1998-02-05 24576]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-22 115560]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-30 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kazga.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kazga.exe.lnk
backup=c:\windows\pss\Kazga.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
backup=c:\windows\pss\Lotus Organizer EasyClip.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=c:\windows\pss\Lotus QuickStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SmartCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus SmartCenter.lnk
backup=c:\windows\pss\Lotus SmartCenter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus SuiteStart.lnk
backup=c:\windows\pss\Lotus SuiteStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Thomas^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk]
path=c:\documents and settings\Thomas\Start Menu\Programs\Startup\Encarta Dictionary Quickshelf.lnk
backup=c:\windows\pss\Encarta Dictionary Quickshelf.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Thomas^Start Menu^Programs^Startup^Lotus SmartSuite Release 9 Registration.lnk]
path=c:\documents and settings\Thomas\Start Menu\Programs\Startup\Lotus SmartSuite Release 9 Registration.lnk
backup=c:\windows\pss\Lotus SmartSuite Release 9 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CCALib8"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [30/09/2009 13:46 206256]
R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [01/08/2003 15:47 29239]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [27/09/2009 12:53 58856]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [27/09/2009 12:53 333928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 11:42 74480]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.s ys [04/10/2001 12:53 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [27/08/2003 18:48 187392]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [01/10/2009 17:59 210216]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [27/09/2009 12:53 967912]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.s ys [13/12/2002 19:33 64000]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [11/01/2006 19:36 191092]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/10/2009 10:26 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [22/07/2009 16:40 23888]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStb y.sys [11/01/2006 19:36 6100]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 11:42 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [30/09/2009 13:46 348824]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: QuickDefine - c:\program files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
IE: QuickTranslate - c:\program files\Common Files\Microsoft Shared\Reference Titles\edtrans.htm
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\1f7j90nn.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus
AddRemove-Encarta Encyclopedia 2000 NLQ Z - c:\program files\Microsoft Encarta\Encarta Encyclopedia 2000 WE\Nlq\Uninstall.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 23:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2644)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Trusteer\Rapport\bin\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2009-10-15 23:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-15 22:39

Pre-Run: 36,480,978,944 bytes free
Post-Run: 36,637,974,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

593 --- E O F --- 2009-10-02 12:22
Reply
Page 1 of 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.