Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winlogon.exe error causing system crash


  • This topic is locked This topic is locked
18 replies to this topic

#1 cody10

cody10

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 19 October 2009 - 09:51 PM

Root Repeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/18 22:19
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2662000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BD1000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEF24A000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf2757350

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf2757580

Stealth Objects
-------------------
Object: Hidden Module [Name: wcgqjnb.dll]
Process: winlogon.exe (PID: 1116) Address: 0x01720000 Size: 282624

Object: Hidden Module [Name: wcgqjnb.dll]
Process: svchost.exe (PID: 1592) Address: 0x01f50000 Size: 282624

Object: Hidden Module [Name: wcgqjnb.dll]
Process: Explorer.EXE (PID: 1428) Address: 0x01dc0000 Size: 282624

==EOF==

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:53 PM, on 10/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Bradford Networks\Client Security Agent\bncsaui.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Documents and Settings\cody\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {05748C10-A6AD-464F-9B43-5F7942131EE3} - C:\WINDOWS\system32\zciqgdnq.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0776CBA8-C029-4EA6-A8A6-11507BB784E9} - c:\windows\system32\wcgqjnb.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {8963C3D0-92A9-4B89-8F31-BE9AC9145831} - (no file)
O2 - BHO: Shopping Advisor - {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - C:\PROGRA~1\BUYSAF~1\BUYSAF~1.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Shopping Advisor - {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - C:\PROGRA~1\BUYSAF~1\BUYSAF~1.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [hcsystray] "C:\Program Files\Kuma Games\hcsystray\hc_tray.exe"

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:05 PM

Posted 30 October 2009 - 09:56 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 cody10

cody10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 30 October 2009 - 10:03 PM

OTL logfile created on: 10/30/2009 10:58:23 PM - Run 1
OTL by OldTimer - Version 3.1.1.5 Folder = C:\Documents and Settings\cody\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 151.29 Mb Available Physical Memory | 14.78% Memory free
2.40 Gb Paging File | 1.60 Gb Available in Paging File | 66.59% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 25.52 Gb Free Space | 34.28% Space Free | Partition Type: NTFS
Drive D: | 4.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJCMGT71
Current User Name: cody
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/30 22:57:45 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cody\My Documents\Downloads\OTL(2).exe
PRC - [2009/10/29 23:04:44 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/21 15:46:58 | 12,993,816 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/02 13:00:42 | 00,157,120 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2009/03/31 14:58:50 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/08 11:21:05 | 00,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 11:19:23 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/23 13:32:10 | 02,645,384 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
PRC - [2008/02/23 13:32:06 | 01,924,488 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Client Security Agent\bncsaui.exe
PRC - [2007/10/07 21:48:40 | 00,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/10/07 21:48:36 | 00,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/10/07 21:48:32 | 01,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/10/07 21:48:24 | 00,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/05/29 17:33:36 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/08/02 15:33:02 | 00,159,832 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe
PRC - [2005/08/02 15:33:02 | 00,151,640 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
PRC - [2005/07/06 23:59:20 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/07/06 23:59:20 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/07/06 23:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/06/07 00:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/03/04 12:26:08 | 00,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2005/03/04 00:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
PRC - [2004/12/22 14:42:22 | 00,045,056 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
PRC - [2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2004/10/30 15:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/13 17:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 17:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 17:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/08/19 15:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/04/26 09:04:14 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/04/01 19:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\BAsfIpM.exe
PRC - [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [1999/09/30 22:31:38 | 00,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


========== Win32 Services (SafeList) ==========

SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - File not found --
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
SRV - [2009/03/31 14:58:50 | 00,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
SRV - [2008/09/08 11:19:23 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
SRV - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
SRV - [2008/04/13 20:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nwwks.dll
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
SRV - [2008/02/23 13:32:10 | 02,645,384 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
SRV - [2007/10/07 21:48:36 | 00,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
SRV - [2007/10/07 21:48:32 | 01,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
SRV - [2007/10/07 21:48:24 | 00,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
SRV - [2007/08/28 20:04:25 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
SRV - [2007/07/26 20:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
SRV - [2007/05/29 17:33:36 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
SRV - [2005/07/06 23:59:20 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SRV - [2005/03/04 00:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
SRV - [2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
SRV - [2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SRV - [2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
SRV - [2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
SRV - [2004/08/04 06:00:00 | 00,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wcgqjnb.dll
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
SRV - [2004/04/01 19:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\BAsfIpM.exe
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Driver Services (SafeList) ==========

DRV - [2009/08/27 04:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091013.002\NAVEX15.SYS
DRV - [2009/08/27 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
DRV - [2009/08/27 04:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
DRV - [2009/08/27 04:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091013.002\NAVENG.SYS
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
DRV - [2009/02/16 23:31:04 | 00,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
DRV - [2008/04/13 14:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys
DRV - [2008/04/13 14:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys
DRV - [2007/11/15 16:30:48 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
DRV - [2007/08/27 18:13:36 | 00,189,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys
DRV - [2007/08/27 18:13:32 | 00,023,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
DRV - [2007/07/26 20:25:18 | 00,400,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
DRV - [2006/09/06 15:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys
DRV - [2005/07/07 00:02:18 | 01,132,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
DRV - [2005/07/05 12:54:15 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys
DRV - [2005/06/24 19:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys
DRV - [2005/05/26 12:01:36 | 00,038,144 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys
DRV - [2005/05/26 12:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys
DRV - [2005/04/11 10:17:42 | 00,173,056 | ---- | M] (Funk Software, Inc.) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys
DRV - [2005/03/10 23:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys
DRV - [2005/01/17 14:13:28 | 00,098,304 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\TosRfbd.sys
DRV - [2004/12/22 05:38:12 | 00,034,816 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfusb.sys
DRV - [2004/12/06 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys
DRV - [2004/12/06 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys
DRV - [2004/12/06 02:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys
DRV - [2004/12/06 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys
DRV - [2004/12/06 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys
DRV - [2004/12/06 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys
DRV - [2004/12/06 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys
DRV - [2004/12/06 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys
DRV - [2004/12/06 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys
DRV - [2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys
DRV - [2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys
DRV - [2004/11/16 17:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys
DRV - [2004/11/16 16:51:54 | 00,050,048 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\TosRfhid.sys
DRV - [2004/10/21 21:56:04 | 03,210,496 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys
DRV - [2004/10/05 04:33:02 | 00,062,799 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfcom.sys
DRV - [2004/09/03 18:23:38 | 00,121,472 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys
DRV - [2004/08/31 09:53:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys
DRV - [2004/08/18 15:53:54 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
DRV - [2004/08/12 09:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iwca.sys
DRV - [2004/08/04 06:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
DRV - [2004/08/04 06:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
DRV - [2004/08/04 06:00:00 | 00,023,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ssfuintq.sys
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
DRV - [2004/08/02 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys
DRV - [2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys
DRV - [2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys
DRV - [2004/06/17 21:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys
DRV - [2004/06/17 21:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys
DRV - [2004/06/17 21:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys
DRV - [2004/05/03 22:26:16 | 00,080,384 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\gtipci21.sys
DRV - [2004/03/24 11:12:44 | 00,004,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\bvrp_pci.sys
DRV - [2004/03/17 19:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
DRV - [2004/02/13 17:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys
DRV - [2003/04/24 17:21:50 | 00,006,025 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BASFND.sys
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys


========== Modules (SafeList) ==========

MOD - [2009/10/30 22:57:45 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cody\My Documents\Downloads\OTL(2).exe
MOD - [2008/04/14 06:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 20:12:07 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008/04/13 20:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008/04/13 20:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 10 8C 74 05 AD A6 4F 46 9B 43 5F 79 42 13 1E E3 [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 10 8C 74 05 AD A6 4F 46 9B 43 5F 79 42 13 1E E3 [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...r/fix_homepage/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 10 8C 74 05 AD A6 4F 46 9B 43 5F 79 42 13 1E E3 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...r/fix_homepage/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 10 8C 74 05 AD A6 4F 46 9B 43 5F 79 42 13 1E E3 [binary data]

IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default = FB EA FC 3F F5 CF 40 49 90 5D 3A 4F 75 AC 00 11 [binary data]
IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi3A 4F 75 AC 00 11
IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 10 8C 74 05 AD A6 4F 46 9B 43 5F 79 42 13 1E E3 [binary data]
IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\S-1-5-21-3407942167-684518245-2411111340-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\S-1-5-21-3407942167-684518245-2411111340-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.toggle.com/index.php?rvs=hompag"

FF - HKLM\software\mozilla\Firefox\Extensions\\{AF75036D-ED05-4EFE-BB41-B36FDC850405}: C:\Documents and Settings\cody\Local Settings\Application Data\{AF75036D-ED05-4EFE-BB41-B36FDC850405} [2009/01/07 18:07:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/10 12:20:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 23:05:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 23:05:08 | 00,000,000 | ---D | M]

C:\Documents and Settings\cody\Application Data\Mozilla\Extensions -> [2008/08/30 15:32:32 | 00,000,000 | ---D | M] --
C:\Documents and Settings\cody\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/08/30 15:32:32 | 00,000,000 | ---D | M] --
C:\Documents and Settings\cody\Application Data\Mozilla\Firefox\Profiles\k809zv1s.default\extensions -> [2008/02/25 19:50:19 | 00,000,000 | ---D | M] --
C:\Documents and Settings\cody\Application Data\Mozilla\Firefox\Profiles\k809zv1s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2007/10/22 02:04:16 | 00,000,000 | ---D | M] --
C:\Documents and Settings\cody\Application Data\Mozilla\Firefox\Profiles\k809zv1s.default\extensions\{eeac67f0-a95c-4e02-b97b-278d11977b83} -> [2009/10/30 20:19:42 | 00,000,000 | ---D | M] --
C:\Documents and Settings\cody\Application Data\Mozilla\Firefox\Profiles\ys8ss58g.Cody Watson\extensions -> [2009/10/29 23:16:33 | 00,000,000 | ---D | M] --
C:\Documents and Settings\cody\Application Data\Mozilla\Firefox\Profiles\ys8ss58g.Cody Watson\extensions\{eeac67f0-a95c-4e02-b97b-278d11977b83} -> [2009/10/30 20:19:43 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions -> [2009/10/29 23:16:31 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/10/29 23:05:08 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -> [2008/03/08 21:30:39 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/07/10 12:20:28 | 00,000,000 | ---D | M] --
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -> [2009/09/27 15:21:37 | 00,000,000 | ---D | M] --
[2009/10/29 23:04:41 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 23:04:42 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/01/07 17:47:12 | 00,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\ffwt.dll
[2007/09/20 14:22:35 | 00,024,672 | ---- | M] (Ask.com) -- C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/04/24 11:36:16 | 01,452,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/10/29 23:04:56 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/07/28 23:04:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/07/28 23:04:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/07/28 23:04:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/07/28 23:04:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/07/28 23:04:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/07/28 23:04:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/07/28 23:04:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/10 21:31:07 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/10 21:31:07 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/09/10 21:31:07 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/10 21:31:07 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/10 21:31:07 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/10 21:31:07 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/10 21:31:07 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (83 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {05748C10-A6AD-464F-9B43-5F7942131EE3} - C:\WINDOWS\system32\zciqgdnq.dll ()
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {0776CBA8-C029-4EA6-A8A6-11507BB784E9} - C:\WINDOWS\system32\wcgqjnb.dll (Microsoft Corporation)
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: (no name) - {8963C3D0-92A9-4B89-8F31-BE9AC9145831} - No CLSID value found.
O2 - BHO: (Shopping Advisor) - {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - C:\Program Files\buySAFEShoppingAdvisor\buySAFEShoppingAdvisor.dll (buySAFE )
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (Shopping Advisor) - {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - C:\Program Files\buySAFEShoppingAdvisor\buySAFEShoppingAdvisor.dll (buySAFE )
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\..\Toolbar\WebBrowser: (Shopping Advisor) - {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - C:\Program Files\buySAFEShoppingAdvisor\buySAFEShoppingAdvisor.dll (buySAFE )
O3 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [bncsaui.exe] C:\Program Files\Bradford Networks\Client Security Agent\bncsaui.exe (Bradford Networks)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131734091\ee\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [j9221830] C:\WINDOWS\System32\j9221830.DLL File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
O4 - Startup: C:\Documents and Settings\cody\Start Menu\Programs\Startup\V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe (Smith Micro Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3407942167-684518245-2411111340-1006_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: &Viewpoint Search - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll File not found
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll File not found
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1122232897781 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.16 68.105.29.16
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\bhxzfbeq: DllName - wcgqjnb.dll - C:\WINDOWS\System32\wcgqjnb.dll (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/29 23:23:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\cody\Local Settings\Application Data\xzzkrtlv
[2009/10/29 23:23:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\cody\Application Data\xzzkrtlv
[2009/10/18 20:42:21 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\cody\Recent
[2009/10/11 15:23:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/10/11 15:23:05 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/10/11 15:04:53 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\cody\PrivacIE
[2009/10/11 14:51:36 | 00,000,000 | ---D | C] -- C:\STOPzilla!
[2009/10/04 15:26:42 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/10/01 23:55:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\cody\My Documents\Downloads
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[168 C:\Documents and Settings\cody\My Documents\*.tmp files -> C:\Documents and Settings\cody\My Documents\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/10/30 20:20:04 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/30 20:18:18 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/10/30 20:18:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/30 20:17:06 | 00,000,376 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/10/30 20:17:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/30 20:16:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/30 20:16:05 | 10,731,43808 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/30 02:35:31 | 10,747,904 | -H-- | M] () -- C:\Documents and Settings\cody\NTUSER.DAT
[2009/10/30 02:35:09 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\cody\ntuser.ini
[2009/10/29 23:03:13 | 00,001,088 | ---- | M] () -- C:\Documents and Settings\cody\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
[2009/10/25 21:59:02 | 02,359,350 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2009/10/23 22:33:31 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/23 03:30:00 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ErrorSweeper Scheduled Scan.job
[2009/10/22 22:56:13 | 00,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/10/22 22:56:00 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/10/17 18:40:46 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\cody\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/09 02:37:26 | 08,071,442 | -H-- | M] () -- C:\Documents and Settings\cody\Local Settings\Application Data\IconCache.db
[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[168 C:\Documents and Settings\cody\My Documents\*.tmp files -> C:\Documents and Settings\cody\My Documents\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/22 22:56:09 | 00,000,370 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2009/10/11 15:23:25 | 00,000,436 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/10/11 15:23:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/10/11 15:23:05 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/03/22 02:40:44 | 00,006,104 | ---- | C] () -- C:\Documents and Settings\cody\Local Settings\Application Data\0776CBA8-C029-4EA6-A8A6-11507BB784E9.txt
[2009/02/17 01:27:46 | 00,000,125 | ---- | C] () -- C:\WINDOWS\ofoqekojoto.dll
[2009/02/17 01:06:46 | 00,000,125 | ---- | C] () -- C:\WINDOWS\azivoneg.dll
[2009/02/17 00:38:24 | 00,000,125 | ---- | C] () -- C:\WINDOWS\uhogotaneku.dll
[2009/02/17 00:09:26 | 00,000,125 | ---- | C] () -- C:\WINDOWS\eqobewahazuyos.dll
[2009/02/16 23:36:26 | 00,000,125 | ---- | C] () -- C:\WINDOWS\abuvomuy.dll
[2009/02/16 22:34:24 | 00,000,125 | ---- | C] () -- C:\WINDOWS\ofobesidacibiso.dll
[2009/02/16 21:32:25 | 00,000,125 | ---- | C] () -- C:\WINDOWS\asocofir.dll
[2009/02/16 20:30:24 | 00,000,125 | ---- | C] () -- C:\WINDOWS\aximarigafeyuzub.dll
[2009/02/16 19:28:24 | 00,000,125 | ---- | C] () -- C:\WINDOWS\ihucelot.dll
[2009/02/16 18:26:24 | 00,000,125 | ---- | C] () -- C:\WINDOWS\ujolarejuc.dll
[2009/02/16 17:24:24 | 00,000,125 | ---- | C] () -- C:\WINDOWS\eliyusikuno.dll
[2009/02/16 16:22:24 | 00,000,125 | ---- | C] () -- C:\WINDOWS\ohasiziwawazula.dll
[2008/02/17 23:29:59 | 00,000,294 | -HS- | C] () -- C:\WINDOWS\System32\vxeeqnsg.ini
[2008/01/23 15:24:22 | 00,000,321 | -HS- | C] () -- C:\WINDOWS\System32\dfhkj.ini
[2008/01/15 23:03:41 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2008/01/07 17:47:12 | 00,000,010 | ---- | C] () -- C:\Program Files\.autoreg
[2008/01/06 18:29:52 | 01,044,104 | -HS- | C] () -- C:\WINDOWS\System32\eyacrime.ini
[2008/01/06 17:26:51 | 01,044,040 | -HS- | C] () -- C:\WINDOWS\System32\suvmugby.ini
[2008/01/05 17:20:33 | 01,043,980 | -HS- | C] () -- C:\WINDOWS\System32\wtjxjvpo.ini
[2008/01/04 17:19:13 | 01,043,920 | -HS- | C] () -- C:\WINDOWS\System32\xtgkhhqm.ini
[2008/01/03 13:16:38 | 01,038,424 | -HS- | C] () -- C:\WINDOWS\System32\idfruxvy.ini
[2008/01/02 13:11:24 | 01,038,364 | -HS- | C] () -- C:\WINDOWS\System32\ooswhxsb.ini
[2007/12/26 21:00:09 | 00,969,484 | -HS- | C] () -- C:\WINDOWS\System32\uhlpdwug.ini
[2007/12/24 20:58:39 | 01,010,253 | -HS- | C] () -- C:\WINDOWS\System32\imaaocwp.ini
[2007/12/24 19:55:39 | 01,010,086 | -HS- | C] () -- C:\WINDOWS\System32\svuqhkke.ini
[2007/12/23 12:55:30 | 00,990,814 | -HS- | C] () -- C:\WINDOWS\System32\sqvrxmca.ini
[2007/12/19 01:38:12 | 00,990,870 | -HS- | C] () -- C:\WINDOWS\System32\kmiduckt.ini
[2007/12/18 20:41:08 | 00,986,079 | -HS- | C] () -- C:\WINDOWS\System32\cjqjiykn.ini
[2007/12/18 19:35:22 | 00,985,974 | -HS- | C] () -- C:\WINDOWS\System32\ugvvxghr.ini
[2007/12/12 00:14:52 | 00,906,348 | -HS- | C] () -- C:\WINDOWS\System32\iydaeesy.ini
[2007/12/10 20:35:50 | 00,912,971 | -HS- | C] () -- C:\WINDOWS\System32\ipqrufka.ini
[2007/12/06 12:41:22 | 00,834,340 | -HS- | C] () -- C:\WINDOWS\System32\mjrjwrud.ini
[2007/12/03 13:27:53 | 00,792,589 | -HS- | C] () -- C:\WINDOWS\System32\cgrcjiuo.ini
[2007/12/03 11:22:25 | 00,792,480 | -HS- | C] () -- C:\WINDOWS\System32\njdcgahw.ini
[2007/11/29 18:28:14 | 00,789,659 | -HS- | C] () -- C:\WINDOWS\System32\dvfscahk.ini
[2007/11/27 20:39:42 | 00,789,478 | -HS- | C] () -- C:\WINDOWS\System32\xipvvkeq.ini
[2007/11/26 19:24:57 | 00,590,000 | -HS- | C] () -- C:\WINDOWS\System32\wiujqluf.ini
[2007/11/24 12:32:21 | 00,008,322 | -HS- | C] () -- C:\WINDOWS\System32\ilnmp.ini
[2007/11/23 13:18:22 | 00,585,535 | -HS- | C] () -- C:\WINDOWS\System32\gpklmesh.ini
[2007/11/23 13:12:16 | 00,467,408 | -HS- | C] () -- C:\WINDOWS\System32\jjjlm.ini
[2007/11/21 00:42:11 | 00,895,503 | -HS- | C] () -- C:\WINDOWS\System32\ytgsjbtr.ini
[2007/11/18 14:10:32 | 00,058,232 | -HS- | C] () -- C:\WINDOWS\System32\ghkmp.ini
[2007/11/18 13:00:57 | 00,816,044 | -HS- | C] () -- C:\WINDOWS\System32\jcvlhave.ini
[2007/11/18 12:53:16 | 00,467,478 | -HS- | C] () -- C:\WINDOWS\System32\jjjlm.ini2
[2007/11/17 11:04:55 | 00,678,040 | -HS- | C] () -- C:\WINDOWS\System32\picjjods.ini
[2007/11/14 22:36:19 | 00,656,981 | -HS- | C] () -- C:\WINDOWS\System32\phjwwejj.ini
[2007/11/13 14:28:17 | 00,657,511 | -HS- | C] () -- C:\WINDOWS\System32\lgchiwfu.ini
[2007/11/12 14:29:13 | 00,590,425 | -HS- | C] () -- C:\WINDOWS\System32\wppqbsdg.ini
[2007/11/11 14:25:17 | 00,590,356 | -HS- | C] () -- C:\WINDOWS\System32\libsxugi.ini
[2007/11/10 11:47:11 | 00,584,505 | -HS- | C] () -- C:\WINDOWS\System32\jtqtytxa.ini
[2007/11/07 22:20:21 | 00,555,154 | -HS- | C] () -- C:\WINDOWS\System32\yftmfhwr.ini
[2007/11/06 18:47:02 | 00,566,421 | -HS- | C] () -- C:\WINDOWS\System32\kagfdgts.ini
[2007/11/04 13:38:30 | 00,564,945 | -HS- | C] () -- C:\WINDOWS\System32\brgeysjm.ini
[2007/11/03 18:52:19 | 00,577,062 | -HS- | C] () -- C:\WINDOWS\System32\pscsilyj.ini
[2007/11/03 12:23:33 | 00,576,914 | -HS- | C] () -- C:\WINDOWS\System32\rakubsvt.ini
[2007/11/02 15:30:27 | 00,007,634 | -HS- | C] () -- C:\WINDOWS\System32\xybeg.ini
[2007/11/02 13:25:22 | 00,006,473 | -HS- | C] () -- C:\WINDOWS\System32\rqtwa.ini
[2007/11/01 01:14:19 | 00,579,438 | -HS- | C] () -- C:\WINDOWS\System32\gfqlbqgh.ini
[2007/10/31 13:05:15 | 00,000,321 | -HS- | C] () -- C:\WINDOWS\System32\rtstv.ini
[2007/10/30 14:17:40 | 00,584,544 | -HS- | C] () -- C:\WINDOWS\System32\lkkkfvig.ini
[2007/09/19 18:28:49 | 00,693,484 | -HS- | C] () -- C:\WINDOWS\System32\vlhsolfj.ini
[2007/09/19 00:56:33 | 00,693,484 | -HS- | C] () -- C:\WINDOWS\System32\mbowndss.ini2
[2007/09/19 00:56:32 | 01,966,150 | -HS- | C] () -- C:\WINDOWS\System32\qpqss.ini2
[2007/09/19 00:39:11 | 00,693,484 | -HS- | C] () -- C:\WINDOWS\System32\mbowndss.ini
[2007/09/18 23:06:50 | 00,693,521 | -HS- | C] () -- C:\WINDOWS\System32\cnralvtv.ini
[2007/09/18 22:58:21 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\cody\Local Settings\Application Data\fusioncache.dat
[2007/09/18 13:21:00 | 02,032,926 | -HS- | C] () -- C:\WINDOWS\System32\qpqss.ini
[2007/08/08 23:44:23 | 00,000,345 | -HS- | C] () -- C:\WINDOWS\System32\gmeaysph.ini
[2007/08/06 00:38:21 | 00,000,345 | -HS- | C] () -- C:\WINDOWS\System32\aitdhfrk.ini
[2007/08/05 14:21:08 | 00,000,345 | -HS- | C] () -- C:\WINDOWS\System32\dxpfjieg.ini
[2007/07/27 18:49:52 | 01,282,750 | -HS- | C] () -- C:\WINDOWS\System32\avbxuomj.ini
[2007/07/26 23:09:03 | 00,000,806 | -HS- | C] () -- C:\WINDOWS\System32\dqpqoqqc.ini
[2007/07/26 22:34:28 | 01,215,964 | -HS- | C] () -- C:\WINDOWS\System32\jhcbssqp.ini
[2007/07/24 02:51:02 | 00,058,665 | -HS- | C] () -- C:\WINDOWS\System32\oqstv.ini
[2007/07/23 21:57:11 | 00,012,857 | -HS- | C] () -- C:\WINDOWS\System32\nqtss.ini
[2007/07/23 20:38:18 | 00,008,359 | -HS- | C] () -- C:\WINDOWS\System32\kjjlm.ini
[2007/07/23 16:47:55 | 00,006,511 | -HS- | C] () -- C:\WINDOWS\System32\vvvwa.ini
[2007/07/22 02:24:53 | 00,008,656 | -HS- | C] () -- C:\WINDOWS\System32\ehhkj.ini
[2007/07/18 16:00:00 | 01,138,123 | -HS- | C] () -- C:\WINDOWS\System32\ajvgyewo.ini
[2007/07/18 15:08:57 | 01,125,209 | -HS- | C] () -- C:\WINDOWS\System32\mrallwtu.ini
[2007/07/17 15:06:58 | 01,125,140 | -HS- | C] () -- C:\WINDOWS\System32\lcrntfqp.ini
[2007/07/16 21:57:51 | 00,424,560 | -HS- | C] () -- C:\WINDOWS\System32\hjjlm.ini
[2007/07/16 21:56:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\byxxxvw.dll
[2007/06/17 14:01:37 | 00,930,756 | -HS- | C] () -- C:\WINDOWS\System32\cbivmtip.ini
[2007/06/17 13:07:54 | 00,921,768 | -HS- | C] () -- C:\WINDOWS\System32\irfiprsu.ini
[2007/06/16 13:27:34 | 00,921,767 | -HS- | C] () -- C:\WINDOWS\System32\xxrpevxv.ini
[2007/06/15 22:13:03 | 00,921,797 | -HS- | C] () -- C:\WINDOWS\System32\kyruodik.ini
[2007/06/15 16:58:11 | 00,921,768 | -HS- | C] () -- C:\WINDOWS\System32\hmigfpdp.ini
[2007/06/14 17:00:43 | 00,921,857 | -HS- | C] () -- C:\WINDOWS\System32\lgurmtvv.ini
[2007/06/13 15:29:29 | 00,000,345 | -HS- | C] () -- C:\WINDOWS\System32\mkrfjbyf.ini
[2007/06/05 21:06:08 | 01,105,765 | -HS- | C] () -- C:\WINDOWS\System32\ytffwqbr.ini
[2007/06/05 20:30:01 | 01,105,687 | -HS- | C] () -- C:\WINDOWS\System32\xdmtsuce.ini
[2007/06/04 14:28:42 | 01,105,936 | -HS- | C] () -- C:\WINDOWS\System32\kypjrckl.ini
[2007/06/02 01:01:04 | 00,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/06/01 22:10:40 | 01,597,627 | -HS- | C] () -- C:\WINDOWS\System32\mmllm.ini2
[2007/06/01 12:41:43 | 01,101,019 | -HS- | C] () -- C:\WINDOWS\System32\orwrdfkp.ini
[2007/05/30 14:15:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\j7251232.dll
[2007/05/30 13:59:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\j7271831.dll
[2007/05/30 13:57:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\j9221339.dll
[2007/05/30 13:54:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\j7291236.dll
[2007/05/30 13:53:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\j9291733.dll
[2007/05/29 19:45:49 | 01,560,726 | -HS- | C] () -- C:\WINDOWS\System32\mmllm.ini
[2007/05/28 23:36:59 | 01,100,906 | -HS- | C] () -- C:\WINDOWS\System32\sfkejjxx.ini
[2007/05/28 23:22:13 | 00,000,486 | ---- | C] () -- C:\Program Files\Common Files\laxur
[2007/05/08 20:14:02 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/04/30 11:06:24 | 00,000,142 | ---- | C] () -- C:\Program Files\Common Files\prohdyg.html
[2007/03/29 16:12:59 | 00,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/30 10:30:30 | 00,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBTEDrv.sys
[2006/06/12 15:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/06/12 15:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/06/12 15:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/06/12 15:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/06/12 15:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/06/12 15:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/06/12 15:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/06/12 15:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/06/12 15:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/04/22 19:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/09/11 00:58:25 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/09/03 18:44:07 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/09/03 18:44:07 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/09/03 18:44:07 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/09/03 14:38:37 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\cody\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/29 21:08:15 | 00,000,211 | ---- | C] () -- C:\WINDOWS\MicroCase.INI
[2005/08/17 19:01:56 | 00,000,070 | ---- | C] () -- C:\WINDOWS\init.ini
[2005/08/17 16:41:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/07/30 15:17:25 | 00,019,672 | ---- | C] () -- C:\Documents and Settings\cody\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/07/30 14:26:51 | 00,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2005/07/30 14:25:54 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2005/07/19 14:01:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\cody\Application Data\desktop.ini
[2005/07/19 14:01:25 | 08,071,442 | -H-- | C] () -- C:\Documents and Settings\cody\Local Settings\Application Data\IconCache.db
[2005/07/05 13:02:02 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/05 12:59:31 | 00,010,610 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/05 12:58:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/05 12:55:41 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/07/05 12:36:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/07/05 12:35:54 | 00,000,371 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/03 09:20:12 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/23 04:09:06 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/16 00:57:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 09:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/11 18:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/11 18:00:37 | 00,000,782 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 18:00:35 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/11 18:00:25 | 00,407,040 | ---- | C] () -- C:\WINDOWS\System32\zciqgdnq.dll
[2004/08/11 18:00:25 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\wcgqjnb.dll.bak
[2004/07/21 11:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/16 08:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/30 09:33:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Unicode (All) ==========
[2007/11/16 14:03:10 | 00,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft) -- C:\WINDOWS\System32\Міcrosoft
[2007/11/16 14:02:04 | 00,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft) -- C:\WINDOWS\System32\Міcrosoft

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 10/30/2009 10:58:23 PM - Run 1
OTL by OldTimer - Version 3.1.1.5 Folder = C:\Documents and Settings\cody\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 151.29 Mb Available Physical Memory | 14.78% Memory free
2.40 Gb Paging File | 1.60 Gb Available in Paging File | 66.59% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 25.52 Gb Free Space | 34.28% Space Free | Partition Type: NTFS
Drive D: | 4.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJCMGT71
Current User Name: cody
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009
"48973:TCP" = 48973:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009
"53:UDP" = 53:UDP:*:Enabled:Promo
"48973:TCP" = 48973:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe" = C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe -- (Bradford Networks)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Symantec AntiVirus\Rtvscan.exe" = C:\Program Files\Symantec AntiVirus\Rtvscan.exe:*:Enabled:Symantec AntiVirus -- (Symantec Corporation)
"C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE" = C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE:*:Enabled:Symantec LiveUpdate -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe" = C:\Program Files\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe:*:Enabled:fpupdate -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe" = C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe -- (Bradford Networks)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe" = C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds -- (LucasArts Entertainment Company LLC)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Symantec AntiVirus\Rtvscan.exe" = C:\Program Files\Symantec AntiVirus\Rtvscan.exe:*:Enabled:Symantec AntiVirus -- (Symantec Corporation)
"C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE" = C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE:*:Enabled:Symantec LiveUpdate -- (Symantec Corporation)
"C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe" = C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns -- File not found
"C:\Documents and Settings\cody\Local Settings\Temp\bleep3.exe" = C:\Documents and Settings\cody\Local Settings\Temp\bleep3.exe:*:Enabled:Promo -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{588D523F-4828-4285-9E33-AD1A6AED30D1}" = Client Security Agent
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7A5E68D5-DEA7-4067-B191-B4AE756C057B}" = STOPzilla
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A202BDBA-753F-41B9-B649-CFB0B45FC03E}" = Star Wars Galactic Battlegrounds
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DDD12041-D01C-437B-B851-295BB69D23AF}" = AoSW JCW First Release 003
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AGEIA PhysX v2.4.4" = AGEIA PhysX v2.4.4
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Explorer" = AOL Explorer
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"AskSBar Uninstall" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"BitLord" = BitLord 1.1
"buySAFEShoppingAdvisor" = Shopping Advisor
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"DivX Codec" = DivX Pro Codec
"EPSON Printer and Utilities" = EPSON Printer Software
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ffdshow" = ffdshow (remove only)
"GTK 2.0" = GTK+ Runtime 2.6.10 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"LG USB Drivers" = LG USB Drivers
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Mplayer.com" = Mplayer.com
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PrintKey2000" = PrintKey2000
"ProInst" = Intel® PROSet/Wireless Software
"RegCure" = RegCure 2.0.0.0
"ShockwaveFlash" = Macromedia Flash Player 8
"Starcraft" = Starcraft
"UEAW v3.2.2" = UEAW v3.2.2
"UEAW v4 " = UEAW v4
"VCast Music Essentials Manager" = V CAST Music Essentials Manager
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3407942167-684518245-2411111340-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2009 12:44:05 AM | Computer Name = DJCMGT71 | Source = Application Hang | ID = 1002
Description = Hanging application iFrmewrk.exe, version 9.0.1.19, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/14/2009 12:44:06 AM | Computer Name = DJCMGT71 | Source = Application Hang | ID = 1002
Description = Hanging application iFrmewrk.exe, version 9.0.1.19, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/17/2009 6:02:44 PM | Computer Name = DJCMGT71 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 10/17/2009 6:08:04 PM | Computer Name = DJCMGT71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/17/2009 6:08:11 PM | Computer Name = DJCMGT71 | Source = Application Hang | ID = 1001
Description = Fault bucket 1437517761.

Error - 10/20/2009 4:18:45 PM | Computer Name = DJCMGT71 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2009 1:37:45 AM | Computer Name = DJCMGT71 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 10/30/2009 10:54:37 PM | Computer Name = DJCMGT71 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.1.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 10:57:21 PM | Computer Name = DJCMGT71 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.1.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 10:57:28 PM | Computer Name = DJCMGT71 | Source = Application Hang | ID = 1001
Description = Fault bucket 1535381046.

[ System Events ]
Error - 10/29/2009 11:02:41 PM | Computer Name = DJCMGT71 | Source = Service Control Manager | ID = 7000
Description = The PC Tools Auxiliary Service service failed to start due to the
following error: %%3

Error - 10/29/2009 11:02:41 PM | Computer Name = DJCMGT71 | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%3

Error - 10/29/2009 11:02:41 PM | Computer Name = DJCMGT71 | Source = Service Control Manager | ID = 7000
Description = The szkg service failed to start due to the following error: %%2

Error - 10/29/2009 11:02:41 PM | Computer Name = DJCMGT71 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5

Error - 10/29/2009 11:07:17 PM | Computer Name = DJCMGT71 | Source = Service Control Manager | ID = 7000
Description = The szkg service failed to start due to the following error: %%2

Error - 10/30/2009 8:17:47 PM | Computer Name = DJCMGT71 | Source = Service Control Manager | ID = 7000
Description = The PC Tools Auxiliary Service service failed to start due to the
following error: %%3

Error - 10/30/2009 8:17:47 PM | Computer Name = DJCMGT71 | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%3

Error - 10/30/2009 8:17:47 PM | Computer Name = DJCMGT71 | Source = Service Control Manager | ID = 7000
Description = The szkg service failed to start due to the following error: %%2

Error - 10/30/2009 8:17:48 PM | Computer Name = DJCMGT71 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5

Error - 10/30/2009 8:18:11 PM | Computer Name = DJCMGT71 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:05 PM

Posted 31 October 2009 - 09:23 AM

Hi,

please run ComboFix and post the log in your next reply:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 cody10

cody10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 01 November 2009 - 02:06 PM

ComboFix 09-10-30.01 - cody 11/01/2009 13:38.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.251 [GMT -5:00]
Running from: c:\documents and settings\cody\My Documents\Downloads\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\cody\Favorites\Download programs.url
c:\documents and settings\cody\Favorites\Games.url
c:\documents and settings\cody\Favorites\Translator.url
c:\documents and settings\cody\Favorites\Videos.url
c:\documents and settings\cody\Start Menu\Programs\Games.url
c:\documents and settings\cody\Start Menu\Programs\Translator.url
c:\documents and settings\cody\Start Menu\Programs\Videos.url
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\BMebe2ed7a.txt
c:\windows\system32\aitdhfrk.ini
c:\windows\system32\ajvgyewo.ini
c:\windows\system32\avbxuomj.ini
c:\windows\system32\brgeysjm.ini
c:\windows\system32\byxxxvw.dll
c:\windows\system32\cbivmtip.ini
c:\windows\system32\cgrcjiuo.ini
c:\windows\system32\cjqjiykn.ini
c:\windows\system32\cnralvtv.ini
c:\windows\system32\dfhkj.ini
c:\windows\system32\dqpqoqqc.ini
c:\windows\system32\drivers\niqmvkgv.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\ssfuintq.sys
c:\windows\system32\dvfscahk.ini
c:\windows\system32\dxpfjieg.ini
c:\windows\system32\ehhkj.bak1
c:\windows\system32\ehhkj.ini
c:\windows\system32\eyacrime.ini
c:\windows\system32\fgjlm.bak1
c:\windows\system32\gfqlbqgh.ini
c:\windows\system32\ghkmp.bak1
c:\windows\system32\ghkmp.ini
c:\windows\system32\gmeaysph.ini
c:\windows\system32\gpklmesh.ini
c:\windows\system32\hjjlm.bak1
c:\windows\system32\hjjlm.bak2
c:\windows\system32\hjjlm.ini
c:\windows\system32\hmigfpdp.ini
c:\windows\system32\idfruxvy.ini
c:\windows\system32\ilnmp.bak1
c:\windows\system32\ilnmp.ini
c:\windows\system32\imaaocwp.ini
c:\windows\system32\ipqrufka.ini
c:\windows\system32\irfiprsu.ini
c:\windows\system32\iydaeesy.ini
c:\windows\system32\j7251232.dll
c:\windows\system32\j7271831.dll
c:\windows\system32\j7291236.dll
c:\windows\system32\j9221339.dll
c:\windows\system32\j9291733.dll
c:\windows\system32\jcvlhave.ini
c:\windows\system32\jhcbssqp.ini
c:\windows\system32\jjjlm.bak1
c:\windows\system32\jjjlm.bak2
c:\windows\system32\jjjlm.ini
c:\windows\system32\jjjlm.ini2
c:\windows\system32\jjjlm.tmp
c:\windows\system32\jlkkj.bak1
c:\windows\system32\jlnmp.bak1
c:\windows\system32\jlnmp.bak2
c:\windows\system32\jlnmp.tmp
c:\windows\system32\jtqtytxa.ini
c:\windows\system32\kagfdgts.ini
c:\windows\system32\kjjlm.bak1
c:\windows\system32\kjjlm.ini
c:\windows\system32\kmiduckt.ini
c:\windows\system32\kypjrckl.ini
c:\windows\system32\kyruodik.ini
c:\windows\system32\lcrntfqp.ini
c:\windows\system32\lgchiwfu.ini
c:\windows\system32\lgurmtvv.ini
c:\windows\system32\libsxugi.ini
c:\windows\system32\lkkkfvig.ini
c:\windows\system32\llnmp.bak1
c:\windows\system32\lowsec
c:\windows\system32\mbowndss.ini
c:\windows\system32\mbowndss.ini2
c:\windows\system32\mjrjwrud.ini
c:\windows\system32\mkrfjbyf.ini
c:\windows\system32\mmllm.bak2
c:\windows\system32\mmllm.ini
c:\windows\system32\mmllm.ini2
c:\windows\system32\mmllm.tmp
c:\windows\system32\mrallwtu.ini
c:\windows\system32\njdcgahw.ini
c:\windows\system32\njgrcvm.dll
c:\windows\system32\nmllm.bak1
c:\windows\system32\nqtss.bak1
c:\windows\system32\nqtss.ini
c:\windows\system32\ooswhxsb.ini
c:\windows\system32\oqstv.bak1
c:\windows\system32\oqstv.bak2
c:\windows\system32\oqstv.ini
c:\windows\system32\orwrdfkp.ini
c:\windows\system32\Packet.dll
c:\windows\system32\phjwwejj.ini
c:\windows\system32\picjjods.ini
c:\windows\system32\pscsilyj.ini
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qpqss.bak1
c:\windows\system32\qpqss.bak2
c:\windows\system32\qpqss.ini
c:\windows\system32\qpqss.ini2
c:\windows\system32\qpqss.tmp2
c:\windows\system32\rakubsvt.ini
c:\windows\system32\rqtwa.bak1
c:\windows\system32\rqtwa.ini
c:\windows\system32\rtstv.ini
c:\windows\system32\sfkejjxx.ini
c:\windows\system32\sqvrxmca.ini
c:\windows\system32\suvmugby.ini
c:\windows\system32\svuqhkke.ini
c:\windows\system32\ugvvxghr.ini
c:\windows\system32\uhlpdwug.ini
c:\windows\system32\vlhsolfj.ini
c:\windows\system32\vvvwa.bak1
c:\windows\system32\vvvwa.ini
c:\windows\system32\vxeeqnsg.ini
c:\windows\system32\WanPacket.dll
c:\windows\system32\wcgqjnb.dll
c:\windows\system32\wiujqluf.ini
c:\windows\system32\wpcap.dll
c:\windows\system32\wppqbsdg.ini
c:\windows\system32\wtjxjvpo.ini
c:\windows\system32\xdmtsuce.ini
c:\windows\system32\xipvvkeq.ini
c:\windows\system32\xtgkhhqm.ini
c:\windows\system32\xxrpevxv.ini
c:\windows\system32\xybeg.bak1
c:\windows\system32\xybeg.ini
c:\windows\system32\yftmfhwr.ini
c:\windows\system32\ytffwqbr.ini
c:\windows\system32\ytgsjbtr.ini
c:\windows\system32\zciqgdnq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FSWISZLK
-------\Legacy_NETDDEDSMA
-------\Legacy_NPF
-------\Legacy_NWCWORKSTATION
-------\Legacy_SSFUINTQ
-------\Service_fswiszlk
-------\Service_npf
-------\Service_NWCWorkstation
-------\Service_ssfuintq


((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 18:36 . 2009-11-01 18:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\xzzkrtlv
2009-11-01 18:36 . 2009-11-01 18:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\xzzkrtlv
2009-11-01 18:14 . 2009-11-01 18:14 -------- d-----w- c:\documents and settings\cody\Local Settings\Application Data\xzzkrtlv
2009-11-01 18:14 . 2009-11-01 18:14 -------- d-----w- c:\documents and settings\cody\Application Data\xzzkrtlv
2009-10-11 19:23 . 2009-10-11 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-10-11 19:23 . 2009-10-23 02:55 -------- d-----w- c:\program files\RegCure
2009-10-11 19:04 . 2009-10-11 19:04 -------- d-sh--w- c:\documents and settings\cody\PrivacIE
2009-10-11 18:51 . 2009-10-11 18:51 -------- d-----w- C:\STOPzilla!
2009-10-04 19:26 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 18:17 . 2009-01-07 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-11 19:05 . 2009-01-07 06:44 -------- d-----w- c:\documents and settings\cody\Application Data\buySAFEShoppingAdvisor
2009-10-02 07:20 . 2008-04-02 23:32 -------- d-----w- c:\documents and settings\cody\Application Data\uTorrent
2009-09-27 19:21 . 2005-07-05 16:53 -------- d-----w- c:\program files\Java
2009-09-27 19:19 . 2009-09-27 19:19 152576 ----a-w- c:\documents and settings\cody\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-11 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2004-08-11 22:12 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-11 22:12 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-07-24 19:32 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-11 22:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-11 22:12 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-11 22:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-11 22:12 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-11 22:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-11 22:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 03:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-01-07 21:47 . 2008-01-07 21:47 10 ----a-w- c:\program files\.autoreg
2007-05-29 03:22 . 2007-05-29 03:22 486 ----a-w- c:\program files\Common Files\laxur
2007-04-30 15:06 . 2007-04-30 15:06 142 ----a-w- c:\program files\Common Files\prohdyg.html
2008-01-07 21:47 . 2008-01-07 21:47 69632 ----a-w- c:\program files\mozilla firefox\components\ffwt.dll
2007-09-18 16:15 . 2007-09-18 16:15 124 --sha-w- c:\windows\system32\cbeeg.tmp
2008-02-10 17:07 . 2008-02-10 17:04 179664 --sh--w- c:\windows\system32\jjkkj.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2007-09-20 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-09-20 18:22 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-07 344064]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"HostManager"="c:\program files\Common Files\AOL\1131734091\ee\AOLHostManager.exe" [2005-08-02 159832]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"hcsystray"="c:\program files\Kuma Games\hcsystray\hc_tray.exe" [2006-11-02 30928]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"bncsaui.exe"="c:\program files\Bradford Networks\Client Security Agent\bncsaui.exe" [2008-02-23 1924488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\cody\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe [2008-1-15 446464]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-5 24576]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2009-3-3 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Bradford Networks\Client Security Agent\bndaemon.exe"= c:\program files\Bradford Networks\Client Security Agent\bndaemon.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_2.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo
"48973:TCP"= 48973:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 BNPagent;Client Security Agent Service;c:\program files\Bradford Networks\Client Security Agent\bndaemon.exe [2/23/2008 12:32 PM 2645384]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 11:40 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/6/2009 8:46 PM 102448]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [7/5/2005 11:36 AM 80384]
S0 szkg5;szkg;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S2 sdAuxService;PC Tools Auxiliary Service; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*NewlyCreated* - SSFUINTQ
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - ssfuintq
.
Contents of the 'Scheduled Tasks' folder

2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-11-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-11-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-11-01 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-10-23 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FF - ProfilePath - c:\documents and settings\cody\Application Data\Mozilla\Firefox\Profiles\ys8ss58g.Cody Watson\
FF - component: c:\program files\Mozilla Firefox\components\ffwt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: XUL Cache: {AF75036D-ED05-4EFE-BB41-B36FDC850405} - c:\documents and settings\cody\Local Settings\Application Data\{AF75036D-ED05-4EFE-BB41-B36FDC850405}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{05748C10-A6AD-464F-9B43-5F7942131EE3} - c:\windows\system32\zciqgdnq.dll
BHO-{8963C3D0-92A9-4B89-8F31-BE9AC9145831} - (no file)
Toolbar-SITEguard - (no file)
HKLM-Run-j9221830 - c:\windows\system32\j9221830.dll
HKLM-Run-RegistryMechanic - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 13:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP00000025CFF0B4C94E270373 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SNDSrvc]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SYMTDI]
"ImagePath"="-"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(988)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

- - - - - - - > 'explorer.exe'(2584)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Apoint\Apntex.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\basfipm.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\fxssvc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-01 13:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 18:55
ComboFix2.txt 2008-03-09 01:47
ComboFix3.txt 2008-03-08 23:08

Pre-Run: 27,512,434,688 bytes free
Post-Run: 27,664,355,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - B76BF29518CB84A0AE91A5071264BBB8

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:05 PM

Posted 01 November 2009 - 03:04 PM

Hi,

this doesn't look to bad.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 cody10

cody10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 01 November 2009 - 07:56 PM

Thanks for all the help!


GooredFix by jpshortstuff (24.09.09.1)
Log created at 19:54 on 01/11/2009 (cody)
Firefox version 3.5.4 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{AF75036D-ED05-4EFE-BB41-B36FDC850405} -> Success!
Deleting C:\Documents and Settings\cody\Local Settings\Application Data\{AF75036D-ED05-4EFE-BB41-B36FDC850405} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:41 31/10/2005]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [01:30 09/03/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [16:20 10/07/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [19:21 27/09/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:20 10/07/2009]

-=E.O.F=-

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:05 PM

Posted 02 November 2009 - 04:25 AM

Hi,

gooredfix worked well. :( Combofix also took care of a lot of malware, but there are a couple of things left:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files\.autoreg
c:\program files\Common Files\laxur
c:\program files\Common Files\prohdyg.html
c:\program files\mozilla firefox\components\ffwt.dll
c:\windows\system32\cbeeg.tmp
c:\windows\system32\jjkkj.tmp
Folder::
c:\documents and settings\NetworkService\Local Settings\Application Data\xzzkrtlv
c:\documents and settings\NetworkService\Application Data\xzzkrtlv
c:\documents and settings\cody\Local Settings\Application Data\xzzkrtlv
c:\documents and settings\cody\Application Data\xzzkrtlv

Driver::
szkg5


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 cody10

cody10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 02 November 2009 - 11:45 PM

ComboFix 09-10-30.01 - cody 11/02/2009 16:01.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.488 [GMT -5:00]
Running from: c:\documents and settings\cody\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\cody\My Documents\Downloads\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\program files\.autoreg"
"c:\program files\Common Files\laxur"
"c:\program files\Common Files\prohdyg.html"
"c:\program files\mozilla firefox\components\ffwt.dll"
"c:\windows\system32\cbeeg.tmp"
"c:\windows\system32\jjkkj.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\cody\Application Data\xzzkrtlv
c:\documents and settings\cody\Application Data\xzzkrtlv\profiles.ini
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\cert8.db
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\compatibility.ini
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\compreg.dat
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\cookies.sqlite
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\formhistory.sqlite
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\key3.db
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\localstore.rdf
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\permissions.sqlite
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\places.sqlite-journal
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\places.sqlite
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\pluginreg.dat
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\prefs.js
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\secmod.db
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\webappsstore.sqlite
c:\documents and settings\cody\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\xpti.dat
c:\documents and settings\cody\Local Settings\Application Data\xzzkrtlv
c:\documents and settings\cody\Local Settings\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\urlclassifier3.sqlite
c:\documents and settings\cody\Local Settings\Application Data\xzzkrtlv\Profiles\3vlf0i3z.default\XPC.mfl
c:\documents and settings\NetworkService\Application Data\xzzkrtlv
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\profiles.ini
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\cert8.db
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\compatibility.ini
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\compreg.dat
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\cookies.sqlite
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\formhistory.sqlite
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\key3.db
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\localstore.rdf
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\permissions.sqlite
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\places.sqlite-journal
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\places.sqlite
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\pluginreg.dat
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\prefs.js
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\secmod.db
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\webappsstore.sqlite
c:\documents and settings\NetworkService\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\xpti.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\xzzkrtlv
c:\documents and settings\NetworkService\Local Settings\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\urlclassifier3.sqlite
c:\documents and settings\NetworkService\Local Settings\Application Data\xzzkrtlv\Profiles\7n7xxyo8.default\XPC.mfl
c:\program files\.autoreg
c:\program files\Common Files\laxur
c:\program files\Common Files\prohdyg.html
c:\program files\mozilla firefox\components\ffwt.dll
c:\windows\system32\cbeeg.tmp
c:\windows\system32\jjkkj.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5
-------\Service_szkg5


((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-10-11 19:23 . 2009-10-11 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-10-11 19:23 . 2009-10-23 02:55 -------- d-----w- c:\program files\RegCure
2009-10-11 19:04 . 2009-10-11 19:04 -------- d-sh--w- c:\documents and settings\cody\PrivacIE
2009-10-11 18:51 . 2009-10-11 18:51 -------- d-----w- C:\STOPzilla!
2009-10-04 19:26 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 20:47 . 2009-01-07 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-11 19:05 . 2009-01-07 06:44 -------- d-----w- c:\documents and settings\cody\Application Data\buySAFEShoppingAdvisor
2009-10-02 07:20 . 2008-04-02 23:32 -------- d-----w- c:\documents and settings\cody\Application Data\uTorrent
2009-09-27 19:21 . 2005-07-05 16:53 -------- d-----w- c:\program files\Java
2009-09-27 19:19 . 2009-09-27 19:19 152576 ----a-w- c:\documents and settings\cody\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-11 22:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-11 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2004-08-11 22:12 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-11 22:12 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-07-24 19:32 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-11 22:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-11 22:12 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-11 22:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-11 22:12 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-11 22:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-11 22:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-01_18.49.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 22:00 . 2009-11-01 18:54 54682 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2009-11-01 18:08 54682 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2009-11-01 18:54 385164 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2009-11-01 18:08 385164 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2007-09-20 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-09-20 18:22 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-07 344064]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"HostManager"="c:\program files\Common Files\AOL\1131734091\ee\AOLHostManager.exe" [2005-08-02 159832]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"hcsystray"="c:\program files\Kuma Games\hcsystray\hc_tray.exe" [2006-11-02 30928]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"bncsaui.exe"="c:\program files\Bradford Networks\Client Security Agent\bncsaui.exe" [2008-02-23 1924488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\cody\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe [2008-1-15 446464]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-5 24576]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2009-3-3 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Bradford Networks\Client Security Agent\bndaemon.exe"= c:\program files\Bradford Networks\Client Security Agent\bndaemon.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_2.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo
"48973:TCP"= 48973:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 BNPagent;Client Security Agent Service;c:\program files\Bradford Networks\Client Security Agent\bndaemon.exe [2/23/2008 12:32 PM 2645384]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 11:40 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/6/2009 8:46 PM 102448]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [7/5/2005 11:36 AM 80384]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S2 sdAuxService;PC Tools Auxiliary Service; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-11-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-11-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-11-02 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-10-23 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FF - ProfilePath - c:\documents and settings\cody\Application Data\Mozilla\Firefox\Profiles\ys8ss58g.Cody Watson\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 16:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SNDSrvc]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SYMTDI]
"ImagePath"="-"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1176)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

- - - - - - - > 'explorer.exe'(2472)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Common Files\AOL\1131734091\ee\AOLServiceHost.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\basfipm.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-02 16:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 21:18
ComboFix2.txt 2009-11-01 18:55
ComboFix3.txt 2008-03-09 01:47
ComboFix4.txt 2008-03-08 23:08

Pre-Run: 27,592,896,512 bytes free
Post-Run: 27,620,876,288 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - EAFAB334C33C4B894791E8963F8845A8

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:05 PM

Posted 03 November 2009 - 03:56 PM

Hi,

how is your PC behaving now?

Please run a scan with malwarebytes and let me know what it found:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 cody10

cody10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 03 November 2009 - 05:19 PM

Malwarebytes' Anti-Malware 1.41
Database version: 3095
Windows 5.1.2600 Service Pack 3

11/3/2009 5:18:58 PM
mbam-log-2009-11-03 (17-18-58).txt

Scan type: Quick Scan
Objects scanned: 108374
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 49

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorSweeper (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\cody\Application Data\ErrorSweeper (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Documents and Settings\cody\Application Data\ErrorSweeper\Log (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Documents and Settings\cody\Application Data\ErrorSweeper\Registry Backups (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\Microsoft.VC80.CRT (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\Microsoft.VC80.MFC (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
C:\Documents and Settings\cody\Application Data\ErrorSweeper\Log\2008 Feb 17 - 03_24_13 PM_046.log (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Documents and Settings\cody\Application Data\ErrorSweeper\Log\2008 Feb 17 - 03_28_50 PM_265.log (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Documents and Settings\cody\Application Data\ErrorSweeper\Registry Backups\2008-02-15_00-00-29.reg (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\DataBase.ref (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\ErrorSweeper.url (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\Launcher.exe (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\RegCleaner.dll (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\TCL.dll (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\zlib.dll (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\Microsoft.VC80.CRT\msvcp80.dll (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\Microsoft.VC80.CRT\msvcr80.dll (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\Microsoft.VC80.MFC\mfc80.dll (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSweeper\Microsoft.VC80.MFC\Microsoft.VC80.MFC.manifest (Rogue.ErrorSweeper) -> Quarantined and deleted successfully.
C:\WINDOWS\aazalirt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dkekkrkska.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dkewiizkjdks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iddqdops.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ienotas.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iqmcnoeqz.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\irprokwks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\jikglond.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\jiklagka.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\jrjakdsd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\jungertab.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\kitiiwhaas.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\kkwknrbsggeg.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\klopnidret.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\krkdkdkee.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\krkmahejdk.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\krtawefg.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\krujmmwlrra.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ktknamwerr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\kuruhccdsdd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ooorjaas.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\oranerkka.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\oropbbsee.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\otnnbektre.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\otowjdseww.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\otpeppggq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rkaskssd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ronitfst.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\salrtybek.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\seeukluba.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\skaaanret.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\tobmygers.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\tobykke.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zibaglertz.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:05 PM

Posted 03 November 2009 - 05:38 PM

Which problems are you still having with your pC?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 cody10

cody10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 03 November 2009 - 09:16 PM

currently it doesn't look like I am having any. whenever I start up, I am no longer getting the windows32 not found message. I also have not experienced a win logon crash in nearly a week. no other error messages or signs of infection have crept up.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:05 PM

Posted 05 November 2009 - 08:23 AM

Hi,

I'm glad to hear this. :( Just to be safe I would like to run an online scan with Eset:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 cody10

cody10
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 06 November 2009 - 02:28 AM

C:\Documents and Settings\cody\My Documents\installer-64402-19-Adobe-Flash-Player-IE-AOL-English.exe a variant of Win32/Downloader.Ircfast application cleaned by deleting - quarantined
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application cleaned by deleting (after the next restart) - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\adeeg.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\adeeg.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\aitdhfrk.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ajvgyewo.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\aqtuarpl.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\asrqaner.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\atfjfktu.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\avbxuomj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\aybeg.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\aybeg.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\bdgocccg.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\bdkrrepp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\bkgqymod.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\bmwemxsk.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\brgeysjm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\bwrtmacy.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\cbeeg.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\cbivmtip.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\cgrcjiuo.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\cjqjiykn.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\cnralvtv.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\cqbdwjoo.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\dccdd.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\dccdd.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\dfhkj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\dqpqoqqc.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\dvfscahk.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\dxpfjieg.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ehhkj.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ehhkj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ehkmp.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ehkmp.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ehkmp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ejtevagj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\eyacrime.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\fdvdsckx.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\fgjlm.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\gbtudqcr.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\geksraqq.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\gfhkj.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\gfhkj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\gfqlbqgh.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ghkmp.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ghkmp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\gixkuopr.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\gjjlm.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\gjjlm.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\gjjlm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\gmeaysph.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\gpklmesh.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\gqbxnnvo.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\hjjlm.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\hjjlm.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\hjjlm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\hmigfpdp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\honmibsk.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\idfruxvy.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ijkmp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ikiqdnxk.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ilnmp.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ilnmp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\imaaocwp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ipqrufka.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\irfiprsu.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ivnyjvlu.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\iydaeesy.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jcvlhave.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jhcbssqp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jjjlm.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jjjlm.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jjjlm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jjjlm.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jjjlm.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jjkkj.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jjujbyuw.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhgibja.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jlkkj.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jlnmp.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jlnmp.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jlnmp.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jqrgdcwf.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\jtqtytxa.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\kagfdgts.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\kjjlm.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\kjjlm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\klnmp.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\klnmp.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\klnmp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\kmiduckt.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\krvbeata.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\kvqrupuu.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\kypjrckl.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\kyruodik.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\lcrntfqp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\lgchiwfu.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\lgurmtvv.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\libsxugi.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\lkkkfvig.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\llnmp.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\llnmp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\lxosiqlm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\mbowndss.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\mbowndss.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\mfmueklu.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\mjrjwrud.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\mkrfjbyf.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\mmllm.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\mmllm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\mmllm.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\mmllm.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\mrallwtu.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\mwrpoern.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\nevlninr.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\njdcgahw.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\nmhyjwte.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\nmllm.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\npqss.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\npqss.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\npqss.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\npqss.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\nqtss.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\nqtss.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\onnmp.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\onnmp.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\onnmp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ooswhxsb.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\oqstv.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\oqstv.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\oqstv.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\orhmcmpq.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\orwrdfkp.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ouajmqed.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\phjwwejj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\picjjods.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\prmkguco.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\pscsilyj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\qatiwkll.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\qpqss.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\qpqss.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\qpqss.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\qpqss.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\qpqss.tmp2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\qtutv.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\qtutv.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\rakubsvt.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\rkjyfejm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\rnkmecth.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\rocikatc.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\rqtwa.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\rqtwa.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\rtstv.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ryrygxdh.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\sdmfulcw.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\sdmfulcw.tmp2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\sfkejjxx.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\sqvrxmca.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\stvwa.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\stvwa.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\stvwa.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\stvwa.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\stvwa.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\suvmugby.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\svuqhkke.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\tkyfahgd.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\toihhufx.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\tpwqcqrs.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\twafbnve.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\udubtuqj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ugvvxghr.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\uhlpdwug.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\vasobsfm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\vlhsolfj.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\vtqayfpl.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\vvvwa.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\vvvwa.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\vxeeqnsg.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\vybeg.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\vybeg.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\wiujqluf.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\wppqbsdg.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\wtjxjvpo.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\wybeg.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\wybeg.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\xdmtsuce.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\xipvvkeq.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\xjkxtuad.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\xtgkhhqm.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\xxrpevxv.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\xybeg.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\xybeg.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\yftmfhwr.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ytffwqbr.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\ytgsjbtr.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\yycdd.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\yycdd.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\yycdd.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\_ssfuintq_.sys.zip Win32/BHO.EXT trojan deleted - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001333.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users