Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm.Win32.NetSky/Desktop Hijack/Slowness


  • This topic is locked This topic is locked
20 replies to this topic

#1 bona

bona

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 24 November 2009 - 08:11 PM

Clicking on an internet link the other day prompted me to install some windows components. I tried to cancel the install pop-up, but the damage seemed to have already been done. The desktop has been taken over by a blue background with a black square in the middle reading:

--------------------------------------------------------------------------------
YOUR SYSTEM IS INFECTED!

System has been stopped due to a serious malfunction.
Spyware activity has been detected.

It is recommended to use spyware removal tool to prevent data loss.
Do not use the computer before all spyware removed.
--------------------------------------------------------------------------------

I found this post, which is likely very similar to what I am experiencing:

http://www.bleepingcomputer.com/forums/t/235651/viursmalware-calls-itself-advanced-virus-remover/

However, I did not follow the instructions in that post, because they are specific to that person's PC. I am hoping it will be helpful none the less. Other issues noticed on my PC:

-Pop-up about 'Worm.Win32.NetSky'at Windows sign-on
-"Spyware Doctor" popups as if I have installed that actual program
-Small Red X in system tray indicating virus infection
-Slowness in internet browsing and system startup
-Can not start Task Manager

'DDS.txt' file content is as follows:


DDS (Ver_09-11-24.02) - NTFSx86
Run by User at 18:50:12.21 on Tue 11/24/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.149 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG 7.5.560 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
mWinlogon: Userinit=c:\windows\system32\winlogon86.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: microsoft.com\office
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1220482994_55fab195a9ffb3bac43d22528473b458&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-22 207280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-22 112592]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2006-8-15 66048]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-22 358600]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-6-20 17149]
S2 mrtRate;mrtRate; [x]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-8-15 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-8-15 13532]

=============== Created Last 30 ================

2009-11-24 22:49:45 2580 ----a-w- c:\windows\system32\tmp.reg
2009-11-23 02:24:30 882 ----a-w- c:\windows\RegSDImport.xml
2009-11-23 02:24:30 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-23 02:24:30 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-23 02:24:30 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-23 02:24:30 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-23 02:24:30 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-23 02:24:30 131 ----a-w- c:\windows\IDB.zip
2009-11-23 02:24:30 1152470 ----a-w- c:\windows\UDB.zip
2009-11-23 02:20:12 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-11-23 02:20:12 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-23 02:19:36 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-23 02:19:36 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-23 02:19:36 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-23 02:19:36 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-23 02:18:56 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-11-23 02:18:56 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-23 02:18:25 0 d-----w- c:\program files\common files\PC Tools
2009-11-23 02:18:24 0 d-----w- c:\program files\Spyware Doctor
2009-11-23 02:18:24 0 d-----w- c:\docume~1\user\applic~1\PC Tools
2009-11-23 02:18:24 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-23 01:36:05 0 ----a-w- c:\windows\system32\41.exe
2009-11-23 01:36:02 0 ----a-w- c:\windows\system32\AVR10.exe
2009-11-23 01:35:57 0 ----a-w- c:\windows\system32\winhelper86.dll
2009-11-23 01:33:36 741 ----a-w- c:\windows\system32\critical_warning.html
2009-11-23 01:33:14 25360 ----a-w- c:\windows\system32\winlogon86.exe
2009-11-18 04:45:20 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2009-11-18 04:45:15 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2009-11-18 04:45:14 1486 ----a-w- c:\windows\system32\noise.kor
2009-11-18 04:45:13 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-11-18 04:45:13 1158818 ----a-w- c:\windows\system32\korwbrkr.lex
2009-11-18 04:45:12 2060 ----a-w- c:\windows\system32\noise.jpn
2009-11-18 04:45:11 98304 ----a-w- c:\windows\system32\msir3jp.dll
2009-11-18 04:45:11 1875968 ----a-w- c:\windows\system32\msir3jp.lex
2009-11-18 04:43:58 177698 ----a-w- c:\windows\system32\c_10003.nls
2009-11-18 04:42:41 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-11-18 04:42:41 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-11-18 04:42:41 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-11-18 04:42:41 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-11-18 04:42:40 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-11-18 04:42:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-11-09 01:29:00 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-09 01:29:00 1409 ----a-w- c:\windows\QTFont.for
2009-10-27 18:33:28 0 d-----w- c:\program files\Linksys
2009-10-27 18:33:04 0 d-----w- c:\program files\Pure Networks
2009-10-27 18:31:36 0 d-----w- c:\program files\WebEx
2009-10-27 18:29:48 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-10-27 18:29:10 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-10-27 18:28:42 0 d-----w- c:\program files\common files\Pure Networks Shared
2009-10-27 18:26:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks

==================== Find3M ====================

2009-11-23 02:58:35 42320 ----a-w- c:\docume~1\user\applic~1\GDIPFONTCACHEV1.DAT
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2008-09-15 22:28:56 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

============= FINISH: 18:52:10.98 ===============

<'attach.txt' file is attached>
<'ark.txt' file is attached>

Appreciate any help at all.

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 29 November 2009 - 03:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 30 November 2009 - 02:02 AM

Thank you for the reply. My issues have not been resolved. In addition to the problems from my original post, I am also getting what seem to be windows warnings about spyware. The pop-up reads as follows:

"Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files.
You private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you
need update your current security software. Click OK to download official intrusion detection system (IDS software)"

Of course I am not clicking the OK button. I just exit the pop-up whenever it appears.

Also, when attempting to launch many of my executable files (like windows paint), the system prompts me with a windows error:

"Application cannot be executed. The file is infected. Please activate your antivirus software."

This also happens when trying to launch windows task manager.

As requested, I have run the OTL program. However, when the scan is finished, notepad will not open due to the above error message which is blocking many of my executable files.

Please let me know if you have a workaround. Very much appreciated.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 01 December 2009 - 08:27 AM

Hi,

that's the right behaviour with those pop-ups. :( They are not from Microsoft and only try to lure you into installing more malware. They will be gone once we remove the malware.

The files from OTL will be stored in C:\_OTL, if you can find the files there, you can simply attach them here.

If you can't copy those files, please run rkill:
Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
And try to run OTL again, notepad should then be able to open.

regards myrti

Edited by myrti, 01 December 2009 - 08:28 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 04 December 2009 - 12:13 AM

Sorry for the delay. You were right that I was able to just perform a windows search for any files containing the text "OTL". I found the log where I had downloaded the executable file. Log pasted below:

-----------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 12/3/2009 11:47:20 PM - Run 3
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Documents and Settings\User\Desktop\DEBUG
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 92.19 Mb Available Physical Memory | 20.62% Memory free
1.03 Gb Paging File | 0.56 Gb Available in Paging File | 54.21% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 0.36 Gb Free Space | 2.60% Space Free | Partition Type: NTFS
Drive D: | 18.62 Gb Total Space | 18.58 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-B8CC434B
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/30 01:49:26 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\DEBUG\OTL.exe
PRC - [2009/11/22 20:31:10 | 00,025,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winupdate86.exe
PRC - [2009/08/27 00:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/14 08:29:00 | 00,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/24 03:10:46 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
PRC - [2008/09/13 16:36:24 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/10/23 15:43:35 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
PRC - [2007/09/27 20:23:19 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/01/25 14:49:02 | 00,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
PRC - [2005/04/15 14:36:24 | 00,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
PRC - [2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2003/03/25 19:47:54 | 00,151,552 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2003/03/25 19:39:02 | 00,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
PRC - [2003/03/19 23:02:38 | 00,675,840 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
PRC - [2003/03/18 19:03:24 | 00,536,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
PRC - [2003/02/10 15:11:12 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
PRC - [2002/08/20 12:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (SafeList) ==========

MOD - [2009/11/30 01:49:26 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\DEBUG\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/24 03:09:34 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/10/23 15:43:35 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt)
SRV - [2007/09/27 20:23:19 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2003/05/21 00:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2003/03/25 19:47:54 | 00,151,552 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/03/25 19:39:02 | 00,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/03/19 23:02:38 | 00,675,840 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/03/19 23:02:38 | 00,675,840 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/03/18 19:03:24 | 00,536,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/02/10 15:11:12 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/02/10 15:11:12 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2002/12/24 13:01:22 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2008/12/12 17:05:20 | 00,025,264 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 00,023,984 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/06/20 14:04:01 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/02/18 10:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/12/21 19:37:09 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/23 15:43:01 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/09/27 20:23:24 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2007/09/27 20:23:24 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2007/09/27 03:00:00 | 00,865,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070927.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/09/27 03:00:00 | 00,081,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070927.009\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/16 10:39:10 | 00,167,808 | ---- | M] (NETGEAR Inc.) -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/09/05 10:21:06 | 00,362,944 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)
DRV - [2005/04/01 10:43:02 | 00,066,048 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt)
DRV - [2003/09/18 23:06:09 | 00,073,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/07/24 11:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/05/02 20:08:22 | 00,030,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2003/05/02 20:08:18 | 00,224,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2003/03/25 19:52:36 | 00,569,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/03/18 17:50:00 | 00,022,400 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/03/18 17:48:00 | 00,161,024 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2003/03/18 17:46:00 | 00,622,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/03/18 17:45:00 | 01,107,072 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/02/28 00:36:04 | 00,090,852 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/01/16 04:02:00 | 00,017,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2002/12/19 19:48:48 | 00,539,008 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/12/11 13:22:00 | 00,011,044 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/11/19 03:12:04 | 00,036,184 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS) Sony Memory Stick controller(WB)
DRV - [2002/10/04 13:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/10/02 07:57:12 | 00,013,532 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
DRV - [2002/08/30 12:04:56 | 00,023,570 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/08/29 07:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2002/08/28 18:00:48 | 00,231,552 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2002/04/01 16:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2000/12/05 18:18:02 | 00,003,952 | R--- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 22:15:08 | 00,048,896 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\S-1-5-21-794591827-3469414290-1863628479-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\S-1-5-21-794591827-3469414290-1863628479-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2008/04/05 16:50:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2008/09/03 18:04:27 | 00,000,000 | ---D | M]


O1 HOSTS File: (186123 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 www.180solutions.com
O1 - Hosts: 127.0.0.1 bis.180solutions.com
O1 - Hosts: 127.0.0.1 config.180solutions.com
O1 - Hosts: 127.0.0.1 cts.180solutions.com
O1 - Hosts: 127.0.0.1 downloads.180solutions.com
O1 - Hosts: 127.0.0.1 installs.180solutions.com
O1 - Hosts: 127.0.0.1 nowhere.180solutions.com
O1 - Hosts: 127.0.0.1 ping.180solutions.com
O1 - Hosts: 127.0.0.1 tv.180solutions.com
O1 - Hosts: 127.0.0.1 uploads.180solutions.com
O1 - Hosts: 127.0.0.1 public.zangocash.com
O1 - Hosts: 127.0.0.1 www.public.zangocash.com
O1 - Hosts: 127.0.0.1 static.zangocash.com
O1 - Hosts: 127.0.0.1 www.static.zangocash.com
O1 - Hosts: 127.0.0.1 www.zangocash.com
O1 - Hosts: 127.0.0.1 zangocash.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 2search.com
O1 - Hosts: 6605 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-20..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 29 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 29 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 29 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 29 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/08 23:15:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/24 20:28:24 | 00,025,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winupdate86.exe
[2009/11/24 18:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\DEBUG
[2009/11/22 21:47:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Threat Expert
[2009/11/22 21:18:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/11/22 20:33:14 | 00,025,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon86.exe
[2009/11/17 23:45:20 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2009/11/17 23:45:15 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2009/11/17 23:45:13 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2009/11/17 23:45:11 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2009/11/17 23:45:11 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2009/11/17 23:44:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2009/11/17 23:43:54 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2009/11/17 23:43:54 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2009/11/17 23:43:53 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2009/11/17 23:43:19 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2009/11/17 23:42:41 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/11/17 23:42:41 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/11/17 23:42:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/11/17 23:42:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/11/17 23:42:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009/11/17 23:42:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/03 23:43:46 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/12/03 23:42:19 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/03 23:40:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/12/03 23:40:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR10.exe
[2009/12/03 23:40:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/12/03 23:40:50 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/03 23:40:45 | 00,000,741 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/03 23:39:23 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/03 23:38:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/03 23:38:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/03 23:38:43 | 46,876,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/02 13:33:35 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2009/12/02 13:33:35 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2009/12/02 13:32:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2009/12/02 13:12:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2009/12/02 12:52:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2009/12/02 12:32:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2009/12/02 12:12:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2009/12/02 11:52:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2009/12/02 11:32:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2009/12/02 11:12:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2009/12/02 10:52:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2009/12/02 10:32:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2009/12/02 10:12:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2009/12/02 09:52:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2009/12/02 09:32:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2009/12/02 09:12:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2009/12/02 08:52:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/12/02 08:32:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/12/02 08:11:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/12/02 07:51:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/12/02 07:31:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/11/27 15:53:28 | 02,109,640 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/11/26 19:40:54 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/24 19:41:05 | 00,005,068 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Viurs-Malware Calls itself Advanced Virus Remover.url
[2009/11/24 17:49:46 | 00,002,580 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/22 21:58:35 | 00,042,320 | ---- | M] () -- C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/22 20:31:10 | 00,025,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winupdate86.exe
[2009/11/22 20:31:10 | 00,025,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon86.exe
[2009/11/19 14:27:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/18 17:54:38 | 00,042,320 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/18 17:51:11 | 00,166,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/17 22:06:35 | 00,000,527 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to snes9x.lnk
[2009/11/17 21:04:27 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Emerging_Technologies_Midterm_adibona.doc
[2009/11/16 01:12:15 | 00,032,466 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Sonny & Dibona.pdf
[2009/11/11 23:56:51 | 00,261,120 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Midterm Exam Fall 2009 v2_adibona.doc
[2009/11/08 20:29:00 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/08 19:47:17 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/02 13:32:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2009/11/27 02:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2009/11/27 02:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2009/11/27 02:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2009/11/27 01:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2009/11/27 01:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2009/11/27 01:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2009/11/27 00:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2009/11/27 00:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/11/27 00:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/11/26 23:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2009/11/26 23:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/11/26 23:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/11/26 22:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/11/26 22:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/11/26 22:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/11/26 20:36:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/11/26 20:16:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/11/26 19:56:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/11/24 18:06:32 | 46,876,6720 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/24 17:49:45 | 00,002,580 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/23 00:05:10 | 00,005,068 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Viurs-Malware Calls itself Advanced Virus Remover.url
[2009/11/22 20:36:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/11/22 20:36:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR10.exe
[2009/11/22 20:35:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2009/11/22 20:33:36 | 00,000,741 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/11/17 23:45:14 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2009/11/17 23:45:13 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2009/11/17 23:45:12 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2009/11/17 23:44:47 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2009/11/17 23:44:47 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2009/11/17 23:44:47 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2009/11/17 23:44:46 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2009/11/17 23:44:46 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2009/11/17 23:44:46 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2009/11/17 23:44:46 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2009/11/17 23:44:46 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2009/11/17 23:44:46 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2009/11/17 23:44:46 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2009/11/17 23:44:46 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2009/11/17 23:44:46 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2009/11/17 23:44:46 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2009/11/17 23:44:45 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/11/17 23:44:45 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2009/11/17 23:44:45 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2009/11/17 23:44:45 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2009/11/17 23:44:44 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2009/11/17 23:44:44 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2009/11/17 23:44:43 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2009/11/17 23:44:29 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2009/11/17 23:44:29 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2009/11/17 23:44:26 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2009/11/17 23:44:25 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2009/11/17 23:44:24 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2009/11/17 23:44:22 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/11/17 23:43:58 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/11/17 23:43:57 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/11/17 23:43:57 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2009/11/17 23:43:19 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/11/17 23:43:19 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/11/17 23:43:19 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2009/11/17 23:43:19 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/11/17 23:43:18 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/11/17 23:43:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/11/17 23:43:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/11/17 23:43:17 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2009/11/17 22:06:35 | 00,000,527 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to snes9x.lnk
[2009/11/17 20:40:31 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Emerging_Technologies_Midterm_adibona.doc
[2009/11/16 01:12:14 | 00,032,466 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Sonny & Dibona.pdf
[2009/11/11 19:58:55 | 00,261,120 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Midterm Exam Fall 2009 v2_adibona.doc
[2009/11/08 20:29:00 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/08 20:29:00 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/10/27 13:31:09 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/06/20 14:03:52 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/06/20 14:03:51 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/11 22:12:13 | 00,000,355 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/11/14 11:14:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/03 00:06:33 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/18 23:15:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2003/05/21 00:19:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/04/09 19:21:42 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/09 19:21:18 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/09 19:13:19 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2003/04/09 19:02:09 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/04/09 18:59:43 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/04/09 18:50:34 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/04/09 13:40:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/08 23:36:27 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/08 23:33:31 | 00,000,805 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/08 22:59:00 | 00,000,696 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/06/12 14:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
-----------------------------------------------------------------------------------------------------------------------

Thank you for your continued assistance.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 05 December 2009 - 05:24 AM

Hi,

please run a scan with gmer as well:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 05 December 2009 - 06:17 PM

GMER Log results:

---------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-05 17:32:59
Windows 5.1.2600 Service Pack 3
Running: viyxv7pn.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\ffeiyfob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

---- EOF - GMER 1.0.15 ----
---------------------------------------------------------------------------------------------------------------------------

Please let me know if the above looks correct, as I was expecting more results.

Thanks again

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 11 December 2009 - 09:18 AM

Hi,

I'm terribly sorry for the delay. :( I had unexpected family issues to deal with, which left me without internet access for most of the week, but I'm back in the internet connected world now and I hope there won't be any more delays.

The log looks as it is supposed to look. :(

Please try running Malwarebytes to get rid of the infection:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Sorry once more,
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 12 December 2009 - 03:19 AM

No need to apologize at all. Running MBAM has seemingly eliminated many of the issues described in this post. The desktop is no longer hijacked. The red stop sign icons are gone from the system tray (bottom right of toolbar). The pop-ups in the beginning of sign-on are also gone. The intermittent pop-ups about spyware have also ceased. Below is the BMAM log which was saved after removing the selected items:

----------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.42
Database version: 3348
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/12/2009 2:44:13 AM
mbam-log-2009-12-12 (02-44-13).txt

Scan type: Quick Scan
Objects scanned: 120602
Time elapsed: 20 minute(s), 1 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 3
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f223fdc-164a-492c-82d0-055fd8ce349c} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d3bc08f-3c13-4cd1-80f4-f5a7b7d0388f} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ba3ee9b-a96e-4301-b839-388afefcd9f4} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85292bee-65ff-41ad-8e72-b385d1c93c89} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{861adda2-0216-49ac-aa5b-62f64f1d91d1} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d3014ae-0854-4222-a733-d9dd0149d9fa} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9a9e938c-4a18-4b36-a973-dadcd8a1c268} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9c4d0d3f-f36e-42a3-9b35-a43c08ab1866} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abd41a08-5c4d-4cdb-8310-a681e73755bf} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b151b421-a97b-4c1d-b555-eed8a35ba5c8} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3d80493-3013-4e93-a878-4cefc401f4a6} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bdc7bb72-6c19-415d-86c3-76cc46ec00a9} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ce351b84-f0d6-4fa0-aad7-3c0616ea647e} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d64dcdae-38cd-488c-a85c-00a0b5c03ae8} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d9f4d801-2431-465a-b754-ab9e3b649e8c} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0dbb136-fcd7-4180-9207-d4a9e822002e} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{099a05c2-cda0-41ff-9a38-dd8b6149a766} (Rogue.SpyLocked) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon86.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon86.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\winlogon86.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AVR10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winhelper86.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogon86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
----------------------------------------------------------------------------------------------------------------------------

Please let me know if any further action is suggested. I really appreciate your time.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 12 December 2009 - 10:18 AM

Hi,

Mbam seems to have taken out quite a lot. :(

Please provide a new OTL log to see what is still left:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • a report will open, copy and paste it in a reply here:
    • OTListIt.txt <-- Will be opened
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 13 December 2009 - 12:50 PM

Here is the latest OTL log:

--------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 12/13/2009 11:45:43 AM - Run 4
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Documents and Settings\User\Desktop\DEBUG
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 52.29 Mb Available Physical Memory | 11.70% Memory free
1.03 Gb Paging File | 0.61 Gb Available in Paging File | 59.08% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 0.23 Gb Free Space | 1.67% Space Free | Partition Type: NTFS
Drive D: | 18.62 Gb Total Space | 18.58 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-B8CC434B
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/30 01:49:26 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\DEBUG\OTL.exe
PRC - [2008/12/14 08:29:00 | 00,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/24 03:10:46 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
PRC - [2008/09/13 16:36:24 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/10/23 15:43:35 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
PRC - [2007/09/27 20:23:19 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/01/25 14:49:02 | 00,884,840 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T\wlan111t.exe
PRC - [2005/04/15 14:36:24 | 00,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
PRC - [2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2003/03/25 19:47:54 | 00,151,552 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2003/03/25 19:39:02 | 00,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
PRC - [2003/03/19 23:02:38 | 00,675,840 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
PRC - [2003/03/18 19:03:24 | 00,536,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
PRC - [2003/02/10 15:11:12 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
PRC - [2002/08/20 12:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (SafeList) ==========

MOD - [2009/11/30 01:49:26 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\DEBUG\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/24 03:09:34 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/10/23 15:43:35 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt)
SRV - [2007/09/27 20:23:19 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2003/05/21 00:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2003/03/25 19:47:54 | 00,151,552 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/03/25 19:39:02 | 00,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/03/19 23:02:38 | 00,675,840 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/03/19 23:02:38 | 00,675,840 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/03/18 19:03:24 | 00,536,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/02/10 15:11:12 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/02/10 15:11:12 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2002/12/24 13:01:22 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2008/12/12 17:05:20 | 00,025,264 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 00,023,984 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/06/20 14:04:01 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/02/18 10:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/12/21 19:37:09 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/23 15:43:01 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/09/27 20:23:24 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2007/09/27 20:23:24 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2007/09/27 03:00:00 | 00,865,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070927.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/09/27 03:00:00 | 00,081,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070927.009\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/16 10:39:10 | 00,167,808 | ---- | M] (NETGEAR Inc.) -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/09/05 10:21:06 | 00,362,944 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)
DRV - [2005/04/01 10:43:02 | 00,066,048 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt)
DRV - [2003/09/18 23:06:09 | 00,073,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/07/24 11:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/05/02 20:08:22 | 00,030,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2003/05/02 20:08:18 | 00,224,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2003/03/25 19:52:36 | 00,569,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/03/18 17:50:00 | 00,022,400 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/03/18 17:48:00 | 00,161,024 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2003/03/18 17:46:00 | 00,622,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/03/18 17:45:00 | 01,107,072 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/02/28 00:36:04 | 00,090,852 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/01/16 04:02:00 | 00,017,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2002/12/19 19:48:48 | 00,539,008 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/12/11 13:22:00 | 00,011,044 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/11/19 03:12:04 | 00,036,184 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS) Sony Memory Stick controller(WB)
DRV - [2002/10/04 13:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/10/02 07:57:12 | 00,013,532 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
DRV - [2002/08/30 12:04:56 | 00,023,570 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/08/29 07:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2002/08/28 18:00:48 | 00,231,552 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2002/04/01 16:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2000/12/05 18:18:02 | 00,003,952 | R--- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 22:15:08 | 00,048,896 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\S-1-5-21-794591827-3469414290-1863628479-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\S-1-5-21-794591827-3469414290-1863628479-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2008/04/05 16:50:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2008/09/03 18:04:27 | 00,000,000 | ---D | M]


O1 HOSTS File: (186123 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 www.180solutions.com
O1 - Hosts: 127.0.0.1 bis.180solutions.com
O1 - Hosts: 127.0.0.1 config.180solutions.com
O1 - Hosts: 127.0.0.1 cts.180solutions.com
O1 - Hosts: 127.0.0.1 downloads.180solutions.com
O1 - Hosts: 127.0.0.1 installs.180solutions.com
O1 - Hosts: 127.0.0.1 nowhere.180solutions.com
O1 - Hosts: 127.0.0.1 ping.180solutions.com
O1 - Hosts: 127.0.0.1 tv.180solutions.com
O1 - Hosts: 127.0.0.1 uploads.180solutions.com
O1 - Hosts: 127.0.0.1 public.zangocash.com
O1 - Hosts: 127.0.0.1 www.public.zangocash.com
O1 - Hosts: 127.0.0.1 static.zangocash.com
O1 - Hosts: 127.0.0.1 www.static.zangocash.com
O1 - Hosts: 127.0.0.1 www.zangocash.com
O1 - Hosts: 127.0.0.1 zangocash.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 2search.com
O1 - Hosts: 6605 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-20..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 29 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 29 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 29 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 29 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-21-794591827-3469414290-1863628479-1005\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/08 23:15:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/12 02:17:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2009/12/12 02:17:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/12 02:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/12 02:17:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/12 02:17:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/24 18:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\DEBUG
[2009/11/22 21:47:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Threat Expert
[2009/11/22 21:18:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/11/17 23:45:20 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2009/11/17 23:45:15 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2009/11/17 23:45:13 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2009/11/17 23:45:11 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2009/11/17 23:45:11 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2009/11/17 23:44:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2009/11/17 23:43:54 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2009/11/17 23:43:54 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2009/11/17 23:43:53 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2009/11/17 23:43:19 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2009/11/17 23:42:41 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/11/17 23:42:41 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/11/17 23:42:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/11/17 23:42:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/11/17 23:42:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009/11/17 23:42:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/13 11:44:26 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/12/13 11:41:52 | 00,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/13 11:41:52 | 00,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/13 11:41:50 | 00,355,944 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/13 11:41:44 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/13 11:41:08 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/13 11:40:54 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/13 11:38:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/13 11:38:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/13 11:38:26 | 46,876,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 03:23:33 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2009/12/12 03:23:33 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2009/12/12 03:21:40 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/12 02:38:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/12/12 02:18:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/12/12 02:17:27 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/06 11:38:14 | 04,804,914 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/12/05 17:56:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2009/12/05 17:36:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2009/12/05 17:16:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2009/12/05 16:56:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2009/12/05 16:36:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2009/12/05 16:16:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2009/12/05 15:56:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2009/12/05 15:36:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2009/12/05 15:16:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2009/12/05 14:56:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2009/12/05 14:36:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2009/12/05 14:16:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/12/05 13:56:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/12/05 13:36:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 13:32:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2009/12/02 13:12:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2009/12/02 12:52:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2009/11/24 17:49:46 | 00,002,580 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/22 21:58:35 | 00,042,320 | ---- | M] () -- C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/19 14:27:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/18 17:54:38 | 00,042,320 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/18 17:51:11 | 00,166,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/17 22:06:35 | 00,000,527 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to snes9x.lnk
[2009/11/17 21:04:27 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Emerging_Technologies_Midterm_adibona.doc
[2009/11/16 01:12:15 | 00,032,466 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Sonny & Dibona.pdf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/12 02:17:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/02 13:32:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2009/11/27 02:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2009/11/27 02:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2009/11/27 02:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2009/11/27 01:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2009/11/27 01:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2009/11/27 01:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2009/11/27 00:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2009/11/27 00:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/11/27 00:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/11/26 23:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2009/11/26 23:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/11/26 23:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/11/26 22:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/11/26 22:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/11/26 22:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/11/26 20:36:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/11/26 20:16:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/11/26 19:56:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/11/24 18:06:32 | 46,876,6720 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/24 17:49:45 | 00,002,580 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/17 23:45:14 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2009/11/17 23:45:13 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2009/11/17 23:45:12 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2009/11/17 23:44:47 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2009/11/17 23:44:47 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2009/11/17 23:44:47 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2009/11/17 23:44:46 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2009/11/17 23:44:46 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2009/11/17 23:44:46 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2009/11/17 23:44:46 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2009/11/17 23:44:46 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2009/11/17 23:44:46 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2009/11/17 23:44:46 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2009/11/17 23:44:46 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2009/11/17 23:44:46 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2009/11/17 23:44:46 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2009/11/17 23:44:45 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/11/17 23:44:45 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2009/11/17 23:44:45 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2009/11/17 23:44:45 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2009/11/17 23:44:44 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2009/11/17 23:44:44 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2009/11/17 23:44:43 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2009/11/17 23:44:29 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2009/11/17 23:44:29 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2009/11/17 23:44:26 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2009/11/17 23:44:25 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2009/11/17 23:44:24 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2009/11/17 23:44:22 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/11/17 23:43:58 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/11/17 23:43:57 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/11/17 23:43:57 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2009/11/17 23:43:19 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/11/17 23:43:19 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/11/17 23:43:19 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2009/11/17 23:43:19 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/11/17 23:43:18 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/11/17 23:43:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/11/17 23:43:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/11/17 23:43:17 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2009/11/17 22:06:35 | 00,000,527 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to snes9x.lnk
[2009/11/17 20:40:31 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Emerging_Technologies_Midterm_adibona.doc
[2009/11/16 01:12:14 | 00,032,466 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Sonny & Dibona.pdf
[2009/10/27 13:31:09 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/06/20 14:03:52 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/06/20 14:03:51 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/11 22:12:13 | 00,000,355 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/11/14 11:14:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/03 00:06:33 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/18 23:15:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2003/05/21 00:19:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/04/09 19:21:42 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/09 19:21:18 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/09 19:13:19 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2003/04/09 19:02:09 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/04/09 18:59:43 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/04/09 18:50:34 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/04/09 13:40:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/08 23:36:27 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/08 23:33:31 | 00,000,805 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/08 22:59:00 | 00,000,696 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/06/12 14:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
--------------------------------------------------------------------------------------------------------------------------------

Thank you

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 15 December 2009 - 10:37 AM

Hi,

things are looking pretty good. Please run the following script to remove the leftovers still present in the log:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    
    [2009/12/02 13:32:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
    [2009/11/27 02:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
    [2009/11/27 02:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
    [2009/11/27 02:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
    [2009/11/27 01:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
    [2009/11/27 01:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
    [2009/11/27 01:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
    [2009/11/27 00:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
    [2009/11/27 00:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
    [2009/11/27 00:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
    [2009/11/26 23:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
    [2009/11/26 23:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
    [2009/11/26 23:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
    [2009/11/26 22:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
    [2009/11/26 22:27:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
    [2009/11/26 22:07:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
    [2009/11/26 20:36:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
    [2009/11/26 20:16:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
    [2009/11/26 19:56:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 16 December 2009 - 11:51 PM

Here are the results from the custom OTL scan:

---------------------------------------------------------------------------------------------------------------------
All processes killed
========== OTL ==========
C:\WINDOWS\system32\5436.exe moved successfully.
C:\WINDOWS\system32\4827.exe moved successfully.
C:\WINDOWS\system32\11942.exe moved successfully.
C:\WINDOWS\system32\2995.exe moved successfully.
C:\WINDOWS\system32\491.exe moved successfully.
C:\WINDOWS\system32\9961.exe moved successfully.
C:\WINDOWS\system32\16827.exe moved successfully.
C:\WINDOWS\system32\23281.exe moved successfully.
C:\WINDOWS\system32\28145.exe moved successfully.
C:\WINDOWS\system32\5705.exe moved successfully.
C:\WINDOWS\system32\24464.exe moved successfully.
C:\WINDOWS\system32\26962.exe moved successfully.
C:\WINDOWS\system32\29358.exe moved successfully.
C:\WINDOWS\system32\11478.exe moved successfully.
C:\WINDOWS\system32\15724.exe moved successfully.
C:\WINDOWS\system32\19169.exe moved successfully.
C:\WINDOWS\system32\26500.exe moved successfully.
C:\WINDOWS\system32\6334.exe moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49146844 bytes

User: NetworkService
->Temp folder emptied: 427434 bytes
->Temporary Internet Files folder emptied: 395053 bytes

User: User
->Temp folder emptied: 6825 bytes
->Temporary Internet Files folder emptied: 47699733 bytes
->Java cache emptied: 1878814 bytes
->Apple Safari cache emptied: 2954524 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58371 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
Windows Temp folder emptied: 2712543 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 58857 bytes
RecycleBin emptied: 259997284 bytes

Total Files Cleaned = 351.18 mb


OTL by OldTimer - Version 3.1.11.3 log created on 12162009_232628

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
---------------------------------------------------------------------------------------------------------------------


Here are the results of the follow-up OTL scan:

---------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 12/16/2009 11:40:49 PM - Run 5
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Documents and Settings\User\Desktop\DEBUG
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.98 Mb Total Physical Memory | 79.15 Mb Available Physical Memory | 17.71% Memory free
1.03 Gb Paging File | 0.65 Gb Available in Paging File | 62.56% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 0.58 Gb Free Space | 4.12% Space Free | Partition Type: NTFS
Drive D: | 18.62 Gb Total Space | 18.58 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-B8CC434B
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\DEBUG\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
PRC - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\ati2evxx.exe ()
PRC - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\DEBUG\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (Avg7Alrt) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
SRV - (Avg7UpdSvc) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (Norton AntiVirus Server) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe ()
SRV - (VAIOMediaPlatform-PhotoServer-AppServer) -- C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-MusicServer-AppServer) -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (AvgClean) -- C:\WINDOWS\System32\Drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Avg7Core) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070927.009\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070927.009\NAVENG.SYS (Symantec Corporation)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (AR5523) -- C:\WINDOWS\system32\drivers\WG11TND5.sys (NETGEAR, Inc.)
DRV - (EAPPkt) -- C:\WINDOWS\system32\drivers\EAPPkt.sys (Windows ® 2000 DDK provider)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (NAVAPEL) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys (Symantec Corporation)
DRV - (NAVAP) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)
DRV - (HSFHWALI) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (SONYWBMS) Sony Memory Stick controller(WB) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (SjyPkt) -- C:\WINDOWS\system32\drivers\SjyPkt.sys (Windows ® 2000 DDK provider)
DRV - (caboagp) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (aliadwdm) -- C:\WINDOWS\system32\drivers\ac97ali.sys (Acer Laboratories Inc.)
DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2008/04/05 16:50:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2008/09/03 18:04:27 | 00,000,000 | ---D | M]


O1 HOSTS File: (186123 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 www.180solutions.com
O1 - Hosts: 127.0.0.1 bis.180solutions.com
O1 - Hosts: 127.0.0.1 config.180solutions.com
O1 - Hosts: 127.0.0.1 cts.180solutions.com
O1 - Hosts: 127.0.0.1 downloads.180solutions.com
O1 - Hosts: 127.0.0.1 installs.180solutions.com
O1 - Hosts: 127.0.0.1 nowhere.180solutions.com
O1 - Hosts: 127.0.0.1 ping.180solutions.com
O1 - Hosts: 127.0.0.1 tv.180solutions.com
O1 - Hosts: 127.0.0.1 uploads.180solutions.com
O1 - Hosts: 127.0.0.1 public.zangocash.com
O1 - Hosts: 127.0.0.1 www.public.zangocash.com
O1 - Hosts: 127.0.0.1 static.zangocash.com
O1 - Hosts: 127.0.0.1 www.static.zangocash.com
O1 - Hosts: 127.0.0.1 www.zangocash.com
O1 - Hosts: 127.0.0.1 zangocash.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 2search.com
O1 - Hosts: 6605 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/08 23:15:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/16 23:26:29 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/12 02:17:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2009/12/12 02:17:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/12 02:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/12 02:17:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/12 02:17:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/24 18:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\DEBUG
[2009/11/22 21:47:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Threat Expert
[2009/11/22 21:18:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/11/17 23:45:20 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2009/11/17 23:45:15 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2009/11/17 23:45:13 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2009/11/17 23:45:11 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2009/11/17 23:45:11 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2009/11/17 23:44:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2009/11/17 23:43:54 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2009/11/17 23:43:54 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2009/11/17 23:43:53 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2009/11/17 23:43:19 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2009/11/17 23:42:41 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/11/17 23:42:41 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/11/17 23:42:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/11/17 23:42:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/11/17 23:42:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009/11/17 23:42:39 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll

========== Files - Modified Within 30 Days ==========

[2009/12/16 23:33:28 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/16 23:31:40 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/16 23:31:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/16 23:30:22 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/12/16 23:29:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/16 23:29:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/16 23:29:24 | 46,876,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/16 23:28:01 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2009/12/16 23:28:01 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2009/12/13 11:41:52 | 00,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/13 11:41:52 | 00,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/13 11:41:50 | 00,355,944 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/12 03:21:40 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/12 02:17:27 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/06 11:38:14 | 04,804,914 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/24 17:49:46 | 00,002,580 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/22 21:58:35 | 00,042,320 | ---- | M] () -- C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/19 14:27:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/18 17:54:38 | 00,042,320 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/18 17:51:11 | 00,166,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/17 22:06:35 | 00,000,527 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to snes9x.lnk
[2009/11/17 21:04:27 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Emerging_Technologies_Midterm_adibona.doc

========== Files Created - No Company Name ==========

[2009/12/12 02:17:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/24 18:06:32 | 46,876,6720 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/24 17:49:45 | 00,002,580 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/11/17 23:45:14 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2009/11/17 23:45:13 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2009/11/17 23:45:12 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2009/11/17 23:44:47 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2009/11/17 23:44:47 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2009/11/17 23:44:47 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2009/11/17 23:44:46 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2009/11/17 23:44:46 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2009/11/17 23:44:46 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2009/11/17 23:44:46 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2009/11/17 23:44:46 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2009/11/17 23:44:46 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2009/11/17 23:44:46 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2009/11/17 23:44:46 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2009/11/17 23:44:46 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2009/11/17 23:44:46 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2009/11/17 23:44:45 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/11/17 23:44:45 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2009/11/17 23:44:45 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2009/11/17 23:44:45 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2009/11/17 23:44:44 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2009/11/17 23:44:44 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2009/11/17 23:44:43 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2009/11/17 23:44:29 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2009/11/17 23:44:29 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2009/11/17 23:44:26 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2009/11/17 23:44:25 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2009/11/17 23:44:24 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2009/11/17 23:44:22 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/11/17 23:43:58 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/11/17 23:43:57 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/11/17 23:43:57 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2009/11/17 23:43:19 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/11/17 23:43:19 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/11/17 23:43:19 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2009/11/17 23:43:19 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/11/17 23:43:18 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/11/17 23:43:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/11/17 23:43:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/11/17 23:43:17 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2009/11/17 22:06:35 | 00,000,527 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to snes9x.lnk
[2009/11/17 20:40:31 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Emerging_Technologies_Midterm_adibona.doc
[2009/10/27 13:31:09 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/06/20 14:03:52 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/06/20 14:03:51 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/11 22:12:13 | 00,000,355 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/11/14 11:14:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/03 00:06:33 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/18 23:15:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2003/05/21 00:19:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/04/09 19:21:42 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/09 19:21:18 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/09 19:13:19 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2003/04/09 19:02:09 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/04/09 18:59:43 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/04/09 18:50:34 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/04/09 13:40:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/08 23:36:27 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/08 23:33:31 | 00,000,805 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/08 22:59:00 | 00,000,696 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/06/12 14:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
---------------------------------------------------------------------------------------------------------------------

Thank you kindly.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 19 December 2009 - 09:17 AM

Hi,

how is your PC doing now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 bona

bona
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 20 December 2009 - 01:46 AM

Hi Myrti,

Things are looking much much better. I wanted to thank you for your assistance. I just helped another friend with the same problem on her PC. That MBAM program works wonders. I'll remember it for the future.

Very much appreciated.

- Bona




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users