Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 Infected - Rootkit.win32.Podnuha.a and Trojan-Cliker.win32.delf.cbe


  • This topic is locked This topic is locked
4 replies to this topic

#1 dmacc01

dmacc01

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 17 May 2009 - 05:09 AM

Hello, I was told to post here by the moderator. Here's the scoop: I was infected with a virus and didn't have any protection on my PC. I went out and bought Kaspersky Internet Security 2009. My original problem was that the virus was not allowing me to surf the internet with out popups and redirects. After running the Kaspersky software it cleaned up a bunch of issues but has gotten to a point were it cannot clean the last two issues. It recognizes them and marks them for deletion but asks me to reboot in order to delete. After I reboot it just finds the viruses again and I repeat the process endlessly.

I went through some troubleshooting steps with a Kaspersky rep and she decided that she had exhausted all options and asked me to format the computer. That is not an option and I don't believe that there is no hope of cleaning the virus. I am in need of someone with a little more expertise and vigilance.

The two issues are described below as listed by the Kaspersky software:
1. Trojan-Cliker.win32.delf.cbe - Object: C:\windows\system32\gznvqkei.dll
2. Rootkit.win32.Podnuha.a - Object: System Memory

When I try to manually delete the gznvqkei.dll file I get an "Access Denied" error.

The Kaspersky rep did have me run the combofix software but it did not solve the issue. She had me run a custom script from within the AV software that was designed to delete the troubled files to no avail. She also had me create a boot disk but when using the boot disk it does not recognize my hard drive so I can't select it for a scan. She gave up on me after that.

I am not sure what my next step should be and hope that someone on this forum can help me other than suggesting to format. I use Microsoft Windows XP Professional.

Thank you in advance

I have attached the requested log files as well as a few screenshots that might help illustrate the issue.
DDS.txt log:

DDS (Ver_09-05-14.01) - NTFSx86
Run by DANIEL at 2:36:37.85 on Sun 05/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.474 [GMT -7:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\MCECardBusTV.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SMC\SMC283~1.4GH\PRISMSVR.EXE
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\DANIEL\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: : {265fd4bd-e7aa-4450-9fd6-80678894ae58} - c:\windows\system32\byhvbvy.dll
BHO: {348FE907-249E-4C65-A838-F34A193FE1D1} - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [MCECardBusTV] c:\windows\system32\MCECardBusTV.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smc283~1.lnk - c:\program files\smc\smc2835w 2.4ghz 54 mbps wireless cardbus adapter\SMC11GMonitor.exe
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://smc-notes.smc.com/iNotes6W.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader.cab
DPF: {4AEF8AEE-3DE8-4B69-8B6E-6353B6C59B50} - hxxp://onesite.realpage.com/coreglobal/RealpageCab/Realpage.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://24.248.96.243/Remote/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {43765B09-A947-4FF9-9DF6-197327055850} = 68.4.16.20,68.4.16.29
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
Notify: WB - c:\program files\alienguise\fastload.dll

============= SERVICES / DRIVERS ===============

R0 cqhcyenc;cqhcyenc;c:\windows\system32\drivers\cqhcyenc.sys [2004-8-10 23424]
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-4-27 226832]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 206088]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\sldrv\slazldrv.sys [2005-5-5 230448]
R3 SMC2835W_PCI;SMC2835W 2.4GHz 54 Mbps Wireless Cardbus Driver;c:\windows\system32\drivers\2835WICB.sys [2006-1-12 385920]
S3 MEISTRM;MEI AVC Streaming Filter Driver;c:\windows\system32\drivers\meistrm.sys [2003-11-11 13195]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2003-11-11 22891]
S3 MSPANEL;Motorola AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2004-3-29 49024]
S3 PhTVTune;AVerMedia TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2004-11-23 28800]

=============== Created Last 30 ================

2009-05-16 17:58 90 a--sh--- c:\windows\klif.spi
2009-05-09 10:27 <DIR> --d----- c:\program files\iPod
2009-05-09 10:27 <DIR> --d----- c:\program files\iTunes
2009-05-09 10:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-30 21:48 161,792 a------- c:\windows\SWREG.exe
2009-04-30 21:48 98,816 a------- c:\windows\sed.exe
2009-04-28 14:35 <DIR> --d----- c:\windows\pss
2009-04-28 10:48 6,786 a------- c:\windows\system32\%LocalXml%
2009-04-27 12:29 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-04-27 12:29 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-04-27 12:27 2,924,576 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-27 12:27 532,512 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-27 12:27 23,928 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-27 12:27 2,900 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-04-27 12:27 <DIR> --d----- c:\program files\Kaspersky Lab
2009-04-27 12:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-04-27 12:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

==================== Find3M ====================

2009-05-07 16:32 143,872 a------- c:\windows\system32\gznvqkei.dll
2009-04-30 21:59 102,912 a------- c:\windows\system32\wjlzqog.dll
2009-04-28 12:18 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
2008-10-03 18:18 18,312 a------- c:\docume~1\daniel\applic~1\GDIPFONTCACHEV1.DAT
2008-09-05 18:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 2:38:11.10 ===============


Here is a snippit from a Kasperky log that I created some weeks ago. It was way to big for me to attach so I am just pasting a little bit:
Date: Today (events: 26879)
Protection (events: 26879)
5/3/2009 10:33:57 PM Protection is not running Kaspersky Internet Security
5/3/2009 10:32:07 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/3/2009 10:31:55 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/3/2009 10:30:41 PM Threats have been detected Kaspersky Internet Security
5/3/2009 10:29:10 PM Protection is not running Kaspersky Internet Security
5/3/2009 10:28:54 PM Untreated Kaspersky Internet Security AVZ Guard error: C0000034
5/3/2009 9:02:10 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/3/2009 9:02:10 PM Threats have been detected Kaspersky Internet Security
5/3/2009 9:02:10 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/3/2009 3:00:45 AM Protection is not running Kaspersky Internet Security
5/3/2009 1:42:59 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/3/2009 1:42:57 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/3/2009 1:42:44 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/3/2009 1:42:44 AM Threats have been detected Kaspersky Internet Security
5/3/2009 1:42:44 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 5:33:51 PM Protection is not running Kaspersky Internet Security
5/2/2009 2:31:17 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 2:31:14 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 2:31:05 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/2/2009 2:31:05 PM Threats have been detected Kaspersky Internet Security
5/2/2009 2:31:05 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 6:36:09 AM Protection is not running Kaspersky Internet Security
5/2/2009 3:31:03 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 3:31:00 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 3:30:50 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/2/2009 3:30:50 AM Threats have been detected Kaspersky Internet Security
5/2/2009 3:30:50 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/2/2009 2:30:56 AM Protection is not running Kaspersky Internet Security
5/1/2009 10:50:21 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 10:50:19 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 10:07:07 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/1/2009 10:07:07 PM Threats have been detected Kaspersky Internet Security
5/1/2009 10:07:06 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 5:12:46 PM Protection is not running Kaspersky Internet Security
5/1/2009 3:13:29 PM Restored from quarantine Kaspersky Internet Security c:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir
5/1/2009 9:36:12 AM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir Written to report
5/1/2009 9:36:12 AM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir
5/1/2009 9:35:08 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 9:35:02 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 9:32:39 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/1/2009 9:32:39 AM Threats have been detected Kaspersky Internet Security
5/1/2009 9:32:39 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 9:30:52 AM Protection is not running Kaspersky Internet Security
5/1/2009 9:16:48 AM Threats have been detected Kaspersky Internet Security
5/1/2009 8:31:03 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 8:31:00 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 8:29:35 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/1/2009 8:29:35 AM Threats have been detected Kaspersky Internet Security
5/1/2009 8:29:35 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 3:17:36 AM Protection is not running Kaspersky Internet Security
5/1/2009 12:05:34 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 12:05:30 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
5/1/2009 12:03:39 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
5/1/2009 12:03:39 AM Threats have been detected Kaspersky Internet Security
5/1/2009 12:03:39 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 11:51:45 PM Protection is not running Kaspersky Internet Security
4/30/2009 10:31:24 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 10:31:20 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 10:30:02 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/30/2009 10:30:02 PM Threats have been detected Kaspersky Internet Security
4/30/2009 10:30:02 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 10:28:09 PM Protection is not running Kaspersky Internet Security
4/30/2009 10:27:36 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 10:25:45 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 10:25:25 PM Threats have been detected Kaspersky Internet Security
4/30/2009 10:03:49 PM Protection is not running Kaspersky Internet Security
4/30/2009 10:02:48 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/30/2009 10:02:48 PM Threats have been detected Kaspersky Internet Security
4/30/2009 10:02:48 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 9:46:46 PM Protection is not running Kaspersky Internet Security
4/30/2009 8:41:51 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/30/2009 8:41:51 PM Threats have been detected Kaspersky Internet Security
4/30/2009 8:41:51 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/30/2009 2:36:10 AM Protection is not running Kaspersky Internet Security
4/29/2009 9:06:45 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 9:05:09 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 9:04:50 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/29/2009 9:04:50 PM Threats have been detected Kaspersky Internet Security
4/29/2009 9:04:50 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 9:03:16 PM Protection is not running Kaspersky Internet Security
4/29/2009 9:41:22 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 9:41:18 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 9:40:59 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/29/2009 9:40:59 AM Threats have been detected Kaspersky Internet Security
4/29/2009 9:40:59 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/29/2009 2:47:24 AM Protection is not running Kaspersky Internet Security
4/28/2009 8:08:48 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 8:08:40 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 8:08:08 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 8:08:08 PM Threats have been detected Kaspersky Internet Security
4/28/2009 8:08:08 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 7:59:10 PM Protection is not running Kaspersky Internet Security
4/28/2009 4:11:47 PM Deleted: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0467AEE0-45E4-462C-B86F-E7C3157BAE9d}
4/28/2009 4:11:47 PM Disinfected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security HKCR\{0467aee0-45e4-462c-b86f-e7c3157bae9d}\InprocServer32
4/28/2009 4:11:38 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 4:11:34 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 4:11:04 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 4:11:04 PM Threats have been detected Kaspersky Internet Security
4/28/2009 4:11:04 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 3:58:20 PM Protection is not running Kaspersky Internet Security
4/28/2009 3:54:33 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 3:54:12 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 3:54:00 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 3:54:00 PM Threats have been detected Kaspersky Internet Security
4/28/2009 3:54:00 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 3:52:09 PM Protection is not running Kaspersky Internet Security
4/28/2009 2:46:08 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 2:46:08 PM Threats have been detected Kaspersky Internet Security
4/28/2009 2:46:08 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 2:44:13 PM Protection is not running Kaspersky Internet Security
4/28/2009 2:42:57 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 2:42:46 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 2:41:32 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 2:41:32 PM Threats have been detected Kaspersky Internet Security
4/28/2009 2:41:32 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 2:39:38 PM Protection is not running Kaspersky Internet Security
4/28/2009 1:03:50 PM Threats have been detected Kaspersky Internet Security
4/28/2009 1:02:43 PM Databases are obsolete Kaspersky Internet Security
4/28/2009 1:01:03 PM Protection is not running Kaspersky Internet Security
4/28/2009 12:58:32 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 12:58:32 PM Threats have been detected Kaspersky Internet Security
4/28/2009 12:58:32 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 12:56:42 PM Protection is not running Kaspersky Internet Security
4/28/2009 12:51:22 PM Restored from quarantine Kaspersky Internet Security c:\windows\system32\sdra64.exe
4/28/2009 12:51:22 PM Restored from quarantine Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe
4/28/2009 12:51:02 PM Threats have been detected Kaspersky Internet Security
4/28/2009 12:49:24 PM Protection is not running Kaspersky Internet Security
4/28/2009 12:48:36 PM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe Written to report
4/28/2009 12:48:36 PM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe
4/28/2009 12:47:41 PM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe Written to report
4/28/2009 12:47:41 PM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe
4/28/2009 12:46:45 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 12:46:43 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 12:46:34 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 12:36:44 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 12:36:40 PM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe Written to report
4/28/2009 12:36:40 PM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe
4/28/2009 12:35:42 PM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe Written to report
4/28/2009 12:35:42 PM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe
4/28/2009 12:34:45 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 12:34:25 PM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 12:20:43 PM Threats have been detected Kaspersky Internet Security
4/28/2009 12:18:30 PM Restored from quarantine Kaspersky Internet Security c:\windows\system32\sdra64.exe
4/28/2009 12:18:29 PM Restored from quarantine Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe
4/28/2009 12:18:26 PM Protection is not running Kaspersky Internet Security
4/28/2009 12:15:10 PM Databases are obsolete Kaspersky Internet Security
4/28/2009 12:10:03 PM Some components are disabled Kaspersky Internet Security
4/28/2009 11:50:11 AM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe Written to report
4/28/2009 11:50:11 AM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\windows\system32\sdra64.exe
4/28/2009 11:49:18 AM Untreated: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe Written to report
4/28/2009 11:49:18 AM Detected: HEUR:Trojan.Win32.Generic Kaspersky Internet Security c:\Documents and Settings\DANIEL\Local Settings\Temp\futu.exe
4/28/2009 11:48:07 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 11:47:59 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 11:47:34 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 11:47:34 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 11:47:34 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 11:45:41 AM Some components are disabled Kaspersky Internet Security
4/28/2009 11:42:20 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 11:42:20 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 11:42:20 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 11:40:25 AM Some components are disabled Kaspersky Internet Security
4/28/2009 10:53:41 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:47:01 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:46:00 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:45:29 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 10:45:29 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:45:29 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:33:59 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 10:33:59 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:33:59 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:32:13 AM Some components are disabled Kaspersky Internet Security
4/28/2009 10:27:44 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 10:27:44 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:27:44 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:25:42 AM Some components are disabled Kaspersky Internet Security
4/28/2009 10:24:48 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:22:14 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 10:22:14 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:22:14 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:20:11 AM Some components are disabled Kaspersky Internet Security
4/28/2009 10:13:24 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:13:17 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:12:49 AM Untreated: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll Skipped by user
4/28/2009 10:12:49 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:12:49 AM Detected: Trojan-Clicker.Win32.Delf.cbe Kaspersky Internet Security c:\windows\system32\gznvqkei.dll
4/28/2009 10:10:40 AM Some components are disabled Kaspersky Internet Security
4/28/2009 10:09:41 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:09:08 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:08:22 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:08:20 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:08:15 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:06:22 AM PRODUCT_STATE(56) Kaspersky Internet Security
4/28/2009 10:02:47 AM Some protection components are not running Kaspersky Internet Security
4/28/2009 10:02:36 AM Automatic updates are disabled Kaspersky Internet Security
4/28/2009 1:29:26 AM Some protection components are not running Kaspersky Internet Security
4/28/2009 1:29:14 AM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 11:58:31 PM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 11:58:31 PM Databases are out of date Kaspersky Internet Security
4/27/2009 11:58:29 PM Some protection components are not running Kaspersky Internet Security
4/27/2009 8:48:19 PM Some components are disabled Kaspersky Internet Security
4/27/2009 8:44:52 PM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 8:33:15 PM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 7:45:10 PM Some components are disabled Kaspersky Internet Security
4/27/2009 6:38:29 PM Some protection components are not running Kaspersky Internet Security
4/27/2009 6:37:39 PM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 4:11:48 PM Automatic updates are disabled Kaspersky Internet Security
4/27/2009 12:53:02 PM PRODUCT_STATE(56) Kaspersky Internet Security
4/27/2009 12:39:32 PM Automatic updates are disabled Kaspersky Internet Security
Protection (events: 26879)
5/3/2009 10:30:41 PM Task started Kaspersky Internet Security Files and Memory
5/3/2009 9:01:57 PM Task started Kaspersky Internet Security Files and Memory
5/3/2009 1:42:30 AM Task started Kaspersky Internet Security Files and Memory
5/2/2009 2:30:49 PM Task started Kaspersky Internet Security Files and Memory
5/2/2009 3:30:35 AM Task started Kaspersky Internet Security Files and Memory
5/1/2009 10:06:53 PM Task started Kaspersky Internet Security Files and Memory
5/1/2009 9:32:25 AM Task started Kaspersky Internet Security Files and Memory
5/1/2009 8:29:37 AM Task started Kaspersky Internet Security Files and Memory
5/1/2009 12:03:25 AM Task started Kaspersky Internet Security Files and Memory
4/30/2009 10:29:47 PM Task started Kaspersky Internet Security Files and Memory
4/30/2009 10:25:25 PM Task started Kaspersky Internet Security Files and Memory
4/30/2009 10:02:37 PM Task started Kaspersky Internet Security Files and Memory
4/30/2009 8:42:45 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/30/2009 8:42:45 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/30/2009 8:41:39 PM Task started Kaspersky Internet Security Files and Memory
4/29/2009 9:06:05 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:06:05 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:04:38 PM Task started Kaspersky Internet Security Files and Memory
4/29/2009 9:00:35 PM Detected: Trojan-Clicker.Win32.Delf.cbe FIXVUNDO.EXE C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:42:20 AM Cannot be deleted: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:42:06 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:41:56 AM Detected: Trojan-Clicker.Win32.Delf.cbe Generic Host Process for Win32 Services C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:41:53 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/29/2009 9:40:46 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 8:09:04 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 8:09:00 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 8:08:58 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 8:07:53 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 4:12:04 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 4:12:01 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 4:12:00 PM Detected: Trojan-Clicker.Win32.Delf.cbe Generic Host Process for Win32 Services C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 4:11:59 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 4:10:51 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 3:54:58 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 3:54:53 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 3:54:51 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 3:53:44 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 2:46:57 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 2:46:57 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 2:45:55 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 2:42:47 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 2:42:46 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 2:41:16 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 1:03:50 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 1:03:50 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 1:02:44 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 12:59:28 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:59:28 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:58:19 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 12:52:27 PM Deleted: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0467AEE0-45E4-462C-B86F-E7C3157BAE9d}
4/28/2009 12:52:27 PM Disinfected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application HKCR\{0467aee0-45e4-462c-b86f-e7c3157bae9d}\InprocServer32
4/28/2009 12:52:13 PM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:52:13 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:51:03 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 12:46:02 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:46:02 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:46:00 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:46:00 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:59 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:59 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:59 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:59 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:53 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:53 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:52 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:52 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:52 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:52 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:45:09 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:45:09 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:36:56 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Internet Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:36:56 PM Detected: Trojan-Clicker.Win32.Delf.cbe Internet Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:27:57 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:27:57 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:27:21 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:27:20 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:26:44 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:26:44 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:26:28 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:26:28 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:26:06 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Generic Host Process for Win32 Services C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:26:06 PM Detected: Trojan-Clicker.Win32.Delf.cbe Generic Host Process for Win32 Services C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:25:44 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:25:44 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:25:22 PM Untreated: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll Skipped by user
4/28/2009 12:25:22 PM Detected: Trojan-Clicker.Win32.Delf.cbe Windows Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 12:18:28 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 12:15:11 PM Task started Kaspersky Internet Security Files and Memory
4/28/2009 11:48:33 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:48:29 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:48:26 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:47:19 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 11:43:26 AM Detected: Trojan-Clicker.Win32.Delf.cbe Generic Host Process for Win32 Services C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:43:26 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:43:10 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:43:10 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 11:42:04 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:46:29 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:46:29 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:45:15 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:35:19 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:35:19 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:33:46 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:31:17 AM Detected: Trojan-Clicker.Win32.Delf.cbe Internet Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:31:17 AM Detected: Trojan-Clicker.Win32.Delf.cbe Internet Explorer C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:29:08 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:28:38 AM Will be deleted on system restart: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:28:38 AM Detected: Trojan-Clicker.Win32.Delf.cbe Windows NT Logon Application C:\WINDOWS\system32\gznvqkei.dll
4/28/2009 10:27:25 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:21:47 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:12:17 AM Task started Kaspersky Internet Security Files and Memory
4/28/2009 10:10:33 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.nu SYSGUARD.EXE C:\WINDOWS\SYSGUARD.EXE
4/28/2009 10:10:30 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.nu SYSGUARD.EXE C:\WINDOWS\SYSGUARD.EXE
4/28/2009 10:10:28 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.nu SYSGUARD.EXE C:\WINDOWS\SYSGUARD.EXE
4/28/2009 10:10:26 AM Detected: not-a-virus:FraudTool.Win32.WinSpywareProtect.nu SYSGUARD.EXE C:\WINDOWS\SYSGUARD.EXE

Attached Files



BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 30 May 2009 - 04:09 PM

Hello dmacc01.

If you still have the same issues, you may consider the following. But first, be absolutely aware that having the system without an antivirus program is an extremely dangerous thing.
Let's have you create a restore point (at this time).
1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the System Restore tab.
3. If there is a check mark next to "Turn off System Restore on all drives", then click on the line to clear it.
4. If C is your system drive (as it is in most cases) and you see other drives monitored in the list (like D, E, etc) click on the other drives, press Settings button, and get the other drives turned off.
5. we only want to monitor the drive with Windows o.s.
If you are unable to activate System Restore or if the service is disabled, then.....
from the Start button > RUN option .... type in
services.msc

look for System Restore service
If it is listed as off or inactive, press on the link at top left to Start it.

Next, See and do as outlined here http://bertk.mvps.org/html/createrp.html

After that, also do this:
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

=

1. Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

Download OTListIt by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTListIt2.exe
  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTListIt.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTListIt2 by clicking the X at top right.
Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):
  • the contents of OTListIt.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 dmacc01

dmacc01
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 16 July 2009 - 12:23 AM

Sorry for the delay. I have been out of town but am back and I'm still having the same issue. I thank you in advance for your help. Below are the requested log files:

•the contents of OTListIt.txt;
•the contents of Extras.txt ; and
•the contents of checkup.txt

OTL.TXT

OTL logfile created on: 7/15/2009 10:08:22 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\DANIEL\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.16 Mb Total Physical Memory | 472.21 Mb Available Physical Memory | 46.20% Memory free
2.40 Gb Paging File | 1.97 Gb Available in Paging File | 82.21% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.77 Gb Total Space | 19.10 Gb Free Space | 17.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DMACC
Current User Name: DANIEL
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/04/12 09:15:04 | 00,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/09/27 22:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2004/08/10 04:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/05/05 18:32:20 | 00,127,042 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/05/05 18:33:24 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe
PRC - [2005/06/29 09:36:48 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\MCECardBusTV.exe
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/07/28 12:27:03 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/08/03 11:13:36 | 00,303,104 | ---- | M] () -- C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe
PRC - [2004/04/13 20:45:30 | 00,290,905 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\PRISMSVR.exe
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 17:12:35 | 00,032,866 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
PRC - [2009/07/15 22:07:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DANIEL\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/04/28 12:18:05 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2004/09/27 22:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2004/08/10 04:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2009/04/25 03:50:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/04/12 09:15:04 | 00,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2005/05/05 18:32:20 | 00,127,042 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2005/05/05 18:33:24 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Running])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 11:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2008/04/13 11:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2008/04/13 11:46:07 | 00,013,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avcstrm.sys -- (AVCSTRM [On_Demand | Stopped])
DRV - [2004/12/02 18:23:18 | 00,605,312 | ---- | M] (Bison Electronics. Inc. ) -- C:\WINDOWS\System32\Drivers\Bs350u2.sys -- (Cam5603C [On_Demand | Running])
DRV - [2004/11/24 02:17:06 | 00,533,664 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\WINDOWS\System32\DRIVERS\Cap7134.sys -- (Cap7134 [On_Demand | Stopped])
DRV - [2004/08/10 05:00:00 | 00,023,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cqhcyenc.sys -- (cqhcyenc [Boot | Running])
DRV - [2005/05/05 14:33:24 | 00,159,744 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\fasttx2k.sys -- (fasttx2k [Boot | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/08/12 17:45:52 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/04/12 09:07:50 | 00,099,456 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2005/04/12 09:07:30 | 00,029,056 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2005/04/12 02:07:25 | 00,028,160 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [System | Running])
DRV - [2005/05/05 18:33:38 | 02,319,808 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/07/21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2009/04/28 12:18:05 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2008/03/13 19:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klfltdev.sys -- (KLFLTDEV [On_Demand | Running])
DRV - [2009/04/28 12:18:05 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2008/04/30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2007/06/23 17:13:29 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2006/01/12 01:10:05 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2003/11/11 08:33:54 | 00,013,195 | ---- | M] (Matsubleepa Electric Industorial Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\meistrm.sys -- (MEISTRM [On_Demand | Stopped])
DRV - [2003/11/11 08:34:00 | 00,022,891 | ---- | M] (Matsubleepa Electric Industorial Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\meistb.sys -- (MEITUNER [On_Demand | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/29 03:26:42 | 00,049,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mstapeo.sys -- (MSPANEL [On_Demand | Stopped])
DRV - [2005/05/05 18:33:24 | 00,229,720 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\SLDRV\Mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
DRV - [2005/05/05 18:33:24 | 01,396,048 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\SLDRV\Mtlstrm.sys -- (Mtlstrm [On_Demand | Running])
DRV - [2005/05/05 18:32:20 | 03,137,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/11/24 03:08:30 | 00,028,800 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\WINDOWS\System32\DRIVERS\PhTVTune.sys -- (PhTVTune [On_Demand | Stopped])
DRV - [2004/08/10 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/12/11 12:46:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:53:32 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\qv2kux.sys -- (QV2KUX [On_Demand | Stopped])
DRV - [2005/05/05 18:33:24 | 00,014,520 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys -- (RecAgent [Boot | Running])
DRV - [2005/05/05 18:33:26 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/05/05 18:33:24 | 00,230,448 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\SLDRV\slazldrv.sys -- (Slazldrv [On_Demand | Running])
DRV - [2005/05/05 18:33:24 | 00,101,136 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\SLDRV\Slnthal.sys -- (SlNtHal [On_Demand | Running])
DRV - [2005/05/05 18:33:24 | 00,013,216 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\SLDRV\SlWdmSup.sys -- (SlWdmSup [On_Demand | Running])
DRV - [1904/08/09 21:02:00 | 00,385,920 | R--- | M] (SMC Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\2835WICB.sys -- (SMC2835W_PCI [On_Demand | Running])
DRV - [2005/05/05 18:33:20 | 00,193,216 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2002/11/20 17:45:50 | 00,002,218 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\vncdrv.sys -- (vncdrv [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/11 00:37:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/04/27 19:48:03 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: () - {265FD4BD-E7AA-4450-9FD6-80678894AE58} - C:\WINDOWS\System32\byhvbvy.dll ()
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MCECardBusTV] C:\WINDOWS\System32\MCECardBusTV.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:\Program Files\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\SMC11GMonitor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://smc-notes.smc.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader.cab (MySpace Uploader Control)
O16 - DPF: {4AEF8AEE-3DE8-4B69-8B6E-6353B6C59B50} http://onesite.realpage.com/coreglobal/Rea...ab/Realpage.cab (Utility Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://24.248.96.243/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\AlienGUIse\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/28 14:14:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fb2a3a82-9cb6-11dd-bf98-0004e2d9a5cf}\Shell - "" = AutoRun
O33 - MountPoints2\{fb2a3a82-9cb6-11dd-bf98-0004e2d9a5cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb2a3a82-9cb6-11dd-bf98-0004e2d9a5cf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/15 22:09:30 | 00,000,090 | -HS- | C] () -- C:\WINDOWS\klif.spi
[2009/07/15 22:04:26 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DANIEL\Desktop\OTL.exe
[2009/07/15 21:20:30 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\DANIEL\Desktop\NTREGOPT.lnk
[2009/07/15 21:20:30 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\DANIEL\Desktop\ERUNT.lnk
[2009/07/15 21:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/14 11:27:15 | 00,179,921 | ---- | C] () -- C:\Documents and Settings\DANIEL\Desktop\StateFarm Gold Ball Ticket Promo.JPG
[2009/07/14 10:17:26 | 00,018,723 | ---- | C] () -- C:\Documents and Settings\DANIEL\Desktop\StateFarm Gold Ball Ticket Promo.pdf
[2009/07/08 16:51:58 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/08 16:51:49 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/08 16:48:33 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/06/23 21:53:08 | 42,325,706 | ---- | C] () -- C:\Documents and Settings\DANIEL\Desktop\elysium.zip
[2009/06/23 11:48:23 | 41,950,175 | ---- | C] () -- C:\Documents and Settings\DANIEL\Desktop\DogTrainingBlueprint.pdf
[2009/06/23 11:44:23 | 06,736,292 | ---- | C] () -- C:\Documents and Settings\DANIEL\Desktop\Fuel - Daniel (acoustic).mp3
[2009/06/23 11:44:09 | 06,533,155 | ---- | C] () -- C:\Documents and Settings\DANIEL\Desktop\Fuel-Daniel-acoustic.zip
[2009/06/15 13:14:17 | 00,208,896 | ---- | C] () -- C:\WINDOWS\LiveClient.dll
[2009/06/15 13:14:17 | 00,176,128 | ---- | C] () -- C:\WINDOWS\GeoCodecLib.dll
[2007/12/11 12:46:02 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/12/11 12:44:28 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/12/11 12:44:28 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/12/11 12:43:44 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/05/05 14:54:25 | 00,000,266 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/16 13:43:49 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2006/12/16 13:41:33 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/12/16 13:41:33 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/12/16 13:41:33 | 00,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/07/01 12:21:14 | 00,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/04/25 21:10:26 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/12 01:31:47 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/29 07:30:50 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/29 05:36:13 | 00,000,105 | ---- | C] () -- C:\WINDOWS\wb.ini
[2005/12/29 05:34:23 | 00,015,190 | ---- | C] () -- C:\WINDOWS\M1000Twn.ini
[2005/06/29 06:14:51 | 00,002,340 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/06/28 16:51:10 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/06/28 16:51:10 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/06/28 16:51:10 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005/06/28 16:51:10 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2005/06/28 16:50:47 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/06/28 14:37:47 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2005/06/28 14:37:47 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2005/05/05 18:33:24 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2005/05/05 18:33:24 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2005/05/05 18:33:24 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\slcoinst.dll
[2004/08/10 05:00:00 | 00,143,872 | ---- | C] () -- C:\WINDOWS\System32\gznvqkei.dll
[2004/08/10 05:00:00 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\wjlzqog.dll
[2004/08/10 05:00:00 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\byhvbvy.dll
[2004/08/10 05:00:00 | 00,000,735 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/07/15 22:09:30 | 00,000,090 | -HS- | M] () -- C:\WINDOWS\klif.spi
[2009/07/15 22:07:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DANIEL\Desktop\OTL.exe
[2009/07/15 22:04:21 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/15 21:20:30 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\DANIEL\Desktop\NTREGOPT.lnk
[2009/07/15 21:20:30 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\DANIEL\Desktop\ERUNT.lnk
[2009/07/15 21:14:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/07/15 21:14:46 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/07/15 21:03:59 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/07/15 21:03:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/07/15 21:01:36 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/15 21:01:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/15 21:00:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/15 21:00:57 | 10,718,82240 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/15 20:59:43 | 02,924,576 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/07/15 20:59:43 | 00,565,280 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/07/15 20:59:43 | 00,023,928 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/07/15 20:59:43 | 00,003,012 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/07/15 20:57:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/07/15 20:57:40 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/07/15 20:03:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/07/15 20:03:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/07/15 01:07:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/07/15 01:07:13 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/07/15 00:41:12 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/07/15 00:41:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/07/14 11:27:15 | 00,179,921 | ---- | M] () -- C:\Documents and Settings\DANIEL\Desktop\StateFarm Gold Ball Ticket Promo.JPG
[2009/07/14 10:25:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/07/14 10:25:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/07/14 10:17:29 | 00,018,723 | ---- | M] () -- C:\Documents and Settings\DANIEL\Desktop\StateFarm Gold Ball Ticket Promo.pdf
[2009/07/14 10:17:27 | 00,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2009/07/14 09:31:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/07/14 09:31:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/07/14 09:21:59 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/07/14 09:21:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/07/13 22:58:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/07/13 22:58:11 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/07/13 13:48:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/07/13 13:48:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/07/13 10:31:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/07/13 10:31:26 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/07/13 08:56:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/07/13 08:56:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/07/12 22:15:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/07/12 22:15:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/07/12 21:32:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/07/12 21:32:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/07/12 03:13:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/07/12 03:13:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/07/12 00:55:46 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/07/12 00:55:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/07/11 01:50:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/07/11 01:50:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/07/10 01:44:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/07/10 01:44:50 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/07/09 10:11:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/07/09 10:11:57 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/07/08 15:38:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/23 21:54:13 | 42,325,706 | ---- | M] () -- C:\Documents and Settings\DANIEL\Desktop\elysium.zip
[2009/06/23 13:27:30 | 06,736,292 | ---- | M] () -- C:\Documents and Settings\DANIEL\Desktop\Fuel - Daniel (acoustic).mp3
[2009/06/23 11:48:31 | 41,950,175 | ---- | M] () -- C:\Documents and Settings\DANIEL\Desktop\DogTrainingBlueprint.pdf
[2009/06/23 11:44:12 | 06,533,155 | ---- | M] () -- C:\Documents and Settings\DANIEL\Desktop\Fuel-Daniel-acoustic.zip
[2009/06/17 11:23:35 | 00,143,872 | ---- | M] () -- C:\Documents and Settings\DANIEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/05/09 10:27:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/16 21:55:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/09 10:27:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/12/29 05:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2005/12/29 05:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2006/07/01 12:20:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/07/14 10:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/01/12 01:10:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2009/04/28 10:31:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DANIEL\Application Data
[2006/02/03 18:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DANIEL\Application Data\Ahead
[2006/03/25 12:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DANIEL\Application Data\CyberLink
[2006/08/02 10:46:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DANIEL\Application Data\ICAClient
[2006/07/01 12:20:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DANIEL\Application Data\Intuit
[2006/12/16 13:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DANIEL\Application Data\pdf995
[2009/04/10 10:39:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DANIEL\Application Data\U3
[2009/06/17 12:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DANIEL\Application Data\uTorrent
[2009/07/08 15:38:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/15 21:01:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 4564 bytes -> C:\WINDOWS\Alien.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware_logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc
< End of report >

__________________

Extras.Txt

OTL Extras logfile created on: 7/15/2009 10:08:22 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\DANIEL\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.16 Mb Total Physical Memory | 472.21 Mb Available Physical Memory | 46.20% Memory free
2.40 Gb Paging File | 1.97 Gb Available in Paging File | 82.21% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.77 Gb Total Space | 19.10 Gb Free Space | 17.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DMACC
Current User Name: DANIEL
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/05/16 16:54:13 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/29 18:57:48 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2009/06/05 13:39:18 | 14,073,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9CAD3195-9804-4796-AED3-9DA7AAC8F7B9}" = SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter
"{A0BD89C0-D39D-11D5-BBEC-00D0B740900A}" = Multimedia / Internet Keyboard Driver VerR8.16
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9E3ACAB-1A3B-4B67-A653-916F250ABAD4}" = BisonCam, USB2.0
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AlienGUIse" = AlienGUIse
"AVerMedia Hardware MPEG CardBus TV2.4.28.4" = AVerMedia Hardware MPEG CardBus TV
"ERUNT_is1" = ERUNT 1.1j
"Heavy Weapon Deluxe" = Heavy Weapon Deluxe
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{9CAD3195-9804-4796-AED3-9DA7AAC8F7B9}" = SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"LimeWire" = LimeWire 4.10.3
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"Rhapsody" = Rhapsody
"SLAMRNTV" = Smart Link 56K Voice Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Theme Manager" = Theme Manager
"TsActiveXClient" = Remote Desktop Web Connection
"VLC media player" = VideoLAN VLC media player 0.8.6b
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2009 4:30:46 AM | Computer Name = DMACC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/24/2009 4:30:47 AM | Computer Name = DMACC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/24/2009 4:30:47 AM | Computer Name = DMACC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/24/2009 4:30:48 AM | Computer Name = DMACC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/24/2009 4:30:48 AM | Computer Name = DMACC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/24/2009 4:30:59 AM | Computer Name = DMACC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/24/2009 4:30:59 AM | Computer Name = DMACC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/24/2009 4:31:01 AM | Computer Name = DMACC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/7/2009 3:54:25 AM | Computer Name = DMACC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2009 12:46:59 PM | Computer Name = DMACC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.


< End of report >
______________________

checkup.txt

Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Java™ 6 Update 13
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````


Scan took 5 seconds.
`````````End of Log```````````

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 17 July 2009 - 10:22 AM

Hello Daniel,

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!
Posted Image
If you are a casual viewer, do NOT try this on your system!
If you are not dmacc01 and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Posted Image Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\System32\byhvbvy.dll
    C:\sqm*.sqm
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    
    :Commands
    [purity]
    [emptytemp]
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

=

Next, download & save Malwarebytes Anti-Malware from
http://www.download.com/Malwarebytes-Anti-..._4-10804572.htm or
http://www.besttechie.net/tools/mbam-setup.exe or
http://malwarebytes.gt500.org/mbam.jsp

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


=
Next, Download and save to your Dekstop: PrevX CSI: http://www.prevx.com/freescan.asp

Run Prevx CSI.
If it wants to reboot when finished, do so.

=

Reply with copies of the OTL MovedFiles log
the MBAM scan log
and advise me, How is your system now ?

Edited by Maurice Naggar, 17 July 2009 - 10:23 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 11 August 2009 - 07:13 PM

This thread is closed due to lack of response.
The advice given here is only for this system.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users