Uninstalled Save Defender still acting up

View previous topic View next topic Go down

Uninstalled Save Defender still acting up

Post by Zsuzsanna1 on Sun Sep 20, 2009 8:14 pm

Hi! I accidentally downloaded Save Defender. Though I uninstalled it right away, I still got messages on the notification area like this: Spyware Alert! / Infiltration Alert! Also I cannot browse the internet, 'cause an authentic looking warning comes up, and want to navigate me to the Save Defender website to buy their program.
I downloaded HijackThis, this my log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:23 PM, on 9/20/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\6ze9rf50.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\Zsuzsi\Desktop\winlogon.scr
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [6ze9rf50.exe] C:\Windows\system32\6ze9rf50.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\compatuiu.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13159 bytes

Please help, these pop-up things drive me crazy!
Thanks in advance!

Zsuzsanna1
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-20
OS OS : moon1126
Points Points : 26352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Belahzur on Sun Sep 20, 2009 9:16 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [6ze9rf50.exe] C:\Windows\system32\6ze9rf50.exe



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Zsuzsanna1 on Mon Sep 21, 2009 11:03 pm

Hi Belahzur, this is the MBAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 2831
Windows 6.0.6002 Service Pack 2

9/21/2009 6:53:16 PM
mbam-log-2009-09-21 (18-53-16).txt

Scan type: Quick Scan
Objects scanned: 105722
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Users\Zsuzsi\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Zsuzsi\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Zsuzsanna1
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-20
OS OS : moon1126
Points Points : 26352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Belahzur on Tue Sep 22, 2009 1:13 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Zsuzsanna1 on Tue Sep 22, 2009 10:05 pm

I hope this is what you ask me to do:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Zsuzsi at 17:59:42.10 on Tue 09/22/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.717 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Zsuzsi\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: []
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\compatuiu.dll

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090910.001\IDSvix86.sys [2009-9-12 272432]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-2-22 73728]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-3-18 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-2-22 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-1 102448]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-2-22 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-2-22 7424]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-22 29744]

=============== Created Last 30 ================

2009-09-22 07:32 7,027 a------- c:\windows\559zvir3199.ocx
2009-09-20 13:09 --d----- c:\users\zsuzsi\appdata\roaming\Malwarebytes
2009-09-20 13:09 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 13:09 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-20 13:09 --d----- c:\programdata\Malwarebytes
2009-09-20 13:09 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 13:09 --d----- c:\progra~2\Malwarebytes
2009-09-20 11:24 --d----- c:\programdata\Office Genuine Advantage
2009-09-19 19:14 --d----- c:\windows\system32\eu-ES
2009-09-19 19:14 --d----- c:\windows\system32\ca-ES
2009-09-19 19:14 --d----- c:\windows\system32\vi-VN
2009-09-19 19:10 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-19 18:42 --d----- c:\windows\system32\EventProviders
2009-09-18 09:34 4,589 a------- c:\windows\system32\497esparse1z765.ocx
2009-09-17 18:10 268,800 a------- c:\windows\system32\es.dll
2009-09-17 18:09 869,888 a------- c:\windows\system32\printui.dll
2009-09-17 18:08 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-09-15 17:27 9,283 a------- c:\windows\a7atz9e5t27347.dll
2009-09-14 20:44 12,038 a------- c:\windows\8425zp95bf.ocx
2009-09-13 13:24 4,002 a------- c:\windows\20409t9oz522.exe
2009-09-12 20:42 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-12 20:42 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-12 20:40 --d----- c:\program files\iPod
2009-09-12 20:40 --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 20:40 --d----- c:\program files\iTunes
2009-09-12 20:40 --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 18:54 4,842 a------- c:\windows\system32\5559th9ef1405z.bin
2009-09-09 18:10 2,880 a------- c:\windows\system32\5e52vi915z1.dll
2009-09-09 10:22 16,092 a------- c:\windows\1896zspy5ff.ocx
2009-09-08 04:27 11,804 a------- c:\windows\system32\15639trz579c.exe
2009-09-06 19:19 18,085 a------- c:\windows\system32\9795troj68z.cpl
2009-09-05 07:28 7,295 a------- c:\windows\system32\5914do5nzo9der2145.cpl
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-04 19:22 13,684 a------- c:\windows\z919vir11955.bin
2009-09-03 03:00 4,863 a------- c:\windows\system32\1cz89h5ef2012.exe
2009-09-02 16:35 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 16:35 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 16:06 14,939 a------- c:\windows\system32\3e919ownl5adzr2607.dll
2009-09-02 09:57 --d----- c:\users\zsuzsi\{4a03567e-e7e2-4c5a-ab31-650905494939}
2009-09-02 09:31 144,447 a------- c:\windows\hpqins00.dat
2009-09-02 09:27 --d----- c:\users\zsuzsi\appdata\roaming\HpUpdate
2009-09-02 09:26 --d----- c:\windows\Hewlett-Packard
2009-08-28 07:01 10,776 a------- c:\windows\2498thzeat93195.cpl
2009-08-28 03:49 9,574 a------- c:\windows\system32\7186sp94z55.exe
2009-08-26 10:06 3,465 a------- c:\windows\system32\80985roj5z2.dll
2009-08-25 23:20 2,048 a------- c:\windows\system32\tzres.dll
2009-08-25 22:12 1,696,768 a------- c:\windows\system32\gameux.dll
2009-08-25 09:53 8,399 a------- c:\windows\system32\e649ddwaz51557.ocx
2009-08-24 22:07 5,198 a------- c:\windows\system32\z9ea9teal1510.dll
2009-08-24 04:18 4,967 a------- c:\windows\9997wz5mee.cpl
2009-08-23 20:53 4,505 a------- c:\windows\253espywaze2392.ocx

==================== Find3M ====================

2009-09-19 19:20 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-19 19:20 143,360 a------- c:\windows\inf\infstor.dat
2009-09-19 19:20 51,200 a------- c:\windows\inf\infpub.dat
2009-09-19 19:13 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-22 13:58 2,718 a------- c:\windows\2895stealz622.exe
2009-08-21 23:35 10,751 a------- c:\windows\system32\735e9h5ef3071z.dll
2009-08-19 18:35 14,777 a------- c:\windows\system32\205bvir19z6.bin
2009-08-18 20:55 7,618 a------- c:\windows\system32\65a1spy9zre2594.bin
2009-08-17 23:01 11,207 a------- c:\windows\6252zir955.exe
2009-08-14 12:27 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:48 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-10 06:41 3,698 a------- c:\windows\6560thiez7489.bin
2009-08-08 21:28 6,518 a------- c:\windows\system32\50289hackzool309.dll
2009-08-05 11:25 12,732 a------- c:\windows\1da5thre9519445z.dll
2009-08-04 02:25 16,039 a------- c:\windows\40a9d9wnlozder533.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-26 17:59 11,725 a------- c:\windows\zc81s9eal5152.bin
2009-07-26 05:08 12,139 a------- c:\windows\system32\5065tzief12929.exe
2009-07-24 02:42 10,556 a------- c:\windows\95azbackdo5r1999.bin
2009-07-22 02:30 5,127 a------- c:\windows\2c699own5oader19z4.bin
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-20 16:18 5,679 a------- c:\windows\system32\2649zspy1155.exe
2009-07-18 05:29 6,328 a------- c:\windows\11568z9rm237.exe
2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-16 05:51 11,914 a------- c:\windows\system32\6499thzea523995.bin
2009-07-15 08:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 08:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 08:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 08:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-13 02:01 15,747 a------- c:\windows\5a39addw5rez31.bin
2009-07-12 01:58 4,669 a------- c:\windows\system32\a23down5oz9er1918.exe
2009-07-11 23:24 16,929 a------- c:\windows\system32\7bz7d95nloader1880.exe
2009-07-11 15:01 513,536 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:01 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:01 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:01 65,024 a------- c:\windows\system32\wlanapi.dll
2009-07-11 13:03 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-07-11 07:43 2,853 a------- c:\windows\system32\15560spambot5z9.exe
2009-07-10 12:42 2,745 a------- c:\windows\system32\223049pamb5t1z.exe
2009-07-08 23:29 16,431 a------- c:\windows\system32\29zcaddware5323.dll
2009-07-08 17:02 4,726 a------- c:\windows\system32\6zd9addware225.dll
2009-07-08 06:07 9,690 a------- c:\windows\system32\5809sp9warez56.dll
2009-07-05 22:38 17,130 a------- c:\windows\system32\z6107not-5-v9rus9.dll
2009-07-05 17:57 8,216 a------- c:\windows\4909zpa5bot69a.bin
2009-07-01 20:44 5,346 a------- c:\windows\z69595irus137.bin
2009-06-27 07:02 4,025 a------- c:\windows\28z9995oj545.bin
2009-06-25 19:36 16,881 a------- c:\windows\system32\57edadd9are131z5.exe
2008-09-26 21:27 174 a--sh--- c:\program files\desktop.ini
2008-06-29 19:36 56 a---h--- c:\programdata\ezsidmv.dat
2008-06-29 19:36 56 a---h--- c:\progra~2\ezsidmv.dat
2008-03-15 21:24 61,224 a------- c:\users\zsuzsi\GoToAssistDownloadHelper.exe
2008-02-28 00:41 32 a------- c:\programdata\ezsid.dat
2008-02-28 00:41 32 a------- c:\progra~2\ezsid.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-02-22 09:19 76 ---shr-- c:\windows\CT4CET.bin
2008-02-22 17:00 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:00:41.01 ===============

Zsuzsanna1
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-20
OS OS : moon1126
Points Points : 26352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Belahzur on Wed Sep 23, 2009 12:50 am

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Zsuzsanna1 on Wed Sep 23, 2009 2:27 am

I downloaded combofix.exe, and renamed it to svchost.exe, but is is not running on my computer. A "disclamer of warranty on software"popped up. So I do not have combofix.txt yet. What do I do now? (By the way I can browse on the net now, and I do not have virus warnings every other minute. Am I virus/malware free or not yet?)

Zsuzsanna1
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-20
OS OS : moon1126
Points Points : 26352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Belahzur on Wed Sep 23, 2009 7:09 pm

Hello.
Select okay to the disclaimer warning, it's just a legal thing.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Zsuzsanna1 on Wed Sep 23, 2009 9:13 pm

Thanks for being so patient!

ComboFix 09-09-22.02 - Zsuzsi 09/23/2009 16:25.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.860 [GMT -4:00]
Running from: c:\users\Zsuzsi\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-1734741221-4188870426-115034240-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\Windows\Start Menu\NetZero - First Three Months Free!.exe
c:\windows\10153wzrm1e59.bin
c:\windows\10295virusz8.bin
c:\windows\10azd5wn9oader798.cpl
c:\windows\11568z9rm237.exe
c:\windows\1219sp5z9.cpl
c:\windows\122azh9ea518390.cpl
c:\windows\12464hazk59ol719.dll
c:\windows\125355zy91.dll
c:\windows\126z1v9rusd5.cpl
c:\windows\1291zworm7355.ocx
c:\windows\12f9sparsez850.cpl
c:\windows\13045h9cktool6zd5.cpl
c:\windows\132249ot-a5virus7b0z.ocx
c:\windows\13992not59-virusza2.dll
c:\windows\1399downl5aderz047.dll
c:\windows\1451znot-a-virus955.exe
c:\windows\146315izuse9.bin
c:\windows\14755s9ambotz44.exe
c:\windows\14979hac5tzol54e.bin
c:\windows\150caddzare21219.ocx
c:\windows\15124spamb5t912z.exe
c:\windows\15339sz5a9.bin
c:\windows\157ztr953bd.dll
c:\windows\1597zpambot9.ocx
c:\windows\15b4vir9722z.exe
c:\windows\15e8down9oaze5188.cpl
c:\windows\15z5vir934.dll
c:\windows\160zs59al3034.cpl
c:\windows\1620v9r5s1zb.dll
c:\windows\1639zspa9bo577d.bin
c:\windows\169n9tza-vi5usc8.exe
c:\windows\16ebspar9e85z5.dll
c:\windows\16z59pyware3151.ocx
c:\windows\1751w59m5cz.cpl
c:\windows\175z2hac5tool697.dll
c:\windows\17969w5rm6c5z.exe
c:\windows\17e9szeal2958.exe
c:\windows\17z9backd5or1826.cpl
c:\windows\18418notz9-vi5us48.cpl
c:\windows\1896zspy5ff.ocx
c:\windows\19108w95z569.cpl
c:\windows\19456spambot7z5.ocx
c:\windows\197349acktooz555.bin
c:\windows\19886virus5z5.ocx
c:\windows\199z5worm595.cpl
c:\windows\1a1aa5dwar92452z.exe
c:\windows\1a59thzeat2148.exe
c:\windows\1a99szars53224.ocx
c:\windows\1b4est5al697z.dll
c:\windows\1bbfdoznloa5e9294.cpl
c:\windows\1cz5vir12069.exe
c:\windows\1da5thre9519445z.dll
c:\windows\1e18ztea52192.exe
c:\windows\1fcad5wnlozder25839.cpl
c:\windows\1z0579or57b.dll
c:\windows\1z21059ambot74d.exe
c:\windows\1z53sparse9391.bin
c:\windows\1z547vir9s4ca.dll
c:\windows\1z58addware3927.bin
c:\windows\1z5dvir3911.exe
c:\windows\1z86sp9r5e1953.cpl
c:\windows\1z95steal1906.dll
c:\windows\20409t9oz522.exe
c:\windows\20554viruzcd9.dll
c:\windows\2079t5oz6f9.cpl
c:\windows\20f3ba9kdoo5z228.bin
c:\windows\20f9v5rz563.exe
c:\windows\20z8thief5949.dll
c:\windows\21582sp94ze.dll
c:\windows\21925spyz9e.dll
c:\windows\21941zo5m5189.exe
c:\windows\224859roz52b.dll
c:\windows\2268not-9-zirus455.dll
c:\windows\22919vi9uz385.cpl
c:\windows\22991sp9mb5t31az.bin
c:\windows\22997vzrus52d.dll
c:\windows\2327thre9t1475z.dll
c:\windows\2361tr9j765z.exe
c:\windows\23672trzj5b79.bin
c:\windows\23795not-a-viruz394.exe
c:\windows\2495zi9u5449.ocx
c:\windows\2498thzeat93195.cpl
c:\windows\25055spa9bzt5af.ocx
c:\windows\2511downlo9derz76.exe
c:\windows\253espywaze2392.ocx
c:\windows\25426hac9tzo5110.cpl
c:\windows\255fdownloa9er249z.exe
c:\windows\2565w9rmzbb.ocx
c:\windows\25674viru53z59.ocx
c:\windows\25805wz957d9.bin
c:\windows\25904ha5ktzol93b.bin
c:\windows\25b7do9n5oader252z.exe
c:\windows\25e0downloadzr919.dll
c:\windows\261869zt5a-virus2fc.bin
c:\windows\2655threaz95648.bin
c:\windows\26789wo5m1zb.ocx
c:\windows\26913t5zj192.dll
c:\windows\26917not-a59zrus3d2.dll
c:\windows\26925spam9otz6a.exe
c:\windows\26fe9zyware6145.ocx
c:\windows\27749not-a-9irzs65d.dll
c:\windows\2797a5dwzre692.ocx
c:\windows\27z91troj605.bin
c:\windows\28195w5rm26z.cpl
c:\windows\28399not-5-zirus77a.exe
c:\windows\28413hack9o5l2zc.exe
c:\windows\2875zha9ktool2c2.dll
c:\windows\2895stealz622.exe
c:\windows\28z9995oj545.bin
c:\windows\29302v5ru91z.cpl
c:\windows\29396s5y7az.dll
c:\windows\295viz2755.dll
c:\windows\297steal551z.bin
c:\windows\29997wozm5a05.dll
c:\windows\299fsparse3z55.cpl
c:\windows\29b05hzeat24445.cpl
c:\windows\29e0spywaze503.cpl
c:\windows\2b0a5d9are42z.dll
c:\windows\2b96thr5at2z102.bin
c:\windows\2c35teal3z709.cpl
c:\windows\2c699own5oader19z4.bin
c:\windows\2dc4sz59are2082.ocx
c:\windows\2df9a95wzre1115.ocx
c:\windows\2dffspazs51494.cpl
c:\windows\2eb1t5iez22859.dll
c:\windows\2f82zddware9655.ocx
c:\windows\2f90bazkdoor2509.cpl
c:\windows\2fabdzwnload9r31025.cpl
c:\windows\2fe6za5kdoor797.exe
c:\windows\2z205not-a5virus9d8.bin
c:\windows\2z593spambot549.ocx
c:\windows\2z637spambot5b9.ocx
c:\windows\30095trzj559.bin
c:\windows\3117sp5m9oz1d3.bin
c:\windows\325559orm15z.bin
c:\windows\32b4downloz9e51653.bin
c:\windows\333dviz559.dll
c:\windows\34e3vir9z995.ocx
c:\windows\353629roj1z1.bin
c:\windows\358tzief1959.dll
c:\windows\35ddthreat3z039.exe
c:\windows\35efspazse10589.ocx
c:\windows\35z549acktool16b.cpl
c:\windows\35z8spywa9e1976.ocx
c:\windows\37acthzeat56297.ocx
c:\windows\37c1spa9se27z5.dll
c:\windows\38c8doznload9r215.exe
c:\windows\390z2spy6995.cpl
c:\windows\39e5spzrse1654.cpl
c:\windows\3a44bacz5oor1590.bin
c:\windows\3bfzadd9are5625.bin
c:\windows\3bz2down5oader2910.exe
c:\windows\3c569pywarz2619.bin
c:\windows\3d6bsp5warz1339.dll
c:\windows\3ze9thie51264.cpl
c:\windows\40595roj90z.dll
c:\windows\40a9d9wnlozder533.dll
c:\windows\4103haczto5927e.dll
c:\windows\4262z9arse26535.cpl
c:\windows\42dat9re5t3z663.ocx
c:\windows\435zwor995.bin
c:\windows\4395azkdoor2239.dll
c:\windows\43c5zi93093.dll
c:\windows\43c95ddwzre1088.dll
c:\windows\43f4v9z2865.bin
c:\windows\4450st9al2036z.bin
c:\windows\4458z9rm539.exe
c:\windows\44e1threaz59932.ocx
c:\windows\4511addwa9e1805z.dll
c:\windows\463hack5o9l47z.ocx
c:\windows\4661s9amzot425.ocx
c:\windows\46e0downl9a5ez1746.cpl
c:\windows\472bthrez9177505.ocx
c:\windows\4901zro5659.exe
c:\windows\4909zpa5bot69a.bin
c:\windows\4946d5wnloadez2924.cpl
c:\windows\4952ad5wa9e97z.bin
c:\windows\4958bazkd95r1722.dll
c:\windows\495thre9t5z85.cpl
c:\windows\495zsteal2443.ocx
c:\windows\49fdbackzo5r2971.dll
c:\windows\4bf3th9efz2665.cpl
c:\windows\4c989ir555z.exe
c:\windows\4cc5thi5f27z29.dll
c:\windows\4e5zaddwar92259.ocx
c:\windows\4z435hief795.ocx
c:\windows\4z49thre5t12255.exe
c:\windows\4za359r638.dll
c:\windows\506619izus7aa.bin
c:\windows\50894wo9m4z3.ocx
c:\windows\5108zworm239.cpl
c:\windows\5167doznloader2979.cpl
c:\windows\5169thiez905.bin
c:\windows\5191spy9are567z.bin
c:\windows\51z92h9cktool5a5.cpl
c:\windows\526dthr9at199z0.dll
c:\windows\52999ownloade5222z.ocx
c:\windows\52b0sp5war93z75.ocx
c:\windows\52c9thrzat31488.bin
c:\windows\52z85or9502.cpl
c:\windows\52z9spyw5re31609.cpl
c:\windows\5355tzreat92555.exe
c:\windows\53cbspy9arez036.cpl
c:\windows\545spz799.ocx
c:\windows\549zs5a9se1317.bin
c:\windows\54abzckdo9r1429.cpl
c:\windows\55536not9a-zirus709.bin
c:\windows\5567vz956.bin
c:\windows\5575threat970z.ocx
c:\windows\5599steal3916z.exe
c:\windows\559zvir3199.ocx
c:\windows\55eeazd5are1459.exe
c:\windows\5629tr5j3z9.bin
c:\windows\567cztea93078.cpl
c:\windows\568eb9zkdoor1150.cpl
c:\windows\56efszywa953159.ocx
c:\windows\56z5vi9us404.cpl
c:\windows\5759spamzot4aa.cpl
c:\windows\581espyware17z59.bin
c:\windows\58758spzm9ot2b3.cpl
c:\windows\59185acktoo9ze7.bin
c:\windows\591zth5ef3019.exe
c:\windows\59a5tzief2403.ocx
c:\windows\5a39addw5rez31.bin
c:\windows\5a46dow9loadzr2547.dll
c:\windows\5aff5pyw9rez549.cpl
c:\windows\5b9spyware94z.dll
c:\windows\5be2t9r5az2487.dll
c:\windows\5d1aspyw9rez586.bin
c:\windows\5dz3spar5e13559.ocx
c:\windows\5eedspzw59e2669.dll
c:\windows\5f38azdware3149.bin
c:\windows\5f445own9ozder3139.dll
c:\windows\5fc5tzreat39359.exe
c:\windows\5z055teal1954.cpl
c:\windows\5z15thief13849.exe
c:\windows\5z36threat25595.bin
c:\windows\5z49spywar92258.dll
c:\windows\5z5ath9e52152.cpl
c:\windows\5z645w9rm2f4.cpl
c:\windows\5z651troj5dc9.cpl
c:\windows\5z87n5t-9-virus2c6.cpl
c:\windows\5z94dow9loader725.bin
c:\windows\5zb9vir1159.exe
c:\windows\5zd2thief2519.exe
c:\windows\60b59hrezt18554.dll
c:\windows\610bdow5zoa9er50.cpl
c:\windows\612bstz9l22425.dll
c:\windows\6252zir955.exe
c:\windows\62d7downloz5er9149.dll
c:\windows\62faa5dwarz9276.bin
c:\windows\62z7ste5l293.bin
c:\windows\648ebacz9oor24595.ocx
c:\windows\64daz5a9se59.ocx
c:\windows\64f9dzwnloa5e93006.cpl
c:\windows\6519stzal2673.exe
c:\windows\65369pywa5e29z9.ocx
c:\windows\6549ste9l12z6.bin
c:\windows\6560thiez7489.bin
c:\windows\6939spyz56.exe
c:\windows\69b5spa5se711z.cpl
c:\windows\69z4steal3275.ocx
c:\windows\69zcsparse3511.ocx
c:\windows\6b05spar9z5133.exe
c:\windows\6b8fadz9are25005.bin
c:\windows\6bc89tealz05.exe
c:\windows\6edzdownl95der1494.ocx
c:\windows\6f46dozn9oader1050.dll
c:\windows\6z1addwa5e3549.cpl
c:\windows\7198zownloader546.exe
c:\windows\71z9addware953.exe
c:\windows\727st5az859.cpl
c:\windows\7324th5ef1z69.ocx
c:\windows\74baa5dware294z.exe
c:\windows\74desparse95z.bin
c:\windows\759est5az1469.ocx
c:\windows\75zastea9356.exe
c:\windows\76e2th9ea5z6101.exe
c:\windows\77zthre959910.exe
c:\windows\7963zro95f2.ocx
c:\windows\7968virz958.bin
c:\windows\799fthreat9654z.cpl
c:\windows\79b5downlozd9r1951.dll
c:\windows\79bavirz599.ocx
c:\windows\7b90bazkdoo5297.cpl
c:\windows\7e01thre5z22985.bin
c:\windows\7e5backdooz2869.bin
c:\windows\7e90addwa5e1z559.dll
c:\windows\7e96sparse503z.cpl
c:\windows\7ff8bac5dozr22839.ocx
c:\windows\813zh9c5tool776.cpl
c:\windows\82649pamb5z55c.cpl
c:\windows\8425zp95bf.ocx
c:\windows\8689zot-a-virus755.ocx
c:\windows\8z56h9cktool3255.ocx
c:\windows\9005thief155z.dll
c:\windows\9024stezl2052.ocx
c:\windows\915backdooz3156.cpl
c:\windows\91f0adzware5194.exe
c:\windows\92235tzal2587.dll
c:\windows\923z0troj505.cpl
c:\windows\92707zirus4b85.dll
c:\windows\92989virzs552.bin
c:\windows\9336spazb5t505.ocx
c:\windows\94z565irusd7.ocx
c:\windows\9523z5rm2099.dll
c:\windows\9540tro977z.exe
c:\windows\9556tro9545z.exe
c:\windows\9564zworm257.ocx
c:\windows\95azbackdo5r1999.bin
c:\windows\95e0t5ief82z.cpl
c:\windows\96123notza-vi5us376.ocx
c:\windows\961tro5z25.ocx
c:\windows\9728sp5z90.dll
c:\windows\972cspzware665.ocx
c:\windows\9839zacktool3985.cpl
c:\windows\987fzhreat19895.cpl
c:\windows\98z51worm8e.bin
c:\windows\9997wz5mee.cpl
c:\windows\99bb5pywzre496.cpl
c:\windows\99c5vir305z.exe
c:\windows\9a1bad5waze1425.ocx
c:\windows\9bd5zir1760.ocx
c:\windows\9c52vir20z7.cpl
c:\windows\9z06steal265.exe
c:\windows\a19virz95.cpl
c:\windows\a7atz9e5t27347.dll
c:\windows\b09downloader2450z.dll
c:\windows\b3ds5a9sz2662.dll
c:\windows\b59backd5or2401z.ocx
c:\windows\c1estza95732.dll
c:\windows\cfzadd59re150.cpl
c:\windows\d4thief259z9.cpl
c:\windows\d78dow5loaderz7069.exe
c:\windows\d89downloaderz0555.exe
c:\windows\e8fs95warz305.bin
c:\windows\Installer\161f81.msi
c:\windows\Installer\f29788.msi
c:\windows\system32\1037szy6529.ocx
c:\windows\system32\10699viruz425.dll
c:\windows\system32\116z59ot-a-virus2b25.ocx
c:\windows\system32\11803spambo92fz5.exe
c:\windows\system32\1189szy759.bin
c:\windows\system32\11953hack5ool5z6.cpl
c:\windows\system32\11fzv9r3150.ocx
c:\windows\system32\12261hac9toolzf75.ocx
c:\windows\system32\12285h9cktozl6db.cpl
c:\windows\system32\1229thizf5880.cpl
c:\windows\system32\1245zwo5m494.exe
c:\windows\system32\1295thizf569.ocx
c:\windows\system32\13045vi9us7z0.ocx
c:\windows\system32\13579ddwzre158.cpl
c:\windows\system32\137zad5w9re890.dll
c:\windows\system32\13953h9ck5ool413z.exe
c:\windows\system32\13e8downloaz59582.exe
c:\windows\system32\15045h9cktzol483.ocx
c:\windows\system32\15090hacz5ool97.cpl
c:\windows\system32\15179hacktoo955dz.exe
c:\windows\system32\15435hac9tozl43b.ocx
c:\windows\system32\15510hacktooz291.dll
c:\windows\system32\15560spambot5z9.exe
c:\windows\system32\1559downloaderz738.dll
c:\windows\system32\155zspywa9e1799.cpl
c:\windows\system32\15639trz579c.exe
c:\windows\system32\15992virzs986.exe
c:\windows\system32\16778n5t-a9virusz9d.exe
c:\windows\system32\16914vi5us5z39.ocx
c:\windows\system32\16czs5eal2497.bin
c:\windows\system32\1728459y5cdz.cpl
c:\windows\system32\1737h5ckzool1499.cpl
c:\windows\system32\17977vi5us39z.bin
c:\windows\system32\17ezt5i9f296.dll
c:\windows\system32\182z9arse29515.dll
c:\windows\system32\18497spa5bzt6f9.bin
c:\windows\system32\184z0troj5895.dll
c:\windows\system32\18558v9zus3a4.cpl
c:\windows\system32\18d5sparse9z59.dll
c:\windows\system32\1955vzr36.ocx
c:\windows\system32\19781h5cktool15ez.cpl
c:\windows\system32\19957sp5za29.ocx
c:\windows\system32\19979iz5sf0.exe
c:\windows\system32\199threat6z685.dll
c:\windows\system32\19c65z9ware52.exe
c:\windows\system32\1ac5zp9rs52463.dll
c:\windows\system32\1ac9dowzlo5der445.exe
c:\windows\system32\1cz7backdoor2594.ocx
c:\windows\system32\1cz89h5ef2012.exe
c:\windows\system32\1d5a9zdware590.ocx
c:\windows\system32\1d69zpywa5e665.ocx
c:\windows\system32\1f53bzc5door9021.cpl
c:\windows\system32\1f5st9al5009z.cpl
c:\windows\system32\20080not-a5viruz4e9.cpl
c:\windows\system32\202489zrm2f65.ocx
c:\windows\system32\205bvir19z6.bin
c:\windows\system32\20929zroj595.exe
c:\windows\system32\20942hzcktoo5533.dll
c:\windows\system32\2097vir5sz5d.cpl
c:\windows\system32\216409rz5319.ocx
c:\windows\system32\21857not-a-ziru9380.exe
c:\windows\system32\21ezthreat910045.bin
c:\windows\system32\2203not-a-5izus9cd.cpl
c:\windows\system32\223049pamb5t1z.exe
c:\windows\system32\223249zc5tool1ef.cpl
c:\windows\system32\22633vi59s74z.cpl
c:\windows\system32\226hzcktool95.exe
c:\windows\system32\22949hacktooz2bb5.exe
c:\windows\system32\233995zy4ab.ocx
c:\windows\system32\23581wo5939z.cpl
c:\windows\system32\23845virz52f89.cpl
c:\windows\system32\2425znot-a-v9ru5280.cpl
c:\windows\system32\24391tr5j794z.bin
c:\windows\system32\248125pam9oz14e.bin
c:\windows\system32\2485thr5atz9558.dll
c:\windows\system32\24950trzj5b4.bin
c:\windows\system32\25196spamzot34c.cpl
c:\windows\system32\25325zir9s5c9.ocx
c:\windows\system32\25572zorm95b.bin
c:\windows\system32\2572spyware69z.bin
c:\windows\system32\25829s5y8z.ocx
c:\windows\system32\2595ste9z983.cpl
c:\windows\system32\2596troj4d9z.exe
c:\windows\system32\2599hacktooz75c.ocx
c:\windows\system32\25e39zr20155.ocx
c:\windows\system32\2649zspy1155.exe
c:\windows\system32\265z1not-a-vi9us156.bin
c:\windows\system32\2669zsp5mbot953.bin
c:\windows\system32\268fadzwar95089.bin
c:\windows\system32\26909not-a-viru5z9b.bin
c:\windows\system32\26z44n9t-a-vir5s50.ocx
c:\windows\system32\26z9worm15.bin
c:\windows\system32\27086tro95z.ocx
c:\windows\system32\27174no9za-virus528.dll
c:\windows\system32\27273hack5ozl759.dll
c:\windows\system32\2772notza-vi9us6b75.bin
c:\windows\system32\28122vi9u57z3.ocx
c:\windows\system32\2823wo9z590.cpl
c:\windows\system32\28272hzckto5l5f9.exe
c:\windows\system32\28470wo9z5aa5.ocx
c:\windows\system32\28576hacktooz259.bin
c:\windows\system32\285c5ack9oor230z.cpl
c:\windows\system32\28736szamb9t59c.cpl
c:\windows\system32\28750zack9ool506.exe
c:\windows\system32\28z80not-a-v95us718.dll
c:\windows\system32\29015not-a-vi9us43z.bin
c:\windows\system32\293595irzs15b.bin
c:\windows\system32\29659spamzot19b.dll
c:\windows\system32\296ct5reatz0994.dll
c:\windows\system32\29855spa9bot3a9z.cpl
c:\windows\system32\298805azk9ool722.bin
c:\windows\system32\29z29sp5b9.dll
c:\windows\system32\29zcaddware5323.dll
c:\windows\system32\2a0ddownl95dez1661.bin
c:\windows\system32\2b70zir35199.exe
c:\windows\system32\2b9ds5zrse392.bin
c:\windows\system32\2eccszarse91275.bin
c:\windows\system32\2ffd5parsz23759.ocx
c:\windows\system32\2z15thie95.cpl
c:\windows\system32\2z173wo595ae.ocx
c:\windows\system32\2z545spy599.bin
c:\windows\system32\2z55thie5922.cpl
c:\windows\system32\2z599spy7f9.exe
c:\windows\system32\2z789no9-a-5irus575.bin
c:\windows\system32\2zeesteal52499.ocx
c:\windows\system32\301875zrus5969.bin
c:\windows\system32\3023tz5eat8912.bin
c:\windows\system32\3044sparsz4059.bin
c:\windows\system32\30539zp9m5ot78a.dll
c:\windows\system32\309795roj593z.bin
c:\windows\system32\30z84sp5mbo9746.dll
c:\windows\system32\3149t5reat99z4.dll
c:\windows\system32\31985spamb5t5zc.exe
c:\windows\system32\31f39ownloader1459z.bin
c:\windows\system32\320s9zw5re635.ocx
c:\windows\system32\32146tr59z44.exe
c:\windows\system32\3219spz3095.ocx
c:\windows\system32\32458zot9a-virus3ad.ocx
c:\windows\system32\3249sp5rze1513.ocx
c:\windows\system32\3273a9dwarz157.dll
c:\windows\system32\330not-5-virzs29a.exe
c:\windows\system32\33e5spzware1229.bin
c:\windows\system32\349dsteal3568z.exe
c:\windows\system32\34dezpy5are1907.ocx
c:\windows\system32\3519st9zl1177.dll
c:\windows\system32\35696zackt9ol4db.cpl
c:\windows\system32\3572d5wnl9aderz699.ocx
c:\windows\system32\359ethreat19071z.cpl
c:\windows\system32\35ae9p5rsz2234.ocx
c:\windows\system32\35d5p9warz2820.bin
c:\windows\system32\384adoz5loader2994.bin
c:\windows\system32\3859t5i9f49z.ocx
c:\windows\system32\38bzspy9ar51784.cpl
c:\windows\system32\39052spz7e6.exe
c:\windows\system32\391z9ackd5or2252.cpl
c:\windows\system32\39456wormz5.exe
c:\windows\system32\39572worm17z.cpl
c:\windows\system32\3960d5wnloadzr2470.bin
c:\windows\system32\3a59t5reat2586z.cpl
c:\windows\system32\3b5bdownload9z189.ocx
c:\windows\system32\3ba3zpar952682.cpl
c:\windows\system32\3c009ze5l451.ocx
c:\windows\system32\3cz9downloader2558.exe
c:\windows\system32\3d299ow5lzader2230.ocx
c:\windows\system32\3d5athreat149z1.cpl
c:\windows\system32\3e919ownl5adzr2607.dll
c:\windows\system32\3ec6zpar9e295.bin
c:\windows\system32\3fa7tzie95475.bin
c:\windows\system32\3ff0szea52195.bin
c:\windows\system32\40a5thr9az14807.cpl
c:\windows\system32\40z0thief9153.bin
c:\windows\system32\4119zpy5are1751.exe
c:\windows\system32\417bthizf5199.cpl
c:\windows\system32\41905ddwar9777z.cpl
c:\windows\system32\4198viz2525.cpl
c:\windows\system32\419zthief3435.cpl
c:\windows\system32\4247wo5z389.bin
c:\windows\system32\436bzckdoo98545.exe
c:\windows\system32\43985irz5609.cpl
c:\windows\system32\44zc5py9are555.exe
c:\windows\system32\459spam9ot27z.exe
c:\windows\system32\45d5wnzoa9er1879.ocx
c:\windows\system32\45zeste9l657.ocx
c:\windows\system32\48465hizf29289.ocx
c:\windows\system32\496zspy4b5.exe
c:\windows\system32\497esparse1z765.ocx
c:\windows\system32\498ezh9eat118515.cpl
c:\windows\system32\4991zparse6475.dll
c:\windows\system32\49d3vir79z5.dll
c:\windows\system32\4a39stealz765.cpl
c:\windows\system32\4a4d95arse2z62.dll
c:\windows\system32\4c439h5ez1582.bin
c:\windows\system32\4c79bac5door1z29.bin
c:\windows\system32\4cz0stea93577.dll
c:\windows\system32\4e9a5zckdoor1679.ocx
c:\windows\system32\4z079te5l1912.dll
c:\windows\system32\4z3fth9ef5698.bin
c:\windows\system32\4z5spyware2942.ocx
c:\windows\system32\5015ad9warz2853.bin
c:\windows\system32\50264worz39e.exe
c:\windows\system32\50289hackzool309.dll
c:\windows\system32\5057b9ckdozr1904.ocx
c:\windows\system32\5065tzief12929.exe
c:\windows\system32\5129wo5z347.bin
c:\windows\system32\5137trojz9.cpl
c:\windows\system32\514429roj73z.ocx
c:\windows\system32\51556s9y59z.bin
c:\windows\system32\51950szy7f1.cpl
c:\windows\system32\51981zpambot18f.dll
c:\windows\system32\51992hacktozl6ad.dll
c:\windows\system32\5455not-a5ziru9186.dll
c:\windows\system32\545bthizf14409.bin
c:\windows\system32\5572spywarez0399.exe
c:\windows\system32\5z51downloader109.dll
c:\windows\system32\5ze4vi915175.bin
c:\windows\system32\65z49orm554.dll
c:\windows\system32\6799nzt-a-9i5us6d8.dll
c:\windows\system32\7za5addware9362.bin
c:\windows\system32\916thizf2954.dll
c:\windows\system32\9224zp5mbot509.bin
c:\windows\system32\95465v5rus1z5.dll
c:\windows\system32\9589virus5ze.bin
c:\windows\system32\973265ot-a-vizus7bc.exe
c:\windows\system32\97cebackdozr1531.exe
c:\windows\system32\z55p93d8.bin
c:\windows\z0083s9ambot1d5.cpl
c:\windows\z099addware32355.cpl
c:\windows\z104sp9591.bin
c:\windows\z1995wor96c4.exe
c:\windows\z26bs5ars9490.cpl
c:\windows\z3959ownloader52.bin
c:\windows\z3a9bac5door2298.ocx
c:\windows\z4416not-9-5irus114.ocx
c:\windows\z49575ot-a-vir9s4c0.ocx
c:\windows\z5089s9ambot5e5.bin
c:\windows\z5659s9ambot23.dll
c:\windows\z69595irus137.bin
c:\windows\z746v9r2765.dll
c:\windows\z81169orm3455.bin
c:\windows\z9107hac9tool3005.cpl
c:\windows\z919vir11955.bin
c:\windows\z9327not-a95irus53f.cpl
c:\windows\z9927hacktool9385.cpl
c:\windows\za09vir5798.cpl
c:\windows\zc209hief5360.dll
c:\windows\zc29th9ef519.ocx
c:\windows\zc81s9eal5152.bin
c:\windows\ze41stea524289.bin

.
((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))
.

2009-12-15 17:03 . 2009-12-15 17:03 9669 ----a-w- c:\windows\system32\769ethie5z714.dll
2009-12-02 19:26 . 2009-12-02 19:26 6591 ----a-w- c:\windows\system32\beethiz59449.dll
2009-11-12 03:21 . 2009-11-12 03:21 3770 ----a-w- c:\windows\system32\8299sp5mbzt179.bin
2009-11-03 14:03 . 2009-11-03 14:03 3592 ----a-w- c:\windows\system32\77fcthrea916529z.dll
2009-09-23 20:48 . 2009-09-23 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-23 20:48 . 2009-09-23 20:48 -------- d-----w- c:\users\Other\AppData\Local\temp
2009-09-23 20:48 . 2009-09-23 20:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-09-20 17:09 . 2009-09-20 17:09 -------- d-----w- c:\users\Zsuzsi\AppData\Roaming\Malwarebytes
2009-09-20 17:09 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 17:09 . 2009-09-20 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 17:09 . 2009-09-20 17:09 -------- d-----w- c:\programdata\Malwarebytes
2009-09-20 17:09 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-20 15:24 . 2009-09-20 15:24 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-20 02:10 . 2009-09-20 02:10 8780 ----a-w- c:\windows\system32\91549wor54fcz.bin
2009-09-20 02:10 . 2009-09-20 02:10 4923 ----a-w- c:\windows\system32\7cb79zyware14855.exe
2009-09-20 02:10 . 2009-09-20 02:10 8778 ----a-w- c:\windows\system32\5z3cd9wnload5r2908.dll
2009-09-20 02:10 . 2009-09-20 02:10 2709 ----a-w- c:\windows\system32\688fszeal91065.bin
2009-09-20 02:10 . 2009-09-20 02:10 5743 ----a-w- c:\windows\system32\59c9szeal9371.bin
2009-09-20 02:10 . 2009-09-20 02:10 3382 ----a-w- c:\windows\system32\5690ha95zool3cd.exe
2009-09-20 02:10 . 2009-09-20 02:10 8552 ----a-w- c:\windows\system32\ze65addware14949.bin
2009-09-20 02:10 . 2009-09-20 02:10 6196 ----a-w- c:\windows\system32\52z54not9a-virus5f9.dll
2009-09-20 02:10 . 2009-09-20 02:10 3658 ----a-w- c:\windows\system32\6ea5b5c9dzor1538.dll
2009-09-20 02:10 . 2009-09-20 02:10 467456 ----a-w- c:\windows\system32\6ze9rf50.exe
2009-09-19 23:14 . 2009-09-19 23:15 -------- d-----w- c:\windows\system32\ca-ES
2009-09-19 23:14 . 2009-09-19 23:15 -------- d-----w- c:\windows\system32\eu-ES
2009-09-19 23:14 . 2009-09-19 23:15 -------- d-----w- c:\windows\system32\vi-VN
2009-09-19 22:42 . 2009-09-19 22:42 -------- d-----w- c:\windows\system32\EventProviders
2009-09-17 22:10 . 2009-04-11 06:28 268800 ----a-w- c:\windows\system32\es.dll
2009-09-17 22:09 . 2009-04-11 06:32 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
2009-09-17 22:08 . 2009-04-11 06:27 16896 ----a-w- c:\windows\system32\gpupdate.exe
2009-09-13 00:42 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-13 00:42 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-13 00:40 . 2009-09-13 00:40 -------- d-----w- c:\program files\iPod
2009-09-13 00:40 . 2009-09-13 00:42 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 00:40 . 2009-09-13 00:42 -------- d-----w- c:\program files\iTunes
2009-09-13 00:36 . 2009-09-13 00:36 -------- d-----w- c:\program files\QuickTime
2009-09-12 22:54 . 2009-09-12 22:54 4842 ----a-w- c:\windows\system32\5559th9ef1405z.bin
2009-09-09 22:10 . 2009-09-09 22:10 2880 ----a-w- c:\windows\system32\5e52vi915z1.dll
2009-09-02 20:35 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 20:35 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 13:57 . 2009-09-02 14:01 -------- d-----w- c:\users\Zsuzsi\{4a03567e-e7e2-4c5a-ab31-650905494939}
2009-09-02 13:31 . 2009-09-02 13:34 144447 ----a-w- c:\windows\hpqins00.dat
2009-09-02 13:27 . 2009-09-06 22:30 -------- d-----w- c:\users\Zsuzsi\AppData\Roaming\HpUpdate
2009-09-02 13:26 . 2009-09-02 13:26 -------- d-----w- c:\windows\Hewlett-Packard
2009-08-28 07:49 . 2009-08-28 07:49 9574 ----a-w- c:\windows\system32\7186sp94z55.exe
2009-08-26 14:06 . 2009-08-26 14:06 3465 ----a-w- c:\windows\system32\80985roj5z2.dll
2009-08-26 03:20 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 02:12 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-08-25 02:07 . 2009-08-25 02:07 5198 ----a-w- c:\windows\system32\z9ea9teal1510.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 20:32 . 2008-02-28 04:38 -------- d-----w- c:\users\Zsuzsi\AppData\Roaming\Skype
2009-09-23 20:03 . 2008-02-28 04:41 -------- d-----w- c:\users\Zsuzsi\AppData\Roaming\skypePM
2009-09-20 20:20 . 2008-04-16 18:02 -------- d-----w- c:\users\Zsuzsi\AppData\Roaming\Move Networks
2009-09-19 23:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-19 23:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-19 23:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-19 23:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-19 23:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-19 23:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-19 23:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-19 23:10 . 2009-09-19 23:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-16 23:42 . 2008-02-29 01:38 -------- d-----w- c:\users\Zsuzsi\AppData\Roaming\Apple Computer
2009-09-13 03:19 . 2009-03-18 21:35 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-13 00:40 . 2008-02-29 01:28 -------- d-----w- c:\program files\Common Files\Apple
2009-09-02 13:12 . 2008-03-09 19:05 -------- d-----w- c:\users\Zsuzsi\AppData\Roaming\HP
2009-09-02 13:04 . 2008-02-27 20:45 111344 ----a-w- c:\users\Zsuzsi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-22 03:35 . 2009-08-22 03:35 10751 ----a-w- c:\windows\system32\735e9h5ef3071z.dll
2009-08-19 00:55 . 2009-08-19 00:55 7618 ----a-w- c:\windows\system32\65a1spy9zre2594.bin
2009-08-14 23:31 . 2008-05-09 02:03 -------- d-----w- c:\program files\Common Files\Nero
2009-08-14 23:28 . 2008-05-09 02:03 -------- d-----w- c:\programdata\Nero
2009-08-14 16:27 . 2009-09-12 23:29 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-12 23:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-12 23:29 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-12 23:29 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-12 23:29 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-12 23:29 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-12 23:29 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-12 23:29 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-12 23:29 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-12 23:29 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-12 23:29 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-30 15:44 . 2009-07-30 15:43 -------- d-----w- c:\users\Zsuzsi\AppData\Roaming\Image Zone Express
2009-07-30 15:44 . 2009-07-30 15:43 -------- d-----w- c:\users\Zsuzsi\AppData\Roaming\Printer Info Cache
2009-07-21 21:52 . 2009-07-29 22:44 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 22:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 22:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 22:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 21:46 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-16 09:51 . 2009-07-16 09:51 11914 ----a-w- c:\windows\system32\6499thzea523995.bin
2009-07-15 12:40 . 2009-08-12 21:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 21:44 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 21:44 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 21:44 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-12 05:58 . 2009-07-12 05:58 4669 ----a-w- c:\windows\system32\a23down5oz9er1918.exe
2009-07-12 03:24 . 2009-07-12 03:24 16929 ----a-w- c:\windows\system32\7bz7d95nloader1880.exe
2009-07-11 19:01 . 2009-09-12 23:29 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-12 23:29 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-12 23:29 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-12 23:29 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-12 23:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-08 21:02 . 2009-07-08 21:02 4726 ----a-w- c:\windows\system32\6zd9addware225.dll
2009-07-08 10:07 . 2009-07-08 10:07 9690 ----a-w- c:\windows\system32\5809sp9warez56.dll
2009-07-06 02:38 . 2009-07-06 02:38 17130 ----a-w- c:\windows\system32\z6107not-5-v9rus9.dll
2009-06-25 23:36 . 2009-06-25 23:36 16881 ----a-w- c:\windows\system32\57edadd9are131z5.exe
2008-02-22 13:19 . 2008-02-22 13:19 76 --sh--r- c:\windows\CT4CET.bin
2008-02-22 21:00 . 2008-02-22 20:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-15 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-01-24 771336]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-01-24 173320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-23 151552]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-22 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ee,30,ee,40,80,39,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6230A5DB-177F-4AE4-921F-BF7A4B911443}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{FC2F8A2A-4A00-4908-99E9-22FFA5E54431}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{65025AFF-573E-4763-961F-A5506FACE547}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{33F1690F-1F8B-42D0-A2F0-5EC0A3105311}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{7DE943E4-E9A4-480F-944C-F3B0A1C0786E}"= UDP:c:\program files\CyberLink\PCM4Everio\PCM4Everio.exe:CyberLink PowerCinema NE for Everio
"{FD329C1C-33BD-48F7-A0F8-2B889F41A413}"= TCP:c:\program files\CyberLink\PCM4Everio\PCM4Everio.exe:CyberLink PowerCinema NE for Everio
"{D6AA61E4-B770-4DF9-91CE-B6A838F7BC2E}"= UDP:c:\program files\CyberLink\PCM4Everio\EverioService.exe:CyberLink PowerCinema NE for Everio Resident Program
"{0AF4F558-9AEC-4BD3-A16D-5B8D4CAC108F}"= TCP:c:\program files\CyberLink\PCM4Everio\EverioService.exe:CyberLink PowerCinema NE for Everio Resident Program
"{5B370267-3F65-4C6C-80B4-B85EEA42CE4C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{89314D08-D67E-4158-AFAE-7C0CA255DC1B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4B48BDA9-EE81-4877-967F-9351942A1207}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E66F8BBD-2E1D-41D2-8775-984DC5C56B39}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7B99ABBC-ACAA-4506-858A-7981B2D4B770}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1E986ED9-B0B4-4135-80CE-60AEAD577877}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090910.001\IDSvix86.sys [9/12/2009 10:46 PM 272432]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2/22/2008 9:06 AM 73728]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [3/18/2009 5:35 PM 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2/22/2008 5:01 PM 179712]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/1/2009 6:26 PM 102448]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2/22/2008 5:01 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2/22/2008 5:01 PM 7424]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 12:31 PM 41008]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/22/2008 9:33 AM 29744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-23 c:\windows\Tasks\User_Feed_Synchronization-{9CD61289-776F-43BA-8FA7-5A836F660C72}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-23 16:49
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-23 16:53
ComboFix-quarantined-files.txt 2009-09-23 20:53

Pre-Run: 88,151,842,816 bytes free
Post-Run: 87,349,977,088 bytes free

850 --- E O F --- 2009-09-21 22:37

Zsuzsanna1
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-20
OS OS : moon1126
Points Points : 26352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Belahzur on Wed Sep 23, 2009 11:25 pm

Hello.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\769ethie5z714.dll
    c:\windows\system32\beethiz59449.dll
    c:\windows\system32\8299sp5mbzt179.bin
    c:\windows\system32\77fcthrea916529z.dll
    c:\windows\system32\91549wor54fcz.bin
    c:\windows\system32\7cb79zyware14855.exe
    c:\windows\system32\5z3cd9wnload5r2908.dll
    c:\windows\system32\688fszeal91065.bin
    c:\windows\system32\59c9szeal9371.bin
    c:\windows\system32\5690ha95zool3cd.exe
    c:\windows\system32\ze65addware14949.bin
    c:\windows\system32\52z54not9a-virus5f9.dll
    c:\windows\system32\6ea5b5c9dzor1538.dll
    c:\windows\system32\6ze9rf50.exe
    c:\windows\system32\5559th9ef1405z.bin
    c:\windows\system32\5e52vi915z1.dll
    c:\windows\system32\7186sp94z55.exe
    c:\windows\system32\80985roj5z2.dll
    c:\windows\system32\z9ea9teal1510.dll
    c:\windows\system32\735e9h5ef3071z.dll
    c:\windows\system32\65a1spy9zre2594.bin
    c:\windows\system32\6499thzea523995.bin
    c:\windows\system32\a23down5oz9er1918.exe
    c:\windows\system32\7bz7d95nloader1880.exe
    c:\windows\system32\6zd9addware225.dll
    c:\windows\system32\5809sp9warez56.dll
    c:\windows\system32\z6107not-5-v9rus9.dll
    c:\windows\system32\57edadd9are131z5.exe


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Uninstalled Save Defender still acting up

Post by Zsuzsanna1 on Wed Sep 23, 2009 11:58 pm

Some of the files could not be moved, here is the log:
========== FILES ==========
LoadLibrary failed for c:\windows\system32\769ethie5z714.dll
c:\windows\system32\769ethie5z714.dll NOT unregistered.
c:\windows\system32\769ethie5z714.dll moved successfully.
LoadLibrary failed for c:\windows\system32\beethiz59449.dll
c:\windows\system32\beethiz59449.dll NOT unregistered.
c:\windows\system32\beethiz59449.dll moved successfully.
c:\windows\system32\8299sp5mbzt179.bin moved successfully.
LoadLibrary failed for c:\windows\system32\77fcthrea916529z.dll
c:\windows\system32\77fcthrea916529z.dll NOT unregistered.
c:\windows\system32\77fcthrea916529z.dll moved successfully.
c:\windows\system32\91549wor54fcz.bin moved successfully.
c:\windows\system32\7cb79zyware14855.exe moved successfully.
LoadLibrary failed for c:\windows\system32\5z3cd9wnload5r2908.dll
c:\windows\system32\5z3cd9wnload5r2908.dll NOT unregistered.
c:\windows\system32\5z3cd9wnload5r2908.dll moved successfully.
c:\windows\system32\688fszeal91065.bin moved successfully.
c:\windows\system32\59c9szeal9371.bin moved successfully.
c:\windows\system32\5690ha95zool3cd.exe moved successfully.
c:\windows\system32\ze65addware14949.bin moved successfully.
LoadLibrary failed for c:\windows\system32\52z54not9a-virus5f9.dll
c:\windows\system32\52z54not9a-virus5f9.dll NOT unregistered.
c:\windows\system32\52z54not9a-virus5f9.dll moved successfully.
LoadLibrary failed for c:\windows\system32\6ea5b5c9dzor1538.dll
c:\windows\system32\6ea5b5c9dzor1538.dll NOT unregistered.
c:\windows\system32\6ea5b5c9dzor1538.dll moved successfully.
File move failed. c:\windows\system32\6ze9rf50.exe scheduled to be moved on reboot.
c:\windows\system32\5559th9ef1405z.bin moved successfully.
LoadLibrary failed for c:\windows\system32\5e52vi915z1.dll
c:\windows\system32\5e52vi915z1.dll NOT unregistered.
c:\windows\system32\5e52vi915z1.dll moved successfully.
c:\windows\system32\7186sp94z55.exe moved successfully.
LoadLibrary failed for c:\windows\system32\80985roj5z2.dll
c:\windows\system32\80985roj5z2.dll NOT unregistered.
c:\windows\system32\80985roj5z2.dll moved successfully.
LoadLibrary failed for c:\windows\system32\z9ea9teal1510.dll
c:\windows\system32\z9ea9teal1510.dll NOT unregistered.
c:\windows\system32\z9ea9teal1510.dll moved successfully.
LoadLibrary failed for c:\windows\system32\735e9h5ef3071z.dll
c:\windows\system32\735e9h5ef3071z.dll NOT unregistered.
c:\windows\system32\735e9h5ef3071z.dll moved successfully.
c:\windows\system32\65a1spy9zre2594.bin moved successfully.
c:\windows\system32\6499thzea523995.bin moved successfully.
c:\windows\system32\a23down5oz9er1918.exe moved successfully.
c:\windows\system32\7bz7d95nloader1880.exe moved successfully.
LoadLibrary failed for c:\windows\system32\6zd9addware225.dll
c:\windows\system32\6zd9addware225.dll NOT unregistered.
c:\windows\system32\6zd9addware225.dll moved successfully.
LoadLibrary failed for c:\windows\system32\5809sp9warez56.dll
c:\windows\system32\5809sp9warez56.dll NOT unregistered.
c:\windows\system32\5809sp9warez56.dll moved successfully.
LoadLibrary failed for c:\windows\system32\z6107not-5-v9rus9.dll
c:\windows\system32\z6107not-5-v9rus9.dll NOT unregistered.
c:\windows\system32\z6107not-5-v9rus9.dll moved successfully.
c:\windows\system32\57edadd9are131z5.exe moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09232009_194742

Files moved on Reboot...
File move failed. c:\windows\system32\6ze9rf50.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Zsuzsanna1
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-20
OS OS : moon1126
Points Points : 26352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Belahzur on Thu Sep 24, 2009 6:40 pm

Hello.
Please re-run DDS and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Uninstalled Save Defender still acting up

Post by Zsuzsanna1 on Thu Sep 24, 2009 10:04 pm

Hi, here is the DDs.txt:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Zsuzsi at 18:02:01.56 on Thu 09/24/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.595 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Zsuzsi\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090910.001\IDSvix86.sys [2009-9-12 272432]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-2-22 73728]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-3-18 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-2-22 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-1 102448]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-2-22 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-2-22 7424]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-22 29744]

=============== Created Last 30 ================

2009-09-23 19:47 --d----- C:\_OTM
2009-09-23 17:52 --d----- c:\program files\iPod
2009-09-23 17:52 --d----- c:\program files\iTunes
2009-09-23 16:53 --dsh--- C:\$RECYCLE.BIN
2009-09-23 16:18 229,888 a------- c:\windows\PEV.exe
2009-09-23 16:18 161,792 a------- c:\windows\SWREG.exe
2009-09-23 16:18 98,816 a------- c:\windows\sed.exe
2009-09-20 13:09 --d----- c:\users\zsuzsi\appdata\roaming\Malwarebytes
2009-09-20 13:09 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 13:09 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-20 13:09 --d----- c:\programdata\Malwarebytes
2009-09-20 13:09 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 13:09 --d----- c:\progra~2\Malwarebytes
2009-09-20 11:24 --d----- c:\programdata\Office Genuine Advantage
2009-09-19 22:10 14,177 a------- c:\windows\system32\e48thrz5t39261.ocx
2009-09-19 22:10 8,529 a------- c:\windows\system32\d0f5i9z498.ocx
2009-09-19 22:10 12,594 a------- c:\windows\system32\705avzr9433.cpl
2009-09-19 22:10 5,612 a------- c:\windows\system32\6b9e9hiez19265.ocx
2009-09-19 22:10 8,926 a------- c:\windows\system32\70ado5nloa9ez1062.cpl
2009-09-19 22:10 6,262 a------- c:\windows\system32\5252troj9z7.cpl
2009-09-19 22:10 13,757 a------- c:\windows\system32\589zthreat31380.ocx
2009-09-19 22:10 467,456 a------- c:\windows\system32\6ze9rf50.exe
2009-09-19 19:14 --d----- c:\windows\system32\eu-ES
2009-09-19 19:14 --d----- c:\windows\system32\ca-ES
2009-09-19 19:14 --d----- c:\windows\system32\vi-VN
2009-09-19 19:10 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-19 18:42 --d----- c:\windows\system32\EventProviders
2009-09-17 18:10 268,800 a------- c:\windows\system32\es.dll
2009-09-17 18:09 869,888 a------- c:\windows\system32\printui.dll
2009-09-17 18:08 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-09-12 20:42 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-12 20:42 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-12 20:40 --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 20:40 --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-06 19:19 18,085 a------- c:\windows\system32\9795troj68z.cpl
2009-09-05 07:28 7,295 a------- c:\windows\system32\5914do5nzo9der2145.cpl
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-02 16:35 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 16:35 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 09:57 --d----- c:\users\zsuzsi\{4a03567e-e7e2-4c5a-ab31-650905494939}
2009-09-02 09:31 144,447 a------- c:\windows\hpqins00.dat
2009-09-02 09:27 --d----- c:\users\zsuzsi\appdata\roaming\HpUpdate
2009-09-02 09:26 --d----- c:\windows\Hewlett-Packard
2009-08-25 23:20 2,048 a------- c:\windows\system32\tzres.dll
2009-08-25 22:12 1,696,768 a------- c:\windows\system32\gameux.dll

==================== Find3M ====================

2009-09-19 19:20 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-19 19:20 143,360 a------- c:\windows\inf\infstor.dat
2009-09-19 19:20 51,200 a------- c:\windows\inf\infpub.dat
2009-09-19 19:13 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-14 12:27 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:48 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 08:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 08:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 08:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 08:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-11 15:01 513,536 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:01 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:01 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:01 65,024 a------- c:\windows\system32\wlanapi.dll
2009-07-11 13:03 127,488 a------- c:\windows\system32\L2SecHC.dll
2008-09-26 21:27 174 a--sh--- c:\program files\desktop.ini
2008-06-29 19:36 56 a---h--- c:\programdata\ezsidmv.dat
2008-06-29 19:36 56 a---h--- c:\progra~2\ezsidmv.dat
2008-03-15 21:24 61,224 a------- c:\users\zsuzsi\GoToAssistDownloadHelper.exe
2008-02-28 00:41 32 a------- c:\programdata\ezsid.dat
2008-02-28 00:41 32 a------- c:\progra~2\ezsid.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-02-22 09:19 76 ---shr-- c:\windows\CT4CET.bin
2008-02-22 17:00 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:03:00.65 ===============

Zsuzsanna1
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-20
OS OS : moon1126
Points Points : 26352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Belahzur on Thu Sep 24, 2009 11:58 pm

Hello.
This infection doesn't want to go does it? time to get stronger.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
c:\windows\system32\e48thrz5t39261.ocx
c:\windows\system32\d0f5i9z498.ocx
c:\windows\system32\705avzr9433.cpl
c:\windows\system32\6b9e9hiez19265.ocx
c:\windows\system32\70ado5nloa9ez1062.cpl
c:\windows\system32\5252troj9z7.cpl
c:\windows\system32\589zthreat31380.ocx
c:\windows\system32\6ze9rf50.exe
c:\windows\system32\9795troj68z.cpl
c:\windows\system32\5914do5nzo9der2145.cpl

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Zsuzsanna1 on Fri Sep 25, 2009 12:51 am

Hello,
I made a little mistake. When I copied the files to the avenger.exe I accidentally left the last file's "L" off. Now i just noticed it, when I copied the log file here. Sorry. Do I do it again with only the last file? I wait for your reply.
Here is the avanger.txt anyway:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Thu Sep 24 20:29:36 2009

20:29:36: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Thu Sep 24 20:30:05 2009

20:30:05: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\e48thrz5t39261.ocx" deleted successfully.
File "c:\windows\system32\d0f5i9z498.ocx" deleted successfully.
File "c:\windows\system32\705avzr9433.cpl" deleted successfully.
File "c:\windows\system32\6b9e9hiez19265.ocx" deleted successfully.
File "c:\windows\system32\70ado5nloa9ez1062.cpl" deleted successfully.
File "c:\windows\system32\5252troj9z7.cpl" deleted successfully.
File "c:\windows\system32\589zthreat31380.ocx" deleted successfully.
File "c:\windows\system32\6ze9rf50.exe" deleted successfully.
File "c:\windows\system32\9795troj68z.cpl" deleted successfully.

Error: file "c:\windows\system32\5914do5nzo9der2145.cp" not found!
Deletion of file "c:\windows\system32\5914do5nzo9der2145.cp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Zsuzsanna1
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-20
OS OS : moon1126
Points Points : 26352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Belahzur on Fri Sep 25, 2009 9:16 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Uninstalled Save Defender still acting up

Post by Zsuzsanna1 on Fri Sep 25, 2009 10:20 pm

Yes, The computer is ok, no beeping sound every other minute and I can also browse the net. So you think I'm spyware-free???? Can I delete/uninstal OTM, dds and avenger and the logs?
I also have a question. I have Norton 360 on my computer, but it did not detect this spyware, though I ran it twice before I contacted you. Can you recomend a reliable anty-virus program?
Thanks!

Zsuzsanna1
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-20
OS OS : moon1126
Points Points : 26352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Belahzur on Sat Sep 26, 2009 12:16 am

Delete all the tools we used. I recommend Avira over Norton, but if you want to switch to Avira, Norton has to be uninstalled straight away.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Uninstalled Save Defender still acting up

Post by Zsuzsanna1 on Sat Sep 26, 2009 12:54 am

Thanks for the recomendation, and thanks so much for your help!!!!

Zsuzsanna1
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-09-20
OS OS : moon1126
Points Points : 26352
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum