WinBlueSoft Problems

View previous topic View next topic Go down

WinBlueSoft Problems

Post by willthors on 24th April 2010, 6:47 pm

Here is my OTL scan; can anyone help?

OTL logfile created on: 2/22/2010 12:33:05 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 483.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.06 Gb Total Space | 17.52 Gb Free Space | 51.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THORSEN
Current User Name: customer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/22 12:18:35 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\customer\Desktop\OTL.exe
PRC - [2009/06/20 23:07:45 | 000,830,976 | ---- | M] () -- C:\WINDOWS\system32\setup2.exe
PRC - [2009/06/20 22:36:28 | 000,184,324 | ---- | M] () -- C:\Documents and Settings\customer\Local Settings\Temp\b.exe
PRC - [2009/02/04 11:12:37 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/01/21 12:08:06 | 001,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/01/07 11:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/12/08 12:33:48 | 001,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/02 10:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/07/08 16:41:02 | 002,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/04 13:27:08 | 000,587,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/09/25 01:11:35 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
PRC - [2007/09/25 01:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/02/26 18:34:26 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/02/26 18:26:32 | 000,950,272 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/06/16 16:55:14 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2005/01/18 10:43:04 | 000,196,608 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
PRC - [2005/01/06 18:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxbxcoms.exe
PRC - [2004/10/14 10:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/17 13:24:02 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 7100 Series\ezprint.exe
PRC - [2003/08/07 17:57:52 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2003/07/11 20:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2003/07/03 01:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2003/06/23 09:34:18 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2003/03/27 04:06:02 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2003/03/27 04:06:02 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2003/01/07 16:52:16 | 000,495,616 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2002/12/24 04:01:00 | 000,204,800 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
PRC - [2002/12/03 05:09:00 | 000,087,552 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4serv.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/01/10 17:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe


========== Modules (SafeList) ==========

MOD - [2010/02/22 12:18:35 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\customer\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/01/21 12:08:06 | 001,095,560 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 11:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$XACTWARE) SQL Server (XACTWARE)
SRV - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/01/04 13:27:08 | 000,587,096 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/02/26 18:34:26 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/02/26 18:26:32 | 000,950,272 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/06/16 16:55:14 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2005/11/08 17:07:02 | 000,036,864 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/01/06 18:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxbxcoms.exe -- (lxbx_device)
SRV - [2003/07/11 20:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2003/07/03 01:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2003/03/27 04:06:02 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2009/04/03 10:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/04/13 12:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/04/30 18:30:14 | 000,058,240 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCWWAN.sys -- (PTDCWWAN)
DRV - [2007/04/19 10:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/04/01 04:45:30 | 000,039,808 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCVsp.sys -- (PTDCVsp) PANTECH PC Card Diagnostic Serial Port (UDP)
DRV - [2007/04/01 04:45:26 | 000,041,728 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCMdm.sys -- (PTDCMdm) PANTECH PC Card Drivers (UDP)
DRV - [2007/04/01 04:45:22 | 000,027,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCBus.sys -- (PTDCBus) PANTECH PC Card Composite Device Driver (UDP)
DRV - [2007/02/08 14:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2006/07/13 13:33:08 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2006/06/16 16:50:46 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/18 06:35:48 | 000,471,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/01/25 16:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/25 16:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/01/25 16:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 23:41:35 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/07/31 17:04:04 | 000,270,288 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/07/03 01:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003/06/23 09:33:58 | 000,016,162 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2003/04/30 00:01:06 | 000,542,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/03/27 04:06:02 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2003/01/17 03:32:00 | 000,015,360 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2002/12/26 04:10:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2002/12/26 03:32:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2002/12/26 03:32:00 | 000,008,830 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2002/12/03 05:09:00 | 000,014,064 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2002/11/18 19:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/10/18 13:07:34 | 001,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/11/01 04:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/09/13 08:58:02 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001/08/17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 14:10:56 | 000,024,653 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el574nd4.sys -- (EL3C574)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.zurichus.com;*.us.zurich.com;*.myzurich.com;*.ezsb.com;*.zurichpolicy.com;*.zurichsmallbusiness.com;*.zisinternet.com;*.zurichcommercial.com;w3.zurich.com;w3.collaborate.zurich.com;*.zurichna.com;*.zurichnorthamerica.com;usf.*;172.29.76.105;*.ibm.com;*w3.ibm.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = uszz1schproxy.sch.zus.us.zurich.com:80
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = uszz1schproxy.sch.zus.us.zurich.com

========== FireFox ==========

FF - prefs.js..network.proxy.backup.ftp: "uszz1schproxy.sch.zus.us.zurich.com"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "uszz1schproxy.sch.zus.us.zurich.com"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "uszz1schproxy.sch.zus.us.zurich.com"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "uszz1schproxy.sch.zus.us.zurich.com"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "uszz1schproxy.sch.zus.us.zurich.com"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "uszz1schproxy.sch.zus.us.zurich.com"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "uszz1schproxy.sch.zus.us.zurich.com"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "*.zurichus.com,*.us.zurich.com,*.myzurich.com,*.ezsb.com,*.zurichpolicy.com,*.zurichsmallbusiness.com,*.zisinternet.com,*.zurichcommercial.com,w3.zurich.com,w3.collaborate.zurich.com,*.zurichna.com,*.zurichnorthamerica.com,usf.*,172.29.76.105,*.ibm.com,*w3.ibm.com,*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "uszz1schproxy.sch.zus.us.zurich.com"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "uszz1schproxy.sch.zus.us.zurich.com"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/02/04 11:12:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/02/04 11:12:58 | 000,000,000 | ---D | M]

[2008/09/24 13:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\customer\Application Data\Mozilla\Extensions
[2008/02/01 20:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\customer\Application Data\Mozilla\Firefox\Profiles\kqcov26a.default\extensions
[2010/02/22 12:15:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/20 16:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2009/06/11 20:08:02 | 000,000,788 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 winbluesoft.com
O1 - Hosts: 127.0.0.1 winbluesoft.net
O2 - BHO: (XML Class) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 7100 Series\ezprint.exe ()
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LXBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.DLL ()
O4 - HKLM..\Run: [lxbxmon.exe] C:\Program Files\Lexmark 7100 Series\lxbxmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (IBM Corporation)
O4 - HKLM..\Run: [UC_SMB] File not found
O4 - HKCU..\Run: [Cognac] C:\Documents and Settings\customer\Local Settings\Temp\b.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} [You must be registered and logged in to see this link.] (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.122,85.255.112.154
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/21 21:42:49 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/22 12:32:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/22 12:16:37 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\customer\Desktop\OTL.exe
[2010/02/19 14:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\customer\Local Settings\Application Data\Temp
[2010/02/19 14:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/19 14:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\customer\Desktop\*.tmp files -> C:\Documents and Settings\customer\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/22 12:30:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/22 12:18:35 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\customer\Desktop\OTL.exe
[2010/02/22 12:00:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2010/02/22 12:00:00 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2010/02/22 11:50:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/02/22 11:44:11 | 000,572,712 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/22 11:44:11 | 000,477,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/22 11:44:11 | 000,085,144 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/22 11:42:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/22 11:42:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/22 11:41:50 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/22 11:41:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/22 11:41:44 | 1072,680,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/19 14:26:27 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\customer\NTUSER.DAT
[2010/02/19 14:26:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\customer\ntuser.ini
[2010/02/19 14:25:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/19 14:23:03 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\customer\Desktop\The Anatomy notes are going to be hard to take with this new computer because I am not used to it yet.doc
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\customer\Desktop\*.tmp files -> C:\Documents and Settings\customer\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/19 14:23:03 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\customer\Desktop\The Anatomy notes are going to be hard to take with this new computer because I am not used to it yet.doc
[2010/02/19 14:20:20 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/19 14:20:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/26 15:43:59 | 000,012,309 | ---- | C] () -- C:\WINDOWS\195bthief2131z.dll
[2009/12/25 23:12:13 | 000,004,710 | ---- | C] () -- C:\WINDOWS\52bste5l169z.dll
[2009/12/16 06:23:56 | 000,003,396 | ---- | C] () -- C:\WINDOWS\System32\945viz1981.dll
[2009/12/11 07:50:06 | 000,010,743 | ---- | C] () -- C:\WINDOWS\2d439hzef656.dll
[2009/12/09 22:31:15 | 000,005,058 | ---- | C] () -- C:\WINDOWS\System32\789thre5tz0509.dll
[2009/12/08 19:45:01 | 000,008,547 | ---- | C] () -- C:\WINDOWS\5855v9rus4zb.dll
[2009/12/08 17:33:05 | 000,008,106 | ---- | C] () -- C:\WINDOWS\1995spz59d.dll
[2009/12/06 15:49:16 | 000,013,927 | ---- | C] () -- C:\WINDOWS\System32\15577spambzt79.dll
[2009/12/04 21:09:40 | 000,002,804 | ---- | C] () -- C:\WINDOWS\20155rojz529.dll
[2009/11/22 23:24:00 | 000,006,498 | ---- | C] () -- C:\WINDOWS\System32\531thzef5093.dll
[2009/11/21 17:34:34 | 000,013,133 | ---- | C] () -- C:\WINDOWS\System32\189629rzj526.dll
[2009/11/18 22:15:38 | 000,004,106 | ---- | C] () -- C:\WINDOWS\System32\25587hacktoolz69.dll
[2009/11/18 18:23:20 | 000,008,999 | ---- | C] () -- C:\WINDOWS\System32\1b9dthief278z5.dll
[2009/11/16 19:40:29 | 000,009,812 | ---- | C] () -- C:\WINDOWS\System32\3595d9wnloader2z085.dll
[2009/11/12 05:25:03 | 000,009,990 | ---- | C] () -- C:\WINDOWS\506b9pywaz52870.dll
[2009/11/07 06:38:15 | 000,009,370 | ---- | C] () -- C:\WINDOWS\System32\29338viruz5959.dll
[2009/10/21 06:26:15 | 000,006,026 | ---- | C] () -- C:\WINDOWS\System32\20305wormz59.dll
[2009/10/16 05:52:36 | 000,012,485 | ---- | C] () -- C:\WINDOWS\1952sparze2793.dll
[2009/09/21 19:30:06 | 000,006,469 | ---- | C] () -- C:\WINDOWS\5770vizu92f9.dll
[2009/09/13 04:21:47 | 000,013,723 | ---- | C] () -- C:\WINDOWS\47aespar95170z.dll
[2009/09/06 19:51:49 | 000,008,989 | ---- | C] () -- C:\WINDOWS\System32\8592zack5ool657.dll
[2009/09/05 16:50:11 | 000,003,055 | ---- | C] () -- C:\WINDOWS\System32\659b5a9kdooz2428.dll
[2009/08/23 19:07:00 | 000,006,545 | ---- | C] () -- C:\WINDOWS\6f075i964z.dll
[2009/08/11 20:10:23 | 000,014,328 | ---- | C] () -- C:\WINDOWS\11899viru522z.dll
[2009/08/07 10:30:49 | 000,004,433 | ---- | C] () -- C:\WINDOWS\7054tzoj92d.dll
[2009/08/04 14:58:22 | 000,017,649 | ---- | C] () -- C:\WINDOWS\System32\859addware24z5.dll
[2009/08/02 11:51:17 | 000,003,689 | ---- | C] () -- C:\WINDOWS\System32\4z92spyw5re2534.dll
[2009/07/24 07:55:23 | 000,012,829 | ---- | C] () -- C:\WINDOWS\System32\5830vzru56f9.dll
[2009/07/13 10:55:16 | 000,013,165 | ---- | C] () -- C:\WINDOWS\System32\5c65sparse269z.dll
[2009/06/24 05:27:47 | 000,008,762 | ---- | C] () -- C:\WINDOWS\System32\39711spzmbot1a5.dll
[2009/06/20 23:08:02 | 000,004,487 | ---- | C] () -- C:\WINDOWS\System32\1z815sp53e79.dll
[2009/06/20 23:08:01 | 000,013,548 | ---- | C] () -- C:\WINDOWS\System32\1205wo9m7cz.dll
[2009/06/20 23:07:59 | 000,005,497 | ---- | C] () -- C:\WINDOWS\4c19szars5895.dll
[2009/06/20 23:07:58 | 000,012,077 | ---- | C] () -- C:\WINDOWS\139cspywarz1454.dll
[2009/06/20 23:07:58 | 000,005,476 | ---- | C] () -- C:\WINDOWS\f34a9zware1505.dll
[2009/06/20 23:07:57 | 000,013,966 | ---- | C] () -- C:\WINDOWS\215bthreat2907z.dll
[2009/06/20 23:07:57 | 000,005,426 | ---- | C] () -- C:\WINDOWS\System32\22aa9pzr5e76.dll
[2009/06/20 23:07:56 | 000,017,580 | ---- | C] () -- C:\WINDOWS\79ab59dware239z.dll
[2009/06/20 23:07:56 | 000,017,484 | ---- | C] () -- C:\WINDOWS\System32\4310not-5-9irusz1e.dll
[2009/06/20 23:07:56 | 000,014,053 | ---- | C] () -- C:\WINDOWS\System32\495bs9ywzre5257.dll
[2009/06/20 23:07:56 | 000,003,577 | ---- | C] () -- C:\WINDOWS\5169s9yware5z1.dll
[2009/06/20 23:07:54 | 000,015,745 | ---- | C] () -- C:\WINDOWS\7dfdaddzare2795.dll
[2009/06/20 23:07:53 | 000,011,640 | ---- | C] () -- C:\WINDOWS\System32\4567tzreat9728.dll
[2009/06/20 23:07:53 | 000,011,252 | ---- | C] () -- C:\WINDOWS\System32\9355hac9tozl3f3.dll
[2009/06/20 23:07:52 | 000,014,769 | ---- | C] () -- C:\WINDOWS\System32\32085v9rzs55a.dll
[2009/06/20 23:07:50 | 000,009,549 | ---- | C] () -- C:\WINDOWS\14613zor924f5.dll
[2009/06/20 23:07:50 | 000,004,239 | ---- | C] () -- C:\WINDOWS\12z5vir1989.dll
[2009/06/20 23:07:49 | 000,018,167 | ---- | C] () -- C:\WINDOWS\6692zownl5a9er1494.dll
[2009/06/20 23:07:49 | 000,016,632 | ---- | C] () -- C:\WINDOWS\System32\3025z5arse499.dll
[2009/06/20 23:07:49 | 000,015,798 | ---- | C] () -- C:\WINDOWS\13595t5zj424.dll
[2009/06/20 23:07:49 | 000,015,214 | ---- | C] () -- C:\WINDOWS\4959szyware676.dll
[2009/06/20 23:07:49 | 000,011,703 | ---- | C] () -- C:\WINDOWS\4z84spambot5199.dll
[2009/06/20 23:07:49 | 000,010,436 | ---- | C] () -- C:\WINDOWS\System32\9354virz60.dll
[2009/06/20 23:07:49 | 000,008,959 | ---- | C] () -- C:\WINDOWS\System32\17a95zief1694.dll
[2009/06/20 23:07:49 | 000,003,583 | ---- | C] () -- C:\WINDOWS\165z7virus6209.dll
[2009/06/20 23:07:48 | 000,013,095 | ---- | C] () -- C:\WINDOWS\4496t5iez2681.dll
[2009/06/20 23:07:48 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\299cad5warez75.dll
[2009/06/20 22:36:12 | 000,205,828 | ---- | C] () -- C:\WINDOWS\System32\msxml71.dll
[2009/06/20 08:02:29 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\5769thi5f921z.dll
[2009/06/15 04:11:11 | 000,006,100 | ---- | C] () -- C:\WINDOWS\System32\52799wozm49c.dll
[2009/06/10 15:16:53 | 000,003,541 | ---- | C] () -- C:\WINDOWS\System32\19f4downl5adzr1791.dll
[2009/06/04 09:42:41 | 000,007,494 | ---- | C] () -- C:\WINDOWS\5dff95zware500.dll
[2009/05/25 06:49:05 | 000,003,232 | ---- | C] () -- C:\WINDOWS\7fbzsp9rse26795.dll
[2009/05/25 01:06:39 | 000,013,935 | ---- | C] () -- C:\WINDOWS\3z22spyware2959.dll
[2009/05/24 00:42:22 | 000,004,819 | ---- | C] () -- C:\WINDOWS\System32\9536szarse776.dll
[2009/05/16 20:25:51 | 000,009,435 | ---- | C] () -- C:\WINDOWS\System32\41zf9ackdoo5320.dll
[2009/05/10 02:30:21 | 000,007,592 | ---- | C] () -- C:\WINDOWS\z53a9teal359.dll
[2009/05/05 07:11:39 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\393zst5al294.dll
[2009/04/28 11:13:18 | 000,007,505 | ---- | C] () -- C:\WINDOWS\System32\14a1szarse5594.dll
[2009/04/27 05:37:01 | 000,018,002 | ---- | C] () -- C:\WINDOWS\System32\2a30spyw59e98z.dll
[2009/04/26 18:40:13 | 000,017,197 | ---- | C] () -- C:\WINDOWS\14f45p9rze1922.dll
[2009/04/19 12:27:42 | 000,003,014 | ---- | C] () -- C:\WINDOWS\System32\29f0s95zare1775.dll
[2009/04/13 21:35:39 | 000,016,765 | ---- | C] () -- C:\WINDOWS\15667n5t-a-virz9155.dll
[2009/04/11 15:13:48 | 000,010,998 | ---- | C] () -- C:\WINDOWS\4665downloadez3149.dll
[2009/04/11 06:31:56 | 000,008,865 | ---- | C] () -- C:\WINDOWS\System32\3a9c5ackdzor1463.dll
[2009/04/07 20:57:38 | 000,015,490 | ---- | C] () -- C:\WINDOWS\7z755ddware1249.dll
[2009/04/01 11:34:42 | 000,016,299 | ---- | C] () -- C:\WINDOWS\550aad5ware2999z.dll
[2009/03/18 21:37:07 | 000,016,686 | ---- | C] () -- C:\WINDOWS\19z55spy59f.dll
[2009/03/18 05:06:51 | 000,016,933 | ---- | C] () -- C:\WINDOWS\25999s5zmbote69.dll
[2009/03/08 07:25:11 | 000,004,801 | ---- | C] () -- C:\WINDOWS\System32\d2cv5z6099.dll
[2009/02/27 10:25:14 | 000,010,294 | ---- | C] () -- C:\WINDOWS\System32\10737tzoj259.dll
[2009/02/26 16:14:39 | 000,002,712 | ---- | C] () -- C:\WINDOWS\6558sp9z1.dll
[2009/02/23 00:50:56 | 000,003,039 | ---- | C] () -- C:\WINDOWS\19512spambo55z2.dll
[2009/02/23 00:02:49 | 000,005,065 | ---- | C] () -- C:\WINDOWS\System32\5675no5-9-viruscz.dll
[2009/02/22 17:02:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbxvs.dll
[2009/02/16 08:33:28 | 000,017,692 | ---- | C] () -- C:\WINDOWS\22z9tr5j4f9.dll
[2009/02/11 17:38:50 | 000,013,833 | ---- | C] () -- C:\WINDOWS\z1a6ba5kdoo910.dll
[2009/02/10 06:27:03 | 000,014,533 | ---- | C] () -- C:\WINDOWS\6b9s5arze3078.dll
[2009/02/08 10:50:32 | 000,004,046 | ---- | C] () -- C:\WINDOWS\System32\5z95vi9753.dll
[2009/02/07 08:22:03 | 000,014,990 | ---- | C] () -- C:\WINDOWS\1293zn9t-a-vir5s1f9.dll
[2009/02/04 04:27:11 | 000,007,629 | ---- | C] () -- C:\WINDOWS\261z9ddw5re1650.dll
[2009/02/02 08:53:48 | 000,006,036 | ---- | C] () -- C:\WINDOWS\2z89backdoor158.dll
[2009/01/16 05:03:33 | 000,008,202 | ---- | C] () -- C:\WINDOWS\2z993spambo5550.dll
[2009/01/13 19:09:24 | 000,013,595 | ---- | C] () -- C:\WINDOWS\System32\17730z5y26b9.dll
[2009/01/11 22:44:17 | 000,013,593 | ---- | C] () -- C:\WINDOWS\14799not-a-9irzs545.dll
[2009/01/10 07:03:18 | 000,005,165 | ---- | C] () -- C:\WINDOWS\15901s5y3zf.dll
[2008/12/27 12:43:22 | 000,004,007 | ---- | C] () -- C:\WINDOWS\883steal9z25.dll
[2008/12/18 14:39:45 | 000,008,761 | ---- | C] () -- C:\WINDOWS\System32\677dv9rz065.dll
[2008/12/18 06:30:11 | 000,008,948 | ---- | C] () -- C:\WINDOWS\2809sparsz25159.dll
[2008/12/17 20:18:27 | 000,007,174 | ---- | C] () -- C:\WINDOWS\14533sp5mz9t5d3.dll
[2008/12/14 10:28:04 | 000,014,235 | ---- | C] () -- C:\WINDOWS\System32\z15489i5us593.dll
[2008/12/11 19:33:52 | 000,011,494 | ---- | C] () -- C:\WINDOWS\7e15t5reaz3998.dll
[2008/12/03 19:39:27 | 000,011,463 | ---- | C] () -- C:\WINDOWS\6b9avi528z9.dll
[2008/11/25 09:11:49 | 000,017,349 | ---- | C] () -- C:\WINDOWS\System32\5612wo9z750.dll
[2008/11/24 23:12:51 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\z669thre9t25612.dll
[2008/11/17 17:04:02 | 000,012,733 | ---- | C] () -- C:\WINDOWS\19424s5z205.dll
[2008/11/09 20:26:50 | 000,009,867 | ---- | C] () -- C:\WINDOWS\8952not-a-vzrus1a2.dll
[2008/11/07 01:59:43 | 000,015,281 | ---- | C] () -- C:\WINDOWS\2542szeal14729.dll
[2008/10/24 00:48:29 | 000,007,459 | ---- | C] () -- C:\WINDOWS\System32\1512zs5y6769.dll
[2008/10/03 20:52:24 | 000,017,004 | ---- | C] () -- C:\WINDOWS\System32\176495z9482.dll
[2008/10/02 23:57:56 | 000,015,737 | ---- | C] () -- C:\WINDOWS\3585stzal14159.dll
[2008/10/02 08:38:24 | 000,005,727 | ---- | C] () -- C:\WINDOWS\6469zparse17465.dll
[2008/09/28 10:53:55 | 000,013,891 | ---- | C] () -- C:\WINDOWS\1z5539roj1e2.dll
[2008/09/16 11:13:23 | 000,003,292 | ---- | C] () -- C:\WINDOWS\System32\98zcvir9605.dll
[2008/09/15 23:17:29 | 000,008,551 | ---- | C] () -- C:\WINDOWS\4e95downloader1z19.dll
[2008/09/15 08:44:39 | 000,004,649 | ---- | C] () -- C:\WINDOWS\128z5wor91015.dll
[2008/09/10 21:49:30 | 000,007,613 | ---- | C] () -- C:\WINDOWS\307ddozn9oader3655.dll
[2008/09/09 01:32:30 | 000,003,959 | ---- | C] () -- C:\WINDOWS\System32\59e9sp9z5re742.dll
[2008/09/09 00:59:13 | 000,015,840 | ---- | C] () -- C:\WINDOWS\7941viz505.dll
[2008/09/04 21:36:23 | 000,011,857 | ---- | C] () -- C:\WINDOWS\System32\2z0bdow5loader8409.dll
[2008/08/05 21:26:29 | 000,016,714 | ---- | C] () -- C:\WINDOWS\System32\519spar5z137.dll
[2008/08/04 04:26:55 | 000,008,083 | ---- | C] () -- C:\WINDOWS\69d3thief5334z.dll
[2008/07/24 21:01:51 | 000,010,758 | ---- | C] () -- C:\WINDOWS\700dviz9959.dll
[2008/07/18 06:02:35 | 000,017,716 | ---- | C] () -- C:\WINDOWS\System32\9cd2addza5e792.dll
[2008/07/15 00:18:25 | 000,003,870 | ---- | C] () -- C:\WINDOWS\System32\3eb79ackzoor12255.dll
[2008/07/12 01:48:40 | 000,018,214 | ---- | C] () -- C:\WINDOWS\System32\5693sz9war53049.dll
[2008/07/11 23:43:17 | 000,004,097 | ---- | C] () -- C:\WINDOWS\19915not-a5vzrus72.dll
[2008/06/24 22:06:06 | 000,006,753 | ---- | C] () -- C:\WINDOWS\10033szamb9t155.dll
[2008/06/23 17:11:10 | 000,009,457 | ---- | C] () -- C:\WINDOWS\379vir1885z.dll
[2008/06/18 07:45:36 | 000,006,627 | ---- | C] () -- C:\WINDOWS\System32\z215thre9t22253.dll
[2008/06/16 14:03:25 | 000,013,751 | ---- | C] () -- C:\WINDOWS\System32\25526hacktozl298.dll
[2008/06/08 12:49:38 | 000,002,532 | ---- | C] () -- C:\WINDOWS\System32\29737not-a5vzrus451.dll
[2008/06/06 02:00:39 | 000,006,983 | ---- | C] () -- C:\WINDOWS\2518dzwn9oader339.dll
[2008/06/04 13:23:35 | 000,003,196 | ---- | C] () -- C:\WINDOWS\System32\81999acktool5z.dll
[2008/05/11 16:12:19 | 000,003,922 | ---- | C] () -- C:\WINDOWS\System32\57c6s5arsz2090.dll
[2008/05/09 16:10:38 | 000,008,576 | ---- | C] () -- C:\WINDOWS\3b39thiefz385.dll
[2008/05/06 13:13:58 | 000,011,463 | ---- | C] () -- C:\WINDOWS\System32\25z55spy94f.dll
[2008/05/01 20:27:47 | 000,010,746 | ---- | C] () -- C:\WINDOWS\z6aado5nload9r3214.dll
[2008/04/27 06:20:27 | 000,012,730 | ---- | C] () -- C:\WINDOWS\System32\39bd9hreatz7855.dll
[2008/04/13 11:29:00 | 000,006,721 | ---- | C] () -- C:\WINDOWS\2zc15pywar92977.dll
[2008/03/25 09:43:33 | 000,011,969 | ---- | C] () -- C:\WINDOWS\System32\90509zirusb6.dll
[2008/03/18 21:00:27 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\3438downloade5z7959.dll
[2008/03/05 16:43:47 | 000,007,754 | ---- | C] () -- C:\WINDOWS\2e94sparse1275z.dll
[2008/03/02 06:30:30 | 000,008,545 | ---- | C] () -- C:\WINDOWS\31z93not-9-virus235.dll
[2008/03/01 07:18:52 | 000,012,078 | ---- | C] () -- C:\WINDOWS\5b26st9al55z3.dll
[2008/02/23 05:47:58 | 000,011,240 | ---- | C] () -- C:\WINDOWS\95718virus6z5.dll
[2008/02/21 06:02:48 | 000,006,187 | ---- | C] () -- C:\WINDOWS\System32\z5965trojf9.dll
[2008/02/19 22:39:37 | 000,005,152 | ---- | C] () -- C:\WINDOWS\System32\525esze5l2935.dll
[2008/01/30 21:52:14 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/01/20 09:57:13 | 000,009,206 | ---- | C] () -- C:\WINDOWS\2559zorm5f3.dll
[2008/01/20 09:09:05 | 000,018,114 | ---- | C] () -- C:\WINDOWS\System32\1z358ha9ktool701.dll
[2008/01/15 13:58:53 | 000,003,610 | ---- | C] () -- C:\WINDOWS\66c8spzwa592488.dll
[2008/01/13 11:35:03 | 000,009,432 | ---- | C] () -- C:\WINDOWS\4da89hief505z.dll
[2008/01/07 22:22:01 | 000,002,578 | ---- | C] () -- C:\WINDOWS\295885pyz88.dll
[2008/01/07 17:38:50 | 000,018,041 | ---- | C] () -- C:\WINDOWS\6449zhr5at15478.dll
[2007/05/08 09:40:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/22 07:28:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/21 21:59:50 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/21 21:35:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/21 21:29:25 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2006/11/21 21:24:05 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/11/21 21:23:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/11/21 21:23:38 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2006/11/21 21:23:11 | 000,008,830 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/06/16 17:09:52 | 000,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2006/06/16 16:57:32 | 000,528,453 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2006/06/16 16:56:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
[2005/01/13 04:00:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/01/13 04:00:10 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/03 05:09:00 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2002/11/15 03:14:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2002/09/26 19:26:59 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[1980/01/01 02:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 02:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 02:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

willthors
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-04-24
OS OS : xp
Points Points : 24238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Problems

Post by Belahzur on 24th April 2010, 7:14 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft Problems

Post by willthors on 24th April 2010, 8:20 pm

ComboFix 10-04-21.01 - customer 02/22/2010 13:43:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.684 [GMT -6:00]
Running from: c:\documents and settings\customer\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10033szamb9t155.dll
c:\windows\104bsz5war92230.cpl
c:\windows\1099ad5waze1505.ocx
c:\windows\10b9adzwa5e941.cpl
c:\windows\11449ackzool45.cpl
c:\windows\1159zvirus3e9.cpl
c:\windows\11899viru522z.dll
c:\windows\11bzbackdo5r10849.cpl
c:\windows\11z95hackto9l56c.exe
c:\windows\1219not-a-virzs725.exe
c:\windows\12491vzrus3c65.bin
c:\windows\128z5wor91015.dll
c:\windows\129235oz915f.cpl
c:\windows\12925hreaz19369.cpl
c:\windows\1293zn9t-a-vir5s1f9.dll
c:\windows\12992h9zktool695.bin
c:\windows\12z5vir1989.dll
c:\windows\13001tro598z.cpl
c:\windows\130z8viru9458.cpl
c:\windows\13595t5zj424.dll
c:\windows\139cspywarz1454.dll
c:\windows\141069irus587z.exe
c:\windows\14533sp5mz9t5d3.dll
c:\windows\14613zor924f5.dll
c:\windows\14799not-a-9irzs545.dll
c:\windows\14f45p9rze1922.dll
c:\windows\15098spambo9zd4.exe
c:\windows\151929acktooz614.exe
c:\windows\15520no9-a-virus5cz.exe
c:\windows\15558s9y3dz.exe
c:\windows\15667n5t-a-virz9155.dll
c:\windows\15690zr5j576.cpl
c:\windows\15901s5y3zf.dll
c:\windows\1595troz69c.ocx
c:\windows\15e8backzoo528159.exe
c:\windows\16172t9z5155.cpl
c:\windows\16599spyzf5.ocx
c:\windows\165a5oznloa9er238.cpl
c:\windows\165z7virus6209.dll
c:\windows\167zbackdoor9352.exe
c:\windows\16949nzt-a-v5rus4ec.cpl
c:\windows\16959notza-virus2af.bin
c:\windows\17796n5t-a-virzs792.ocx
c:\windows\17a55hreat192z7.ocx
c:\windows\17z9st5al418.bin
c:\windows\18364zot-9-virus515.ocx
c:\windows\18658hzcktool97.exe
c:\windows\1879995t-a-vzrus578.cpl
c:\windows\18c9thrzat19553.ocx
c:\windows\18z13hackto9l5be.ocx
c:\windows\19379wormz5.ocx
c:\windows\19424s5z205.dll
c:\windows\19424vzru5379.exe
c:\windows\19498worm25z.exe
c:\windows\19512spambo55z2.dll
c:\windows\1952sparze2793.dll
c:\windows\19552not-a-vzrus1a9.cpl
c:\windows\19552troj6z9.ocx
c:\windows\195bthief2131z.dll
c:\windows\195s5amb9t782z.exe
c:\windows\19815vizus493.ocx
c:\windows\19855szy185.bin
c:\windows\198athre5tz3091.exe
c:\windows\19915not-a5vzrus72.dll
c:\windows\19958sza9bot79a.ocx
c:\windows\1995spz59d.dll
c:\windows\19b1stea575z.cpl
c:\windows\19ezdownload5r2585.exe
c:\windows\19z55spy59f.dll
c:\windows\19zfvir3595.bin
c:\windows\1b58thie93z4.cpl
c:\windows\1ba5viz1997.exe
c:\windows\1c2zvi518959.ocx
c:\windows\1d98s9ywa5e554z.bin
c:\windows\1dc859ckdozr956.ocx
c:\windows\1e15spazs91917.bin
c:\windows\1ea2a5dware819z.exe
c:\windows\1eeczo9nloader5955.bin
c:\windows\1effth9eat193z5.cpl
c:\windows\1f91backdoor11z25.bin
c:\windows\1z4d5wnloa9er81.bin
c:\windows\1z5539roj1e2.dll
c:\windows\1z5e9pywar52670.exe
c:\windows\20155rojz529.dll
c:\windows\20470s5a9zot311.exe
c:\windows\20493wzr95ae5.ocx
c:\windows\213649zt-a-5irus518.exe
c:\windows\21366worm795z.bin
c:\windows\2158spazse99.ocx
c:\windows\215bthreat2907z.dll
c:\windows\2192downloadez135.exe
c:\windows\2193thr5at2z732.exe
c:\windows\219889zoj52c.cpl
c:\windows\21bfaz95are2352.cpl
c:\windows\22185spazbot7e59.ocx
c:\windows\22214vz5us5739.ocx
c:\windows\22z9tr5j4f9.dll
c:\windows\23869hzcktoo5553.ocx
c:\windows\23azthr5at35049.bin
c:\windows\2518dzwn9oader339.dll
c:\windows\25211spzm5ot4b9.ocx
c:\windows\253609rojzdb.ocx
c:\windows\2542szeal14729.dll
c:\windows\254cdoznloader92255.ocx
c:\windows\25526no9-a-v5rusz.bin
c:\windows\2559zorm5f3.dll
c:\windows\25699virus68z.exe
c:\windows\25754zpambot990.exe
c:\windows\25999s5zmbote69.dll
c:\windows\261z9ddw5re1650.dll
c:\windows\2635z9py1e8.bin
c:\windows\26839tzoj596.exe
c:\windows\26950tr5j738z.exe
c:\windows\2712s5yz049.bin
c:\windows\27189not-a-viru524z.cpl
c:\windows\27265h5cktoolz39.exe
c:\windows\279fsze5l1076.bin
c:\windows\2805zspambot19f.exe
c:\windows\2809sparsz25159.dll
c:\windows\29320hack5o9l3z8.ocx
c:\windows\29552spam9otz7.ocx
c:\windows\295885pyz88.dll
c:\windows\29758troj7zd.ocx
c:\windows\2991zhreat551.bin
c:\windows\29947hz5ktool4d0.bin
c:\windows\2996zhacktool532.bin
c:\windows\2997z59rse2132.bin
c:\windows\29z45troj565.exe
c:\windows\2aa8ad5war9z187.bin
c:\windows\2cz49t5al285.ocx
c:\windows\2d439hzef656.dll
c:\windows\2de75o9nlozder2131.bin
c:\windows\2dfd5hi9f1489z.exe
c:\windows\2e85dzwnloader10159.bin
c:\windows\2e94sparse1275z.dll
c:\windows\2z23159rus1bf.exe
c:\windows\2z375worm952.bin
c:\windows\2z570spa9bot6dc.ocx
c:\windows\2z89backdoor158.dll
c:\windows\2z966sp9mb5t88.cpl
c:\windows\2z993spambo5550.dll
c:\windows\2zc15pywar92977.dll
c:\windows\305zsp5r9e2714.cpl
c:\windows\307759acktool59z.exe
c:\windows\307ddozn9oader3655.dll
c:\windows\30918hac9tozl358.exe
c:\windows\31163hzcktoo9345.exe
c:\windows\312945zoj245.ocx
c:\windows\3199addware5214z.cpl
c:\windows\31z93not-9-virus235.dll
c:\windows\32062spamz594bc.bin
c:\windows\3246zddwar92518.cpl
c:\windows\32564not-a-vi9zs4d8.bin
c:\windows\32dctzre5t3998.cpl
c:\windows\32z7sp5mb9t429.cpl
c:\windows\3358backdoor9z5.ocx
c:\windows\3393downl5ader127z.ocx
c:\windows\33bcs9zware5191.bin
c:\windows\33bcviz859.cpl
c:\windows\33z0spamb95293.exe
c:\windows\33zdthreat991715.exe
c:\windows\352cbackdoor11z9.exe
c:\windows\3585stzal14159.dll
c:\windows\3586bazkdo9r1291.ocx
c:\windows\374bsp95ze2902.cpl
c:\windows\3781szea925475.bin
c:\windows\379vir1885z.dll
c:\windows\37f9downlo95er2z54.exe
c:\windows\39905zeal3245.exe
c:\windows\3995z59j2b6.ocx
c:\windows\39f5th9ef2z77.bin
c:\windows\3a37vzr93105.ocx
c:\windows\3b39thiefz385.dll
c:\windows\3c43stz95269.exe
c:\windows\3c4bs5ywar9z77.cpl
c:\windows\3c92down5oader97z6.bin
c:\windows\3d72s5ar9e125z.bin
c:\windows\3z22spyware2959.dll
c:\windows\3zc95hie92724.cpl
c:\windows\4099backdoor53z3.cpl
c:\windows\40bespa5se29z4.exe
c:\windows\41zespar9e2250.exe
c:\windows\439dt59eat1126z.ocx
c:\windows\4496t5iez2681.dll
c:\windows\4550sp9mbot211z.exe
c:\windows\45a9thzef3161.bin
c:\windows\4665downloadez3149.dll
c:\windows\472da5dwa9e1434z.cpl
c:\windows\4762dowzl9ader2915.ocx
c:\windows\476csp5rsz3119.ocx
c:\windows\47aespar95170z.dll
c:\windows\47b1zi91534.cpl
c:\windows\4856vi9z784.exe
c:\windows\4959szyware676.dll
c:\windows\4997sparze25.ocx
c:\windows\4a5zvir964.ocx
c:\windows\4abb9pazs52450.ocx
c:\windows\4ae75azkdo9r2200.exe
c:\windows\4bz4ste9l27235.cpl
c:\windows\4c19szars5895.dll
c:\windows\4da89hief505z.dll
c:\windows\4e95downloader1z19.dll
c:\windows\4f24azd5are950.ocx
c:\windows\4f88spyw9re566z.ocx
c:\windows\4z84spambot5199.dll
c:\windows\506b9pywaz52870.dll
c:\windows\5169s9yware5z1.dll
c:\windows\52bste5l169z.dll
c:\windows\52dcviz15399.ocx
c:\windows\5345vi9uz69b.bin
c:\windows\5456not-9-viruz3d7.exe
c:\windows\5488zirus9c5.exe
c:\windows\54f1thief1196z.exe
c:\windows\550aad5ware2999z.dll
c:\windows\55129zpy94.bin
c:\windows\5582vi5969z.ocx
c:\windows\5599troj69z5.bin
c:\windows\55z9ief1804.ocx
c:\windows\55zcsp95se2766.ocx
c:\windows\5692zackdoo5676.ocx
c:\windows\56a2sp9r5e27z8.bin
c:\windows\56a5zhr9at30849.cpl
c:\windows\56afthie5z92.exe
c:\windows\56ev5rz924.cpl
c:\windows\5770vizu92f9.dll
c:\windows\578zs9ambot6a3.bin
c:\windows\5794tzoj509.exe
c:\windows\5839zir505.ocx
c:\windows\5855v9rus4zb.dll
c:\windows\5895spyz25.exe
c:\windows\591c5iz1548.cpl
c:\windows\592ado5nlzader2187.ocx
c:\windows\592wzrm58c5.exe
c:\windows\593asparsez583.exe
c:\windows\59fzspyware19735.cpl
c:\windows\59z18troj2c2.cpl
c:\windows\5a8a9pywzre1315.bin
c:\windows\5b26st9al55z3.dll
c:\windows\5b59vir649z.ocx
c:\windows\5bbbbackd9o5434z.exe
c:\windows\5bd55te9l764z.exe
c:\windows\5c5bs95rse15z.ocx
c:\windows\5czvir9885.ocx
c:\windows\5df9virz69.ocx
c:\windows\5dff95zware500.dll
c:\windows\5f19a5dwzre1736.exe
c:\windows\5z64wo9m356.bin
c:\windows\5z8239orm27.bin
c:\windows\5zf6threat30979.ocx
c:\windows\5zf8bac9door5516.ocx
c:\windows\63f9viz5939.cpl
c:\windows\6449zhr5at15478.dll
c:\windows\6469zparse17465.dll
c:\windows\64adow9z5ader2538.ocx
c:\windows\64cbspywz592101.ocx
c:\windows\650e5ownlo9dez615.ocx
c:\windows\6558sp9z1.dll
c:\windows\655baddwaze23599.ocx
c:\windows\65bctzief959.exe
c:\windows\6692a5dwarez102.bin
c:\windows\6692zownl5a9er1494.dll
c:\windows\66c8spzwa592488.dll
c:\windows\676zthief9945.exe
c:\windows\67d59hief1499z.bin
c:\windows\69d3thief5334z.dll
c:\windows\6abestzal2957.ocx
c:\windows\6b1cz5a9se2976.bin
c:\windows\6b9avi528z9.dll
c:\windows\6b9s5arze3078.dll
c:\windows\6ba5downl9ade5187z.bin
c:\windows\6d84sparse2895z.exe
c:\windows\6e2cspa9z51447.bin
c:\windows\6eab9ir31z65.exe
c:\windows\6f075i964z.dll
c:\windows\6f92b9zk5oor2008.bin
c:\windows\6z7b9ir5109.ocx
c:\windows\6zcathie924565.ocx
c:\windows\700dviz9959.dll
c:\windows\7054tzoj92d.dll
c:\windows\7335th9eaz35398.exe
c:\windows\740t5reat1z490.bin
c:\windows\7476tzie5639.ocx
c:\windows\759aaddwar91z40.cpl
c:\windows\75a9thizf1396.bin
c:\windows\7631zownloade52779.exe
c:\windows\765s9ywar531z4.ocx
c:\windows\7875th9eaz281335.bin
c:\windows\7886stz9l1520.ocx
c:\windows\7941viz505.dll
c:\windows\795csparsez05.bin
c:\windows\79aaa9dwarez9125.exe
c:\windows\79ab59dware239z.dll
c:\windows\79b6th5eat90z89.cpl
c:\windows\7czt9reat50377.ocx
c:\windows\7dfdaddzare2795.dll
c:\windows\7e15t5reaz3998.dll
c:\windows\7ezabackdo9r5633.bin
c:\windows\7fbzsp9rse26795.dll
c:\windows\7z07not5a-virus593.cpl
c:\windows\7z755ddware1249.dll
c:\windows\809thiz910915.bin
c:\windows\8567not-9z5irus2cd.exe
c:\windows\883steal9z25.dll
c:\windows\8936v59usz19.bin
c:\windows\8952not-a-vzrus1a2.dll
c:\windows\89cspywar53z36.cpl
c:\windows\9017dz5nloader291.exe
c:\windows\92a9backzoor5783.exe
c:\windows\92z645py4bc.bin
c:\windows\935095z70c.ocx
c:\windows\9419not-5zvirus30d.ocx
c:\windows\9450t9ojz3f.exe
c:\windows\95452hacktooz764.exe
c:\windows\9558not-5-vizus7c9.cpl
c:\windows\95718virus6z5.dll
c:\windows\9590vi5us4z79.exe
c:\windows\9677z951b4.exe
c:\windows\9727zwo5m48.exe
c:\windows\97296hac5tozl1dd.cpl
c:\windows\9825not-a9vizus466.bin
c:\windows\9826trzj3515.bin
c:\windows\9839notza-viru54e6.exe
c:\windows\9859s9a5boz339.bin
c:\windows\98z25troj4b5.exe
c:\windows\99049orm4z85.cpl
c:\windows\9908za95tool42d.exe
c:\windows\99bcvi5265z.bin
c:\windows\99z45p9683.ocx
c:\windows\9a6dadzwar51744.ocx
c:\windows\9c69d5wnloader27z7.bin
c:\windows\9da1vzr2358.ocx
c:\windows\9e6fzackd5or1294.exe
c:\windows\9ed6down5oaderz66.bin
c:\windows\9z56threat17910.exe
c:\windows\9z5est5al698.ocx
c:\windows\9za8v5r2282.bin
c:\windows\a39thz95792.bin
c:\windows\a48addwar92585z.ocx
c:\windows\a83backd5or191z.ocx
c:\windows\ac9bzckdoo521509.cpl
c:\windows\af8zownloa59r1914.ocx
c:\windows\b52stzal31495.ocx
c:\windows\bd5do9nloadzr2054.ocx
c:\windows\ef9baczdoor6185.exe
c:\windows\f34a9zware1505.dll
c:\windows\msa.exe
c:\windows\system32\drivers\MSIVXmopkltnakysfynmuvgwiydejkutjxvnl.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXtdbgoeyjeqrucrjdxecklkjdoqcvyoyf.dll
c:\windows\system32\MSIVXxpvbrrulkrdashlwoibitjqeleylyiyo.dll
c:\windows\system32\msXMl71.dll
c:\windows\system32\setup2.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
c:\windows\z0505virus59.bin
c:\windows\z1415no9-a-5irus4d.bin
c:\windows\z172spar952102.ocx
c:\windows\z1865spam9ot738.bin
c:\windows\z1a6ba5kdoo910.dll
c:\windows\z1dfbac59oor220.cpl
c:\windows\z2450v9rus500.ocx
c:\windows\z2705pyw9re71.bin
c:\windows\z309downloader26855.exe
c:\windows\z6aado5nload9r3214.dll
c:\windows\zb46thr5at30975.cpl
c:\windows\zda3st9al595.cpl

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys
-------\Legacy_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-22 19:22 . 2010-02-22 19:22 -------- d--h--w- c:\windows\PIF
2010-02-22 18:32 . 2010-02-22 18:32 -------- d-----w- C:\_OTL
2010-02-19 20:25 . 2010-02-19 20:25 -------- d-----w- c:\documents and settings\customer\Local Settings\Application Data\Temp
2010-02-19 20:25 . 2010-02-19 20:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-19 20:20 . 2010-02-19 20:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 19:58 . 2009-04-24 23:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-22 19:00 . 2008-06-05 03:55 256 ----a-w- c:\windows\system32\pool.bin
2010-02-19 20:20 . 2008-01-30 18:42 -------- d-----w- c:\program files\Google
2009-12-27 20:47 . 2009-12-27 20:47 7641 ----a-w- c:\windows\system32\23f59irz115.exe
2009-12-23 00:24 . 2009-12-23 00:24 11505 ----a-w- c:\windows\system32\15030n5t-a9viruz612.exe
2009-12-20 02:36 . 2009-12-20 02:36 7167 ----a-w- c:\windows\system32\128ead95arez162.bin
2009-12-16 12:23 . 2009-12-16 12:23 3396 ----a-w- c:\windows\system32\945viz1981.dll
2009-12-12 00:30 . 2009-12-12 00:30 12085 ----a-w- c:\windows\system32\534ddow5lo9der2z46.exe
2009-12-10 13:45 . 2009-12-10 13:45 4256 ----a-w- c:\windows\system32\3z59spa9se715.exe
2009-12-10 04:31 . 2009-12-10 04:31 5058 ----a-w- c:\windows\system32\789thre5tz0509.dll
2009-12-08 04:58 . 2009-12-08 04:58 17153 ----a-w- c:\windows\system32\6f72ad9zare32325.bin
2009-12-06 21:49 . 2009-12-06 21:49 13927 ----a-w- c:\windows\system32\15577spambzt79.dll
2009-12-04 00:57 . 2009-12-04 00:57 7389 ----a-w- c:\windows\system32\295359pz5b9.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-31 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-31 512000]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 28672]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-14 380416]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-08-07 94208]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-01-17 20480]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2003-08-08 897024]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2002-12-24 204800]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-30 315392]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"QCWLIcon"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-03-27 53248]
"TrackPointSrv"="tp4serv.exe" [2002-12-03 87552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LXBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 69632]
"lxbxmon.exe"="c:\program files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 196608]
"EzPrint"="c:\program files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 61440]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-11-12 1447184]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxbxcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbxPSWX.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/24/2009 5:50 PM 130936]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [11/21/2006 9:22 PM 15360]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 9:31 PM 29263712]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/24/2009 5:49 PM 348752]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [12/3/2002 5:09 AM 14064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/19/2010 2:20 PM 135664]
S3 EL3C574;FE574B-3Com 10/100 LAN PCCard Device Driver;c:\windows\system32\drivers\el574nd4.sys [1/26/2008 9:12 AM 24653]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [12/13/2008 10:33 AM 58240]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2008-01-30 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2006-11-22 09:32]

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 20:20]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 20:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = uszz1schproxy.sch.zus.us.zurich.com:80
uInternet Settings,ProxyOverride = *.zurichus.com;*.us.zurich.com;*.myzurich.com;*.ezsb.com;*.zurichpolicy.com;*.zurichsmallbusiness.com;*.zisinternet.com;*.zurichcommercial.com;w3.zurich.com;w3.collaborate.zurich.com;*.zurichna.com;*.zurichnorthamerica.com;usf.*;172.29.76.105;*.ibm.com;*w3.ibm.com;*.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\customer\Application Data\Mozilla\Firefox\Profiles\kqcov26a.default\
FF - prefs.js: network.proxy.ftp - uszz1schproxy.sch.zus.us.zurich.com
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - uszz1schproxy.sch.zus.us.zurich.com
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - uszz1schproxy.sch.zus.us.zurich.com
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - uszz1schproxy.sch.zus.us.zurich.com
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - uszz1schproxy.sch.zus.us.zurich.com
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-UC_SMB - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-22 13:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-22 14:03:20
ComboFix-quarantined-files.txt 2010-02-22 20:03

Pre-Run: 20,775,399,424 bytes free
Post-Run: 21,816,463,360 bytes free

- - End Of File - - 6E3DC55F70878EA817202B1C99F05A74

willthors
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-04-24
OS OS : xp
Points Points : 24238
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft Problems

Post by Belahzur on 24th April 2010, 8:32 pm


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    File::
    c:\windows\system32\pool.bin
    c:\windows\system32\23f59irz115.exe
    c:\windows\system32\15030n5t-a9viruz612.exe
    c:\windows\system32\128ead95arez162.bin
    c:\windows\system32\945viz1981.dll
    c:\windows\system32\534ddow5lo9der2z46.exe
    c:\windows\system32\3z59spa9se715.exe
    c:\windows\system32\789thre5tz0509.dll
    c:\windows\system32\6f72ad9zare32325.bin
    c:\windows\system32\15577spambzt79.dll
    c:\windows\system32\295359pz5b9.exe
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum