Author Topic: svchost.exe and windows update (Read 38155 times)

cfnyy51 · « **on:** November 01, 2010, 07:19:58 PM »

Need help in getting this machine to run properly. I was able to remove a virus that masked itself as Antivuris 8, but I still think the computer is infected:

1) Svchost.exe can take up nearly 100% of the CPU for long periods of time.
2) Cannot access Windowsupdate website or update Windows Defender.

I have followed the steps outlined in the malware removal guidelines post. Any help would be greatly appreciated.

I apologize if I messed up on any of the steps of the posting process.

Edit: I had to post this on another PC. The infected PC would not allow me to submit my post (IE and Firefox)

cfnyy51 · « **Reply #1 on:** November 01, 2010, 07:20:17 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:57 PM, on 11/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1125946752\ee\AOLSoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125946752\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lbihoko] rundll32.exe "C:\WINDOWS\idokifurizevulad.dll",Startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bmupurega] rundll32.exe "C:\WINDOWS\dcxsnut.dll",Startup (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.20/uploader2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/43.10/uploader2.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154980515546
O16 - DPF: {6EC00533-A02A-4C97-A93C-66BDB184EBD7} (ZfdWebInstaller Class) - http://nwmiddle.udayton.edu/nls/English/ZfdInstallMgr.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.optonline.net//images/Common/header/hdrIdTexArea_back.gif

--
End of file - 10709 bytes

cfnyy51 · « **Reply #2 on:** November 01, 2010, 07:21:40 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/20/2010 at 09:36 PM

Application Version : 4.44.1000

Core Rules Database Version : 5723
Trace Rules Database Version: 3535

Scan type : Complete Scan
Total Scan Time : 01:23:29

Memory items scanned : 528
Memory threats detected : 0
Registry items scanned : 7384
Registry threats detected : 3
File items scanned : 28184
File threats detected : 42

Adware.CouponBar
HKU\S-1-5-21-692574358-2411448291-2996467416-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#
{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}

Adware.Tracking Cookie
C:\Documents and Settings\Mario Graziano\Cookies\[email protected][1].txt
C:\Documents and Settings\Mario Graziano\Cookies\mario__graziano@overture[1].txt
C:\Documents and Settings\Mario Graziano\Cookies\mario__graziano@shopica[1].txt
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\NERCV583 ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\NERCV583 ]
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
kona.kontera.com [ C:\Documents and Settings\Mario Graziano\Application Data\Macromedia\Flash Player\#SharedObjects\WQ762L9H ]
.kontera.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
n-traffic.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt

Malware.Trace
HKU\S-1-5-21-692574358-2411448291-2996467416-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\
EXPLORER#NOFOLDEROPTIONS

Trojan.Agent/Gen-MSFake
C:\WINDOWS\TEMP\TMP000001E526DCBD56667A4FB0
C:\WINDOWS\TEMP\TMP000001E88A73581933866F11

cfnyy51 · « **Reply #3 on:** November 01, 2010, 07:22:25 PM »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4895

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

10/20/2010 7:45:27 PM
mbam-log-2010-10-20 (19-45-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 273362
Time elapsed: 2 hour(s), 20 minute(s), 43 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 53
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 38

Memory Processes Infected:
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\iexplorer.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Documents and Settings\John\Local Settings\Temp\services.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\John\Local Settings\Temp\services.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d6ba40a1-a502-59bd-f413-04b03a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d6ba40a1-a502-59bd-f413-04b03a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6ba40a1-a502-59bd-f413-04b03a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrta (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrtaift.com&p=
r0lgodlhyaa8apcaaaaaaiaaaacaaicaaaaagia agacagicagmdawp8aaad/ap//aaaa//8a/wd/
/////waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamwaazga amqaazaaa/wazaaazmwazzgazmqazzaaz/wbm
aabmmwbmzgbmmqbmzabm/wczaaczmwczzgczmqczzacz/wdmaadmmwdmzgdmmqdmzadm/wd/aad/
mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmzadmzmzmzzjmzmtmzzdmz/znmadnmmznm
zjnmmtnmzdnm/zozadozmzozzjozmtozzdoz/zpmadpmmzpmzjpmmtpmzdpm/zp/adp/mzp/zjp/
mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm
zgzm/2azagazm2azzmazmwazzgaz/2bmagbmm2bmzmbmmwbmzgbm/2b/agb/m2b/zmb/mwb/zgb/
/5kaajkam5kazpkamzkazjka/5kzajkzm5kzzpkzmzkzzjkz/5lmajlmm5lmzplmmzlmzjlm/5mz
ajmzm5mzzpmzmzmzzjmz/5nmajnmm5nmzpnmmznmzjnm/5n/ajn/m5n/zpn/mzn/zjn//8waamwa
m8wazswamcwazmwa/8wzamwzm8wzzswzmcwzzmwz/8xmamxmm8xmzsxmmcxmzmxm/8yzamyzm8yz
zsyzmcyzzmyz/8zmamzmm8zmzszmmczmzmzm/8z/amz/m8z/zsz/mcz/zmz///8aap8am/8azv8a
mf8azp8a//8zap8zm/8zzv8zmf8zzp8z//9map9mm/9mzv9mmf9mzp9m//+zap+zm/+zzv+zmf+z
zp+z///map/mm//mzv/mmf/mzp/m////ap//m///zv//mf//zp///yh5baeaabaalaaaaadiadwa
aaj/afol+kewomgdcbmqxmiwocohep+l8hoxoswlgbp6etiwibwchwmgbimwy8aie00qpparzct/
lvn+8+pn5cmbcudw1alrj0evogeg7unwj0minckoxqqswiqntpkethnqkmmrpeuevcovydaincc6
9dml59szwg1+zeiuy9unt9cu/ao0o1wldbuyrxp3js2lclnchtpybte8dqka3djwk0+uemmaxsgy
sdqdcaw+lqny40lliqe7fu1ys2dcqemrts06rsvrrvptblurcwzxcsw+jqr3okufoixyhm7wbsio
k4letntu6na/wculni3zjdfjjh8qhunyn3odwr2m/6w9pqxa2merkyfvt/xojbthroylfuplrgkd
zj/7m3pe7t5z5br6kk3ekvnltztugutrw+b4c3l04hrpvzjuuzclbygff144nwoczvwdf2zt1l2i
zeg0xkimhziyz0xdrhb6/0w13wkazudbeettggghezniy0qnyfhzz9/5rwnii+vine05/ktyjauw
9wbwbsu02k9ranufrgbwbvwrtar3gyodkvvmbwx xwjkorulyxnxuikunmaqzivr4iy2ig2pyoqdr
js8jmcjdnyh1y3rcffqunsubxwvmg01rmnxjnpw cmquuzxaay/imkhdxivjuecibffasykrfzwof
9f9ox0oxrvbwo7rs2ezmmn44agpahsksssqz6kj cdhzq161isuscllbnstmuquxhx0gl1telocdw
dyhzh0fx65iu+rcoq03lfsiq6gjl0xg+9htksnhukt8u+jjl7uwkqubgrll6gmnpltv0yqnc8dmn
so72naqg4mo3kl4ylywqwfw1jxi+hkpamyemmvjsl8zfczvt9en0lqhbmeqvv2m+6sxb1ezl7bue
xzutts16ezg+hfvlmxvkktiruokrx1ncmsxks0hqpeyvvz4mwpredq+kb1lwknsz1vorhbrgalpm
us1teextyx7te1vctw3vb7aksis0wuoprnvxfjn/k7wzfelz6nbtftyrxd7urwdg0/kxnvpt5wvl
igkf+m/cbsbl3uchk4xiqwcxidvvm/5kx6qih9f1v2jpbje1j+mwdmiqh6w2pflfn9t+40qr4ydi
dfhx1/3yw+lxjzuiwviuc6mqsriv1lw4kvn9tv2euwxpbpwvoi3fb0uclkjdnsgyeu9nh9au6akt
lro1eyz/8l4v6fo/+fr7d2t4eumtdzwbgnco1taxtytrenovgczlkwxdbw1tmh3xgbi/5tgpjhae
nomc5kmlqalum/vburcvn4ujl1z1upx1zhs0mprliyelwxgi5b1yvsypsysa/tkwttm8bv8okjko
/yjitcwibso6grbowuwemearop2ikbnymscgtdcgizridkukmgck73zxmrbfuoyh+vglbaqy4egs
hs2/qou0domdfv/fsayajuvcnfguldyeelfjec1ewdb0espzgdbegloqqmpflidckyoec43bymey
3evovfu6oxl+vjmnnw5btzrkhztmrsdu60vv+xmlcvot3bvykkzr2kxkuhtqmi9emonhjipwqwvj
5hqeyrfciti/gtwnxa+lmhkk9k1gyerwpbqzacokugpgsglgwv2genywkk1zaohjifo4ojbzacrw
0jun6etioabq6jcq0hqluwo52fgqgpvsttnixv/cytcrc1id5+aehkoyekwjb01vf5s0y6p8kfvp
0eydqfsxnappns6kolhe5ze/ak1en2pi6miixjgjevedaov8nhse5yuiew1hhtrv0jihcjnuc8ga
ebdpwkiosqfnowhsegtlj50ppjfpeneka83+gfcnqnihyctzr/wtdz9+aeniskuvyk2llxhcc+yy
z6l6wsk1mhmnjiomg84rckzhdnczw/i0vijojlpulcekohjggodiz7maziz2s6ei0skucyflsisd
8vgxm5c9fqvfzuzpqbat3cee6orjs5e2xkcclft vzluwpxsusvebpc+kuydgguswudtbi0scntj/
ssispemqcwfloctcvlh005f8akfekk7xo0o5yg7 yecxnmnbtysodye6dtemrr1l3fgjd3fjpaakn
j3p9rm78sfclwtc2rn3j1tsmr7r57odndyphpyf df2n1m0ktpiz/kxvjobsfcjelywlbqopwcljj
mpklmnirw86yc/sdadopmk0avaxyb+oifduwh+czziqnwm24xlydbzwvf1gblqsogmb0jhve1cpd
cgtsfgoduyqbyalhployacytpoxx71s466z9gve vnf1vrd4mlpen85pj0ygyblteglvjhbb1veyl
nqxr3cd8tsyzaw56vqdazsfdy69mhule7rgx/8tyu+fw98cmr8m2ruoh5gxdijy/gmh6kvepugtv
l/hslj46vtkiipjnaqckxewhn28sx5czvwbc4nmrhnqchf0x+h96qpokicrozhokpxm+iyvxgquk
y+1upoyxmmcqn5eznniu6cihz9kvo+7yjtkpn5ujhtwr3wc8vbsvplrupyux2ysitwbmjvuw6awg
maemc6vynghpw6ytuq6lrwftobm+cy/x/a6sjixuvlf73azo9v/t+kytkwhnslyljnwkqmmzsykv
exnp0ilylgzbswxayqbmgduw6xfvnc6istj92zm rvtrxtlejvt1mm4f4ckbczmeznjgda1xlof+h
mer3xs9id1k6vfocyq9x6v8k3i8el3nghkjtacn abjwh2zyr0nnd3wtxzpunytnw4oq1upuuwvm9
l+y6zysvao8xwyzomuq9ffnpggm4frpt9mppfdhme3uvez1niv2tehj1ntbvrhngr2ewiihlw85f
jdsmln4zkdzgy84qet/c7yehvf6cfqq0oxo6bud2crkfw3bf2ct0tvxxrhnowo+i7avcn5iwh82k
h15tp49gsr4ynzkjnnigtt2qz/uptv9f7r/n+nwepzeer6y17iuaftm+wwr9zvjvrj63f7z6vw9c
9i2hfs6ljxjso3rucgu4um4i+eg/vzf3o74cycwtl+yl//wak3nl0k/9semdjiyhxpetzpoaaaa7
== (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrtar.com&p=
r0lgodlhyaa8apcaaaaaaiaaaacaaicaaaaagia agacagicagmdawp8aaad/ap//aaaa//8a/wd/
/////waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamwaazga amqaazaaa/wazaaazmwazzgazmqazzaaz/wbm
aabmmwbmzgbmmqbmzabm/wczaaczmwczzgczmqczzacz/wdmaadmmwdmzgdmmqdmzadm/wd/aad/
mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmzadmzmzmzzjmzmtmzzdmz/znmadnmmznm
zjnmmtnmzdnm/zozadozmzozzjozmtozzdoz/zpmadpmmzpmzjpmmtpmzdpm/zp/adp/mzp/zjp/
mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm
zgzm/2azagazm2azzmazmwazzgaz/2bmagbmm2bmzmbmmwbmzgbm/2b/agb/m2b/zmb/mwb/zgb/
/5kaajkam5kazpkamzkazjka/5kzajkzm5kzzpkzmzkzzjkz/5lmajlmm5lmzplmmzlmzjlm/5mz
ajmzm5mzzpmzmzmzzjmz/5nmajnmm5nmzpnmmznmzjnm/5n/ajn/m5n/zpn/mzn/zjn//8waamwa
m8wazswamcwazmwa/8wzamwzm8wzzswzmcwzzmwz/8xmamxmm8xmzsxmmcxmzmxm/8yzamyzm8yz
zsyzmcyzzmyz/8zmamzmm8zmzszmmczmzmzm/8z/amz/m8z/zsz/mcz/zmz///8aap8am/8azv8a
mf8azp8a//8zap8zm/8zzv8zmf8zzp8z//9map9mm/9mzv9mmf9mzp9m//+zap+zm/+zzv+zmf+z
zp+z///map/mm//mzv/mmf/mzp/m////ap//m///zv//mf//zp///yh5baeaabaalaaaaadiadwa
aaj/ap8jheiwoegdqvidxdhqicohecnkneixoswl//yk0ugho0bqb/2apegtocobi/+lponxysqu
lvvsfamr5koybtn60dkxjsqfoygafmjs50yjsd8 i5bixac+kbkhiljrxquyejmgmmgo1is6jvg9e
luj160+c1hy63rnuo9mubvvse1vsydgueikufbvr6ua1svnipfl2bfy5cwmlbfo0rodfz2mg1xjs
sdk0bnue3ju2os3orytuljv25na7jxsunxl4pf+mmfmmjsrws8cdzufq/mkstwcrfz2ezby1p+yx
xakfva54nkhf/xzurlvyoflobvljvw28jv/rs3ot/zq4oipzxgq1ekyou6rruyup+/6+lfpakzkj
e3u+3ujh7l6dnthejc02ffjpncqwzsbzvlntxc3vw0lniqcawn5madlp4mefxyegtyeczr195mcf
ic2yn0yflagfwrzc+j1ri1v3mo0lwqjudhrl5zvwfqawbx4lnmbfyplxfjjvopf4e3giwhgvjqcl
vj1qqxgflptihahyjronksr+lw1l21xj1rflcyhlmzija1zyg5qv9kvhvdfmmen+nqkynxxbdsko
emwettfhctrzx3usnfigrsdm5unk6xwu1aw96yg quwpjfasyipmji1wilqqbnqlqpiqlceem4amw
vv/aapjs/cuwwhtiququu7nh66+nijzqda/ukmwqguix36eh3rldk0rplj2lpgwo2wvyqvccghtm
whieoxgjw2c7phrrr9d11lnvvkyijarwiakzrcq xjvj8k6rukn5e6tbahqxh9+rtkx0lfknwcppw
edezifp8dq1pruba9kosmugki1jtc1vm4hhuzca vq1syc/bacvkn0mkmhkwaohmlmazeztvabzoi
zzyfra7aycjkadesrisp5mllricpevldi4/swisrm6xsowr/jlfqx4qfutmjs8xvtgx5mfs8xxul
cnmjcxpxrc4iwrhf+jizh5ghphwwyqqbgng9al3/lsef0smsmgv1jzvdzxntizszyaom0wzjc+mi
sskstl6nw0oyxathzxpqurcx6+/hifytk6aykzo5ntmblpfd9erhq3mbdymbbqoo2wmgaj9x3mdx
nunozdyarefztr1dcvzjo34yhcm2xmdotlk3klz f6g79wm5tmybvyypdmowty/hmwbkyippol9pi
ie7ev+su7aqaot25xjs/kbnd9xw0/mvqwfb0prv+nyqlxsrbwktsfsbortgcgtuzuhulljhfb2y5
wn8ax68abcpkn/rbv6qmlhebz1mtk4qvwlw9p2xeseixfujyldz98awqcnjxwkboeskhikwsu9hd
//iforsiklqzykwcl0kkvl2ojxwk0v8ezdajvipsinniff6smbj97nj/ut9dgkcxawlrytgjyrjw
zeodtw1z8glgyvghl/vnjfycg86gsfo/q1ureauykhsopy3q8o15kepp1nccwdrtmskcw1niifi2
hzyluwoyu+9yaii9oqynl8zcbpwshrpuss1kixmdcnk4hgjvt04di844xmhkaeg8bzrfrya0l/b9
tf4h+uo7guyys41ew1+rjmoy9zfwiumdsnnumofzy84eusqzu13ffjyv3jwtmsv5wunqwcy8/rio
qrifd5h0waweee/vqexnunkvetiklnqrzfgeh/+wmsvtn/4enhh4hy735ugheczb1wdskalp7obf
8zokteixlxqrai5iaefs9hyzbvgofcmfj6/5sv84njs/3eisgvkp1nezcevcckqlsid4/c6aod0b
ughmt1kgdchzdgfoa0svjr7kwn+x4ozgduaemucrgsjmdg6lkjgyrj1vwlp3cexunlxljxkseuje
ubdiviwk1cyoaao1s7bpi3ply53cpmkdnb21yu5 fcd1zutnrwe8slbkxbzvlwzygtwfq0uokmxro
lqdmnixnjfes8hrvichmpxpfwbxbmrbxjccfwxp iojmzroyepz7cughp2jwazeqbadxuasfws3d/
fhvktosnkhpk1keqdahyazq59dwwm3xwootrdwd fg6eqjimayrptfzjuk5glqz5kog1diwi7vl0r
gsvpxyjjucqy2wxejlfnclmapumkbtor5brjhki zgcvkzhyp0fkgirdkxtv5wpxt5ok7uwkxkjgm
shxnzilgnhbrufxlk6smbv2e5tz3dyprm10np3t ls2m9yu5mw6hcbnruzqyjdobsg9orppv7rm0m
bwitrtkud3pavckbpyguuc7xeupbqoflqush1cu 0ekqj3iam29qoc8n4++6hdzyrhrzwr/gkv602
hrta5nebbj5yyxzvzieeszigxmsootjk7qyx/8epmu0h2txvcsllxekno+9ufoc2nyxjlwnjlq3z
4sq904kzbo1qxuksxbzuy4ukfkkbbjvfpqtqllk svjbrs/raqxzxi9iptfsn1zyima10y+skrdrg
ecygcnzta6uyrodj8jk8pmlir9zt9ryukbkjde3 6z8ca881rhevr4zs5yrqnojecjdbt8jidbzla
r5h7gd8fryee0zv6bf6xco9jaf4kmlgpipdiwnp zs+ftju++sygym7wkblfvkpkuoac0ft8ywqm6
hs9bd5qg5pwbx4kg3cokuwmpme6ppnt1k5ufo1d xedvahgvyhmlul/bfkqioyy+oznxbwxqqgf/t
0f0kupecykr8udyouxs97dsygngc37aausto36z zfggt721v2rgbjto1gv9bchbpetw2s7gy9zpl
wrynfx0businiwnkqysjp2dgovxwanw4iyid3g0 wwpieex1ti7uhczlmekh1akrobv3qvakqiftq
wzfsp9vgku7gv25yn9rxpmycsp4auvuroyxrhyz og5vaxf+tbyhtgzxly1s66dq8okxhmoffrjpj
xqjnd6y1ipgl6tr75cnbmxtsai6uhf544puvzy1 s46x0bxtjjr99kl+e+c85+khs3x7ykb0xes9w
7iwxowon6gdkgurgjy063gnffa3zz/geetpyf6zs7ego/s3pifnfpo3974ftzsgz5199fpcyekv+
+wviukd9kva/pvruv38h93w/hjjy0vwan2gaihagcssdi3vnp4abggfdn025v4hqjynpx0nikxeb
aqa7 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrta (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrtaift.com&p=
r0lgodlhyaa8apcaaaaaaiaaaacaaicaaaaagia agacagicagmdawp8aaad/ap//aaaa//8a/wd/
/////waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamwaazga amqaazaaa/wazaaazmwazzgazmqazzaaz/wbm
aabmmwbmzgbmmqbmzabm/wczaaczmwczzgczmqczzacz/wdmaadmmwdmzgdmmqdmzadm/wd/aad/
mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmzadmzmzmzzjmzmtmzzdmz/znmadnmmznm
zjnmmtnmzdnm/zozadozmzozzjozmtozzdoz/zpmadpmmzpmzjpmmtpmzdpm/zp/adp/mzp/zjp/
mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm
zgzm/2azagazm2azzmazmwazzgaz/2bmagbmm2bmzmbmmwbmzgbm/2b/agb/m2b/zmb/mwb/zgb/
/5kaajkam5kazpkamzkazjka/5kzajkzm5kzzpkzmzkzzjkz/5lmajlmm5lmzplmmzlmzjlm/5mz
ajmzm5mzzpmzmzmzzjmz/5nmajnmm5nmzpnmmznmzjnm/5n/ajn/m5n/zpn/mzn/zjn//8waamwa
m8wazswamcwazmwa/8wzamwzm8wzzswzmcwzzmwz/8xmamxmm8xmzsxmmcxmzmxm/8yzamyzm8yz
zsyzmcyzzmyz/8zmamzmm8zmzszmmczmzmzm/8z/amz/m8z/zsz/mcz/zmz///8aap8am/8azv8a
mf8azp8a//8zap8zm/8zzv8zmf8zzp8z//9map9mm/9mzv9mmf9mzp9m//+zap+zm/+zzv+zmf+z
zp+z///map/mm//mzv/mmf/mzp/m////ap//m///zv//mf//zp///yh5baeaabaalaaaaadiadwa
aaj/afol+kewomgdcbmqxmiwocohep+l8hoxoswlgbp6etiwibwchwmgbimwy8aie00qpparzct/
lvn+8+pn5cmbcudw1alrj0evogeg7unwj0minckoxqqswiqntpkethnqkmmrpeuevcovydaincc6
9dml59szwg1+zeiuy9unt9cu/ao0o1wldbuyrxp3js2lclnchtpybte8dqka3djwk0+uemmaxsgy
sdqdcaw+lqny40lliqe7fu1ys2dcqemrts06rsvrrvptblurcwzxcsw+jqr3okufoixyhm7wbsio
k4letntu6na/wculni3zjdfjjh8qhunyn3odwr2m/6w9pqxa2merkyfvt/xojbthroylfuplrgkd
zj/7m3pe7t5z5br6kk3ekvnltztugutrw+b4c3l04hrpvzjuuzclbygff144nwoczvwdf2zt1l2i
zeg0xkimhziyz0xdrhb6/0w13wkazudbeettggghezniy0qnyfhzz9/5rwnii+vine05/ktyjauw
9wbwbsu02k9ranufrgbwbvwrtar3gyodkvvmbwx xwjkorulyxnxuikunmaqzivr4iy2ig2pyoqdr
js8jmcjdnyh1y3rcffqunsubxwvmg01rmnxjnpw cmquuzxaay/imkhdxivjuecibffasykrfzwof
9f9ox0oxrvbwo7rs2ezmmn44agpahsksssqz6kj cdhzq161isuscllbnstmuquxhx0gl1telocdw
dyhzh0fx65iu+rcoq03lfsiq6gjl0xg+9htksnhukt8u+jjl7uwkqubgrll6gmnpltv0yqnc8dmn
so72naqg4mo3kl4ylywqwfw1jxi+hkpamyemmvjsl8zfczvt9en0lqhbmeqvv2m+6sxb1ezl7bue
xzutts16ezg+hfvlmxvkktiruokrx1ncmsxks0hqpeyvvz4mwpredq+kb1lwknsz1vorhbrgalpm
us1teextyx7te1vctw3vb7aksis0wuoprnvxfjn/k7wzfelz6nbtftyrxd7urwdg0/kxnvpt5wvl
igkf+m/cbsbl3uchk4xiqwcxidvvm/5kx6qih9f1v2jpbje1j+mwdmiqh6w2pflfn9t+40qr4ydi
dfhx1/3yw+lxjzuiwviuc6mqsriv1lw4kvn9tv2euwxpbpwvoi3fb0uclkjdnsgyeu9nh9au6akt
lro1eyz/8l4v6fo/+fr7d2t4eumtdzwbgnco1taxtytrenovgczlkwxdbw1tmh3xgbi/5tgpjhae
nomc5kmlqalum/vburcvn4ujl1z1upx1zhs0mprliyelwxgi5b1yvsypsysa/tkwttm8bv8okjko
/yjitcwibso6grbowuwemearop2ikbnymscgtdcgizridkukmgck73zxmrbfuoyh+vglbaqy4egs
hs2/qou0domdfv/fsayajuvcnfguldyeelfjec1ewdb0espzgdbegloqqmpflidckyoec43bymey
3evovfu6oxl+vjmnnw5btzrkhztmrsdu60vv+xmlcvot3bvykkzr2kxkuhtqmi9emonhjipwqwvj
5hqeyrfciti/gtwnxa+lmhkk9k1gyerwpbqzacokugpgsglgwv2genywkk1zaohjifo4ojbzacrw
0jun6etioabq6jcq0hqluwo52fgqgpvsttnixv/cytcrc1id5+aehkoyekwjb01vf5s0y6p8kfvp
0eydqfsxnappns6kolhe5ze/ak1en2pi6miixjgjevedaov8nhse5yuiew1hhtrv0jihcjnuc8ga
ebdpwkiosqfnowhsegtlj50ppjfpeneka83+gfcnqnihyctzr/wtdz9+aeniskuvyk2llxhcc+yy
z6l6wsk1mhmnjiomg84rckzhdnczw/i0vijojlpulcekohjggodiz7maziz2s6ei0skucyflsisd
8vgxm5c9fqvfzuzpqbat3cee6orjs5e2xkcclft vzluwpxsusvebpc+kuydgguswudtbi0scntj/
ssispemqcwfloctcvlh005f8akfekk7xo0o5yg7 yecxnmnbtysodye6dtemrr1l3fgjd3fjpaakn
j3p9rm78sfclwtc2rn3j1tsmr7r57odndyphpyf df2n1m0ktpiz/kxvjobsfcjelywlbqopwcljj
mpklmnirw86yc/sdadopmk0avaxyb+oifduwh+czziqnwm24xlydbzwvf1gblqsogmb0jhve1cpd
cgtsfgoduyqbyalhployacytpoxx71s466z9gve vnf1vrd4mlpen85pj0ygyblteglvjhbb1veyl
nqxr3cd8tsyzaw56vqdazsfdy69mhule7rgx/8tyu+fw98cmr8m2ruoh5gxdijy/gmh6kvepugtv
l/hslj46vtkiipjnaqckxewhn28sx5czvwbc4nmrhnqchf0x+h96qpokicrozhokpxm+iyvxgquk
y+1upoyxmmcqn5eznniu6cihz9kvo+7yjtkpn5ujhtwr3wc8vbsvplrupyux2ysitwbmjvuw6awg
maemc6vynghpw6ytuq6lrwftobm+cy/x/a6sjixuvlf73azo9v/t+kytkwhnslyljnwkqmmzsykv
exnp0ilylgzbswxayqbmgduw6xfvnc6istj92zm rvtrxtlejvt1mm4f4ckbczmeznjgda1xlof+h
mer3xs9id1k6vfocyq9x6v8k3i8el3nghkjtacn abjwh2zyr0nnd3wtxzpunytnw4oq1upuuwvm9
l+y6zysvao8xwyzomuq9ffnpggm4frpt9mppfdhme3uvez1niv2tehj1ntbvrhngr2ewiihlw85f
jdsmln4zkdzgy84qet/c7yehvf6cfqq0oxo6bud2crkfw3bf2ct0tvxxrhnowo+i7avcn5iwh82k
h15tp49gsr4ynzkjnnigtt2qz/uptv9f7r/n+nwepzeer6y17iuaftm+wwr9zvjvrj63f7z6vw9c
9i2hfs6ljxjso3rucgu4um4i+eg/vzf3o74cycwtl+yl//wak3nl0k/9semdjiyhxpetzpoaaaa7
== (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrtar.com&p=
r0lgodlhyaa8apcaaaaaaiaaaacaaicaaaaagia agacagicagmdawp8aaad/ap//aaaa//8a/wd/
/////waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamwaazga amqaazaaa/wazaaazmwazzgazmqazzaaz/wbm
aabmmwbmzgbmmqbmzabm/wczaaczmwczzgczmqczzacz/wdmaadmmwdmzgdmmqdmzadm/wd/aad/
mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmzadmzmzmzzjmzmtmzzdmz/znmadnmmznm
zjnmmtnmzdnm/zozadozmzozzjozmtozzdoz/zpmadpmmzpmzjpmmtpmzdpm/zp/adp/mzp/zjp/
mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm
zgzm/2azagazm2azzmazmwazzgaz/2bmagbmm2bmzmbmmwbmzgbm/2b/agb/m2b/zmb/mwb/zgb/
/5kaajkam5kazpkamzkazjka/5kzajkzm5kzzpkzmzkzzjkz/5lmajlmm5lmzplmmzlmzjlm/5mz
ajmzm5mzzpmzmzmzzjmz/5nmajnmm5nmzpnmmznmzjnm/5n/ajn/m5n/zpn/mzn/zjn//8waamwa
m8wazswamcwazmwa/8wzamwzm8wzzswzmcwzzmwz/8xmamxmm8xmzsxmmcxmzmxm/8yzamyzm8yz
zsyzmcyzzmyz/8zmamzmm8zmzszmmczmzmzm/8z/amz/m8z/zsz/mcz/zmz///8aap8am/8azv8a
mf8azp8a//8zap8zm/8zzv8zmf8zzp8z//9map9mm/9mzv9mmf9mzp9m//+zap+zm/+zzv+zmf+z
zp+z///map/mm//mzv/mmf/mzp/m////ap//m///zv//mf//zp///yh5baeaabaalaaaaadiadwa
aaj/ap8jheiwoegdqvidxdhqicohecnkneixoswl//yk0ugho0bqb/2apegtocobi/+lponxysqu
lvvsfamr5koybtn60dkxjsqfoygafmjs50yjsd8 i5bixac+kbkhiljrxquyejmgmmgo1is6jvg9e
luj160+c1hy63rnuo9mubvvse1vsydgueikufbvr6ua1svnipfl2bfy5cwmlbfo0rodfz2mg1xjs
sdk0bnue3ju2os3orytuljv25na7jxsunxl4pf+mmfmmjsrws8cdzufq/mkstwcrfz2ezby1p+yx
xakfva54nkhf/xzurlvyoflobvljvw28jv/rs3ot/zq4oipzxgq1ekyou6rruyup+/6+lfpakzkj
e3u+3ujh7l6dnthejc02ffjpncqwzsbzvlntxc3vw0lniqcawn5madlp4mefxyegtyeczr195mcf
ic2yn0yflagfwrzc+j1ri1v3mo0lwqjudhrl5zvwfqawbx4lnmbfyplxfjjvopf4e3giwhgvjqcl
vj1qqxgflptihahyjronksr+lw1l21xj1rflcyhlmzija1zyg5qv9kvhvdfmmen+nqkynxxbdsko
emwettfhctrzx3usnfigrsdm5unk6xwu1aw96yg quwpjfasyipmji1wilqqbnqlqpiqlceem4amw
vv/aapjs/cuwwhtiququu7nh66+nijzqda/ukmwqguix36eh3rldk0rplj2lpgwo2wvyqvccghtm
whieoxgjw2c7phrrr9d11lnvvkyijarwiakzrcq xjvj8k6rukn5e6tbahqxh9+rtkx0lfknwcppw
edezifp8dq1pruba9kosmugki1jtc1vm4hhuzca vq1syc/bacvkn0mkmhkwaohmlmazeztvabzoi
zzyfra7aycjkadesrisp5mllricpevldi4/swisrm6xsowr/jlfqx4qfutmjs8xvtgx5mfs8xxul
cnmjcxpxrc4iwrhf+jizh5ghphwwyqqbgng9al3/lsef0smsmgv1jzvdzxntizszyaom0wzjc+mi
sskstl6nw0oyxathzxpqurcx6+/hifytk6aykzo5ntmblpfd9erhq3mbdymbbqoo2wmgaj9x3mdx
nunozdyarefztr1dcvzjo34yhcm2xmdotlk3klz f6g79wm5tmybvyypdmowty/hmwbkyippol9pi
ie7ev+su7aqaot25xjs/kbnd9xw0/mvqwfb0prv+nyqlxsrbwktsfsbortgcgtuzuhulljhfb2y5
wn8ax68abcpkn/rbv6qmlhebz1mtk4qvwlw9p2xeseixfujyldz98awqcnjxwkboeskhikwsu9hd
//iforsiklqzykwcl0kkvl2ojxwk0v8ezdajvipsinniff6smbj97nj/ut9dgkcxawlrytgjyrjw
zeodtw1z8glgyvghl/vnjfycg86gsfo/q1ureauykhsopy3q8o15kepp1nccwdrtmskcw1niifi2
hzyluwoyu+9yaii9oqynl8zcbpwshrpuss1kixmdcnk4hgjvt04di844xmhkaeg8bzrfrya0l/b9
tf4h+uo7guyys41ew1+rjmoy9zfwiumdsnnumofzy84eusqzu13ffjyv3jwtmsv5wunqwcy8/rio
qrifd5h0waweee/vqexnunkvetiklnqrzfgeh/+wmsvtn/4enhh4hy735ugheczb1wdskalp7obf
8zokteixlxqrai5iaefs9hyzbvgofcmfj6/5sv84njs/3eisgvkp1nezcevcckqlsid4/c6aod0b
ughmt1kgdchzdgfoa0svjr7kwn+x4ozgduaemucrgsjmdg6lkjgyrj1vwlp3cexunlxljxkseuje
ubdiviwk1cyoaao1s7bpi3ply53cpmkdnb21yu5 fcd1zutnrwe8slbkxbzvlwzygtwfq0uokmxro
lqdmnixnjfes8hrvichmpxpfwbxbmrbxjccfwxp iojmzroyepz7cughp2jwazeqbadxuasfws3d/
fhvktosnkhpk1keqdahyazq59dwwm3xwootrdwd fg6eqjimayrptfzjuk5glqz5kog1diwi7vl0r
gsvpxyjjucqy2wxejlfnclmapumkbtor5brjhki zgcvkzhyp0fkgirdkxtv5wpxt5ok7uwkxkjgm
shxnzilgnhbrufxlk6smbv2e5tz3dyprm10np3t ls2m9yu5mw6hcbnruzqyjdobsg9orppv7rm0m
bwitrtkud3pavckbpyguuc7xeupbqoflqush1cu 0ekqj3iam29qoc8n4++6hdzyrhrzwr/gkv602
hrta5nebbj5yyxzvzieeszigxmsootjk7qyx/8epmu0h2txvcsllxekno+9ufoc2nyxjlwnjlq3z
4sq904kzbo1qxuksxbzuy4ukfkkbbjvfpqtqllk svjbrs/raqxzxi9iptfsn1zyima10y+skrdrg
ecygcnzta6uyrodj8jk8pmlir9zt9ryukbkjde3 6z8ca881rhevr4zs5yrqnojecjdbt8jidbzla
r5h7gd8fryee0zv6bf6xco9jaf4kmlgpipdiwnp zs+ftju++sygym7wkblfvkpkuoac0ft8ywqm6
hs9bd5qg5pwbx4kg3cokuwmpme6ppnt1k5ufo1d xedvahgvyhmlul/bfkqioyy+oznxbwxqqgf/t
0f0kupecykr8udyouxs97dsygngc37aausto36z zfggt721v2rgbjto1gv9bchbpetw2s7gy9zpl
wrynfx0businiwnkqysjp2dgovxwanw4iyid3g0 wwpieex1ti7uhczlmekh1akrobv3qvakqiftq
wzfsp9vgku7gv25yn9rxpmycsp4auvuroyxrhyz og5vaxf+tbyhtgzxly1s66dq8okxhmoffrjpj
xqjnd6y1ipgl6tr75cnbmxtsai6uhf544puvzy1 s46x0bxtjjr99kl+e+c85+khs3x7ykb0xes9w
7iwxowon6gdkgurgjy063gnffa3zz/geetpyf6zs7ego/s3pifnfpo3974ftzsgz5199fpcyekv+
+wviukd9kva/pvruv38h93w/hjjy0vwan2gaihagcssdi3vnp4abggfdn025v4hqjynpx0nikxeb
aqa7 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d6ba40a1-a502-59bd-f413-04b03a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nukaguo (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nukaguo (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrouqc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrouqc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrrrb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrrrb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkbuqc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkeg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkese (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfa (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfa (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpuc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpz (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpz0 (windows; u; windows nt 5.1; en-us) applewebkit/533.9 (khtml, like gecko) chrome/6.0.401.1 safari/533.9 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrota (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrspe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrspc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkasc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkcz (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkdw+ (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkerb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkevc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysguard (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpuc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrspe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpz (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpz0 (windows; u; windows nt 5.1; en-us) applewebkit/533.9 (khtml, like gecko) chrome/6.0.401.1 safari/533.9 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrspc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrota (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrotc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkasc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkaz (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkbta (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkcz (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkdw+ (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mketa (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mketc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkevc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfpe (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AV8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\iexplorer.exe (Malware.Packer.Gen) -> Delete on reboot.
C:\Documents and Settings\John\Local Settings\Temp\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mpnje1tau.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\login.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\sysedit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\user.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\2438210202.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\3225553952.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\552127346.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\debug.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\drweb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Application Data\Powiy\azod.exe (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\ppwkvch.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\thdttbs.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\eueidifw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\fj2mw.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\phnrkpp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\anhw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpyWareSetup.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AV8\av8.exe (Rogue.Antivirus8) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Desktop\Antivirus8.LNK (Rogue.Antivirus8) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Desktop\Antivirus8.LNK (Rogue.Antivirus8) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\APUD.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\iexplarer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\iExplorer.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\pdfupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplarer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\win.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

villar1598 · « **Reply #4 on:** November 02, 2010, 12:28:55 PM »

Is this really a virus?
Because i see it everyday in my running processes
Please let me know.

SuperDave · « **Reply #5 on:** November 04, 2010, 01:07:26 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

****************************************
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

*************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [Lbihoko] rundll32.exe "C:\WINDOWS\idokifurizevulad.dll",Startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Bmupurega] rundll32.exe "C:\WINDOWS\dcxsnut.dll",Startup (User 'SYSTEM')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
***************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

cfnyy51 · « **Reply #6 on:** November 04, 2010, 09:28:14 PM »

SuperDave, thank you for taking the time to respond and provide help. I did not complete the entire process you outlined. Here is why:

1: One thing I've noticed about the help provided here: you better do exactly what the specialist tell you to do. When I removed Windows Messenger, it prompted me to do a reboot. I elected not to reboot because it did not mention to do so in your directions. I know, its picky, but your directions stated to delete the two files on the desktop. (I hope I do not sound rude in that previous sentence, I just dont want to mess up the steps).

2: This isnt what caused me to stop the process, but none of the items you suggested I remove via HJT this were present in the scan. Again, not why I stopped, just letting you know.

3: When I went to start>run and entered the command you provided, I get the following prompt:
"Windows cannot find 'C:\Documents and Settings\(user profile)\desktop\commy.exe'. Make sure you typed the name correctly...

(Yes, commy.exe is on the desktop)

SuperDave · « **Reply #7 on:** November 05, 2010, 12:16:33 PM »

Ok. Let's try this:

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.

cfnyy51 · « **Reply #8 on:** November 05, 2010, 01:27:21 PM »

SuperDave,

Same result as before.

I suppose I should mention this: In between my original post and your response, Antivir stumbled across another virus, Boot/Alureon. I am not sure if that is effecting ComboFix.

Thank you

SuperDave · « **Reply #9 on:** November 05, 2010, 07:14:40 PM »

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
*********************************************************
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

cfnyy51 · « **Reply #10 on:** November 06, 2010, 10:24:03 AM »

OTL logfile created on: 11/6/2010 12:09:46 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Mario Graziano\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 274.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.03 Gb Total Space | 42.63 Gb Free Space | 60.01% Space Free | Partition Type: NTFS

Computer Name: D96S1Y61 | User Name: Mario Graziano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/06 12:07:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mario Graziano\Desktop\OTL.exe
PRC - [2010/11/05 16:21:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/05 16:20:59 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/05 16:20:59 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/07/07 13:52:58 | 003,065,160 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft\Online Armor\oahlp.exe
PRC - [2010/07/07 13:52:54 | 006,854,984 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft\Online Armor\oaui.exe
PRC - [2010/07/07 13:52:54 | 003,364,680 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft\Online Armor\oasrv.exe
PRC - [2010/07/07 13:52:54 | 001,283,400 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft\Online Armor\oacat.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/08/13 18:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/12 17:23:31 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1125946752\ee\aolsoftware.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 16:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/10/14 22:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/11/06 12:07:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mario Graziano\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/07 13:52:56 | 000,947,016 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft\Online Armor\oawatch.dll
MOD - [2008/04/14 08:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/14 08:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 08:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 08:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\Ipripv32.dll -- (Iprip)
SRV - [2010/11/05 16:21:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/05 16:20:59 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/07 13:52:54 | 003,364,680 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/07/07 13:52:54 | 001,283,400 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft\Online Armor\OAcat.exe -- (OAcat)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/07/01 16:45:46 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\John\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/05 16:21:00 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/05 16:21:00 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/07 13:25:58 | 000,022,600 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/07/07 13:25:42 | 000,028,232 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/07/07 13:25:38 | 000,236,104 | ---- | M] (Emsisoft) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/08/12 08:56:42 | 000,008,448 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51)
DRV - [2005/03/07 12:32:14 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/10 04:45:34 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 17:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/02/09 12:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003/03/06 14:48:08 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,StartPage = http://www.optonline.net
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {47F579EB-CAAC-486B-9D93-C24124D8D725}:1.9.1
FF - prefs.js..extensions.enabledItems: {8624C5D8-18B9-4F97-B3CE-68BF1D4DA700}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\extensions\\{47F579EB-CAAC-486B-9D93-C24124D8D725}: C:\Documents and Settings\John\Local Settings\Application Data\{47F579EB-CAAC-486B-9D93-C24124D8D725}\ [2010/10/29 02:19:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{8624C5D8-18B9-4F97-B3CE-68BF1D4DA700}: C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\{8624C5D8-18B9-4F97-B3CE-68BF1D4DA700} [2010/11/01 18:17:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 16:42:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 16:42:11 | 000,000,000 | ---D | M]

[2009/08/14 17:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Extensions
[2010/11/04 23:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\extensions
[2010/10/24 12:25:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/04 23:02:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/01 18:59:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/27 21:15:18 | 000,423,461 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 127.0.0.1   123fporn.info
O1 - Hosts: 14620 more lines...
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Emsisoft\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125946752\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.20/uploader2.cab (UploadListView Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/43.10/uploader2.cab (UploadListView Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288724950125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154980515546 (MUWebControl Class)
O16 - DPF: {6EC00533-A02A-4C97-A93C-66BDB184EBD7} http://nwmiddle.udayton.edu/nls/English/ZfdInstallMgr.cab (ZfdWebInstaller Class)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab (Ofoto Upload Manager Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://www.optonline.net//images/Common/header/hdrIdTexArea_back.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Emsisoft\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\Ipripv32.dll File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "MpfService"
MsConfig - Services: "McShield"
MsConfig - Services: "aolavupd"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit, Inc.)
MsConfig - StartUpReg: AOLDialer - hkey= - key= - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
MsConfig - StartUpReg: AV8 - hkey= - key= - C:\Program Files\AV8\av8.exe File not found
MsConfig - StartUpReg: Dell Photo AIO Printer 942 - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
MsConfig - StartUpReg: DellMCM - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: HNUjOXRouqc - hkey= - key= - C:\DOCUME~1\John\LOCALS~1\Temp\iexplarer.exe File not found
MsConfig - StartUpReg: HNUKROXRota - hkey= - key= - C:\DOCUME~1\MARIOG~1\LOCALS~1\Temp\install.exe File not found
MsConfig - StartUpReg: HNUKROXRspe - hkey= - key= - C:\DOCUME~1\MARIOG~1\LOCALS~1\Temp\winamp.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MKasc - hkey= - key= - C:\WINDOWS\drweb.exe File not found
MsConfig - StartUpReg: MKbta - hkey= - key= - C:\WINDOWS\install.exe File not found
MsConfig - StartUpReg: MKfa - hkey= - key= - C:\WINDOWS\win.exe File not found
MsConfig - StartUpReg: MPFExe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: Pure Networks Port Magic - hkey= - key= - C:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/06 12:07:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mario Graziano\Desktop\OTL.exe
[2010/11/04 23:09:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/04 22:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2010/11/03 15:45:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mario Graziano\PrivacIE
[2010/11/03 15:39:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mario Graziano\IETldCache
[2010/11/03 15:35:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/03 15:30:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/01 23:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/11/01 19:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Application Data\OnlineArmor
[2010/11/01 19:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/11/01 19:56:36 | 000,022,600 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2010/11/01 19:56:35 | 000,236,104 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2010/11/01 19:56:35 | 000,028,232 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2010/11/01 19:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft
[2010/11/01 18:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/01 18:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\{8624C5D8-18B9-4F97-B3CE-68BF1D4DA700}
[2010/11/01 18:11:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/01 18:07:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/11/01 18:07:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/11/01 18:07:32 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/11/01 18:05:32 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/10/29 02:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/26 23:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/26 15:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\My Documents\Downloads
[2010/10/24 21:08:35 | 008,567,024 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.11.exe
[2010/10/24 15:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\Sunbelt Software
[2010/10/24 12:28:57 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Mario Graziano\Desktop\Ad-AwareInstall.exe
[2010/10/23 11:59:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mario Graziano\Recent
[2010/10/21 00:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/10/21 00:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/20 22:09:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/20 22:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Application Data\Avira
[2010/10/20 21:57:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/20 21:57:35 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/20 21:57:35 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/20 21:57:35 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/20 21:57:35 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/20 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/20 21:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/20 20:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Application Data\SUPERAntiSpyware.com
[2010/10/20 20:04:09 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Mario Graziano\Desktop\SUPERAntiSpyware.exe
[2010/10/20 17:14:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/20 17:14:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/20 17:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/20 17:14:17 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mario Graziano\Desktop\mbam-setup-1.46.exe
[2010/10/20 16:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\Threat Expert
[2010/10/20 16:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/20 16:43:58 | 036,317,280 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Mario Graziano\Desktop\spyware-doctor.exe
[2010/10/17 21:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/10/17 21:40:15 | 001,064,736 | ---- | C] (Microsoft Corporation) -- C:\Program Files\VB6.0-KB290887-X86.exe
[2010/10/17 21:22:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/10/17 21:14:14 | 133,582,520 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
[2010/10/08 11:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/10/07 23:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/07 23:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/09 09:15:51 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup233.exe
[2009/02/18 20:58:22 | 035,348,744 | ---- | C] (COMODO) -- C:\Program Files\CIS_Setup_3.8.64739.471_XP_Vista_x32.exe
[2009/02/17 13:28:20 | 013,229,544 | ---- | C] (Tall Emu Pty Ltd ) -- C:\Program Files\OA190Free.exe
[2009/02/17 10:37:09 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2006/07/27 17:25:41 | 005,037,072 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd14.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/06 12:07:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mario Graziano\Desktop\OTL.exe
[2010/11/06 03:04:20 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{84D725D7-12E5-4E91-B233-8CA030B23F3C}.job
[2010/11/06 02:01:08 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/05 16:21:00 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/05 16:21:00 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/05 15:16:09 | 003,903,424 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Desktop\blackpudding.dat
[2010/11/03 16:24:44 | 000,438,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/03 16:24:44 | 000,071,012 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/03 16:21:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 16:20:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 16:16:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/03 15:39:30 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/03 15:32:51 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/11/02 16:33:22 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/02 05:41:38 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dzuyuzageyabegu.dat
[2010/11/02 05:41:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ktoxa.bin
[2010/11/01 20:46:48 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Desktop\Shortcut to sniper.exe.lnk
[2010/11/01 19:00:56 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Desktop\JavaRa.zip
[2010/11/01 18:15:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/11/01 18:09:22 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/01 18:04:00 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/01 18:03:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/01 18:03:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/01 18:03:44 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/01 18:00:33 | 000,023,428 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/01 18:00:02 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/11/01 17:59:02 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/30 18:42:38 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/30 18:37:05 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/10/27 21:15:18 | 000,423,461 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/27 20:58:14 | 000,656,896 | ---- | M] () -- C:\Program Files\MicrosoftFixit50525.msi
[2010/10/26 23:29:33 | 000,648,704 | ---- | M] () -- C:\Program Files\MicrosoftFixit50267.msi
[2010/10/26 23:23:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/24 21:11:55 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/24 15:57:44 | 000,000,560 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/10/24 12:32:21 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Mario Graziano\Desktop\Ad-AwareInstall.exe
[2010/10/24 09:19:10 | 000,423,829 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old
[2010/10/23 21:29:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/23 15:44:56 | 000,423,829 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101024-091910.backup
[2010/10/23 15:23:27 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Desktop\Spybot - Search & Destroy.lnk
[2010/10/20 21:59:39 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/20 21:53:54 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Desktop\avira_antivir_personal_en.exe
[2010/10/20 20:06:51 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/20 20:04:44 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Mario Graziano\Desktop\SUPERAntiSpyware.exe
[2010/10/20 17:14:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 17:14:19 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mario Graziano\Desktop\mbam-setup-1.46.exe
[2010/10/20 16:44:48 | 036,317,280 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Mario Graziano\Desktop\spyware-doctor.exe
[2010/10/17 21:15:38 | 133,582,520 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
[2010/10/17 21:12:21 | 044,089,904 | ---- | M] () -- C:\Program Files\avira_antivir_personal_en.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/05 15:16:01 | 003,903,424 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Desktop\blackpudding.dat
[2010/11/03 15:39:30 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/03 15:32:51 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/11/01 20:46:48 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Desktop\Shortcut to sniper.exe.lnk
[2010/11/01 19:00:46 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Desktop\JavaRa.zip
[2010/11/01 18:15:11 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/11/01 18:07:20 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/11/01 18:06:40 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/11/01 18:06:28 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/11/01 18:06:27 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/11/01 18:06:25 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/11/01 18:06:14 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/11/01 18:06:08 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/11/01 18:06:03 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/11/01 18:05:36 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/10/30 18:42:38 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/30 18:33:47 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/10/30 18:33:13 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/10/30 18:33:13 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/10/30 18:33:13 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/10/30 18:33:13 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/10/30 18:33:12 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/10/30 18:33:12 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/10/30 18:33:12 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/10/30 18:33:12 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/10/30 18:33:12 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/10/30 18:33:12 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/10/30 18:33:12 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/10/30 18:33:12 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/10/30 18:33:12 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/10/30 18:33:12 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/10/30 18:33:12 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/10/30 18:33:12 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/10/30 18:33:12 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/10/30 18:33:11 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/10/30 18:33:11 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/10/29 02:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ktoxa.bin
[2010/10/29 02:19:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dzuyuzageyabegu.dat
[2010/10/27 20:57:40 | 000,656,896 | ---- | C] () -- C:\Program Files\MicrosoftFixit50525.msi
[2010/10/26 23:29:30 | 000,648,704 | ---- | C] () -- C:\Program Files\MicrosoftFixit50267.msi
[2010/10/24 15:57:44 | 000,000,560 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010/10/23 15:23:27 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Desktop\Spybot - Search & Destroy.lnk
[2010/10/20 21:59:39 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/20 21:52:28 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Desktop\avira_antivir_personal_en.exe
[2010/10/20 20:06:51 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/20 17:14:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/17 21:10:34 | 044,089,904 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2010/07/09 16:00:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\RegDefrag.ini
[2009/02/17 13:02:23 | 000,024,338 | ---- | C] () -- C:\Program Files\viewpointkiller.zip
[2009/02/17 10:38:19 | 006,006,816 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2006/12/24 11:46:12 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/27 19:13:42 | 000,212,849 | ---- | C] () -- C:\Program Files\hijackthis.zip
[2006/07/27 17:38:51 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/07/27 17:33:41 | 011,746,992 | ---- | C] () -- C:\Program Files\antivir_workstation_win7u_en_h.exe
[2006/07/27 17:23:09 | 002,166,352 | ---- | C] () -- C:\Program Files\XoftSpy422_193.exe
[2006/06/26 19:06:56 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/06/12 20:37:40 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/31 16:27:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/03/12 23:04:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\UccSpecB.sys
[2006/01/11 22:55:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/05 01:19:58 | 000,000,000 | ---- | C] () --

cfnyy51 · « **Reply #11 on:** November 06, 2010, 10:24:32 AM »

OTL Extras logfile created on: 11/6/2010 12:09:46 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Mario Graziano\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 274.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.03 Gb Total Space | 42.63 Gb Free Space | 60.01% Space Free | Partition Type: NTFS

Computer Name: D96S1Y61 | User Name: Mario Graziano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1125946752\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125946752\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\WINDOWS\Downloaded Program Files\ccpm_0237.exe" = C:\WINDOWS\Downloaded Program Files\ccpm_0237.exe:*:Enabled:ccpm_exe Module -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1125946752\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125946752\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1125946752\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1125946752\ee\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1125946752\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1125946752\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 22
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belarc Advisor 2.0" = Belarc Advisor 6.1
"CCleaner" = CCleaner
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"EsetOnlineScanner" = ESET Online Scanner
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"InstallShield_{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSNINST" = MSN
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"OnlineArmor_is1" = Online Armor 4.0
"Optimum Online net guide" = Optimum Online net guide
"Port Magic" = Pure Networks Port Magic
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WinASO Registry Optimizer 4.5.5_is1" = WinASO Registry Optimizer 4.5.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2010 12:44:13 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/2/2010 12:44:18 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/2/2010 12:44:18 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/2/2010 12:44:18 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/2/2010 10:14:07 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: The connection with the server was terminated abnormally

Error - 11/2/2010 10:14:07 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: This network connection does not exist.

Error - 11/3/2010 2:28:04 AM | Computer Name = D96S1Y61 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80080005, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 11/3/2010 6:27:11 PM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/3/2010 6:27:11 PM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/4/2010 2:01:02 AM | Computer Name = D96S1Y61 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024001f, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 11/3/2010 3:39:40 PM | Computer Name = D96S1Y61 | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 11/3/2010 3:39:43 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 11/3/2010 3:39:43 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7023
Description = The NWCWorkstation service terminated with the following error: %%2

Error - 11/3/2010 3:40:10 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SASKUTIL

Error - 11/3/2010 4:20:45 PM | Computer Name = D96S1Y61 | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 11/3/2010 4:21:00 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 11/3/2010 4:21:00 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7023
Description = The NWCWorkstation service terminated with the following error: %%2

Error - 11/3/2010 4:21:18 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SASKUTIL

Error - 11/3/2010 4:22:28 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 11/3/2010 4:22:56 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

< End of report >

SuperDave · « **Reply #12 on:** November 06, 2010, 12:54:58 PM »

Delete An Uninstall Entry

•Start HijackThis

•Click on the Open the Misc Tools section

•Click on the Open Uninstall Manager button.

•Highlight the entry you want to remove.
My Way Search Assistant
•Click Delete this entry
Close HJT
********************************

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
:Files
C:\WINDOWS\Dzuyuzageyabegu.dat
C:\WINDOWS\Ktoxa.bin

:otl
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 127.0.0.1   123fporn.info
O1 - Hosts: 14620 more lines...
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************
Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

•Open the folder and run Dial-a-fix.exe
•2 windows will open. Close the one in the background labeled Restrictive Policies
•Check the box in section 1, Empty temp folders.

•Check the box in section 2, Fix Windows Installer.

•Check the box in section 3, Fix Windows Update.

•Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked

•Check all boxes in section 5, labeled Registration Center.

•Click Go

•OK any error messages if received, but write them down and post them here.

•Restart the computer when done.

cfnyy51 · « **Reply #13 on:** November 06, 2010, 02:42:37 PM »

SD,

When I went into the Uninstall Manager in HJT, My Way Search Assistant was not in the list.

I ran the OTL Custom Scan/Fix and I rebooted the PC after prompted to do so. I apologize for any inconvenience this may cause, but I closed the log. I thought it was going to be saved like the other two logs were. The other two were saved on the desktop.

I ran Dial-a-Fix, and the following errors were reported, most of them had the same message, but for different dlls:

"Error 127: C:\Windows\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

The same message appeared for imgutil.dll, inseng.dll, msrating.dll, pngfilt.dll, and webcheck.dll.

There were 2 more error messages, but the only difference between these and the errors mentioned above was the version number.

occache.dll 8.00.6001.18968
mshtml.dll 8.00.6001.18975

SuperDave · « **Reply #14 on:** November 06, 2010, 06:19:32 PM »

Quote

When I went into the Uninstall Manager in HJT, My Way Search Assistant was not in the list.

I just wanted to make sure it was still not there. MBAM must have removed it.

NOTE: Please run this even if you don't have your OS disk. If it asks for a disk we'll know there's something wrong with the files.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

Computer Hope Forum

News:

Author Topic: svchost.exe and windows update (Read 38155 times)

cfnyy51

svchost.exe and windows update

cfnyy51

Re: svchost.exe and windows update

cfnyy51

Re: svchost.exe and windows update

cfnyy51

Re: svchost.exe and windows update

villar1598

Re: svchost.exe and windows update

SuperDave

Re: svchost.exe and windows update

cfnyy51

Re: svchost.exe and windows update

SuperDave

Re: svchost.exe and windows update

cfnyy51

Re: svchost.exe and windows update

SuperDave

Re: svchost.exe and windows update

cfnyy51

Re: svchost.exe and windows update

cfnyy51

Re: svchost.exe and windows update

SuperDave

Re: svchost.exe and windows update

cfnyy51

Re: svchost.exe and windows update

SuperDave

Re: svchost.exe and windows update