Author Topic: svchost.exe and windows update (Read 38313 times)

cfnyy51 · « **on:** November 01, 2010, 07:19:58 PM »

Need help in getting this machine to run properly. I was able to remove a virus that masked itself as Antivuris 8, but I still think the computer is infected:

1) Svchost.exe can take up nearly 100% of the CPU for long periods of time.
2) Cannot access Windowsupdate website or update Windows Defender.

I have followed the steps outlined in the malware removal guidelines post. Any help would be greatly appreciated.

I apologize if I messed up on any of the steps of the posting process.

Edit: I had to post this on another PC. The infected PC would not allow me to submit my post (IE and Firefox)

cfnyy51 · « **Reply #1 on:** November 01, 2010, 07:20:17 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:57 PM, on 11/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1125946752\ee\AOLSoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125946752\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lbihoko] rundll32.exe "C:\WINDOWS\idokifurizevulad.dll",Startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Bmupurega] rundll32.exe "C:\WINDOWS\dcxsnut.dll",Startup (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020 (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.20/uploader2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/43.10/uploader2.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154980515546
O16 - DPF: {6EC00533-A02A-4C97-A93C-66BDB184EBD7} (ZfdWebInstaller Class) - http://nwmiddle.udayton.edu/nls/English/ZfdInstallMgr.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.optonline.net//images/Common/header/hdrIdTexArea_back.gif

--
End of file - 10709 bytes

cfnyy51 · « **Reply #2 on:** November 01, 2010, 07:21:40 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/20/2010 at 09:36 PM

Application Version : 4.44.1000

Core Rules Database Version : 5723
Trace Rules Database Version: 3535

Scan type : Complete Scan
Total Scan Time : 01:23:29

Memory items scanned : 528
Memory threats detected : 0
Registry items scanned : 7384
Registry threats detected : 3
File items scanned : 28184
File threats detected : 42

Adware.CouponBar
HKU\S-1-5-21-692574358-2411448291-2996467416-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#
{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}

Adware.Tracking Cookie
C:\Documents and Settings\Mario Graziano\Cookies\[email protected][1].txt
C:\Documents and Settings\Mario Graziano\Cookies\mario__graziano@overture[1].txt
C:\Documents and Settings\Mario Graziano\Cookies\mario__graziano@shopica[1].txt
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\NERCV583 ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\NERCV583 ]
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
kona.kontera.com [ C:\Documents and Settings\Mario Graziano\Application Data\Macromedia\Flash Player\#SharedObjects\WQ762L9H ]
.kontera.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
n-traffic.com [ C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\cookies.sqlite ]
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt

Malware.Trace
HKU\S-1-5-21-692574358-2411448291-2996467416-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\
EXPLORER#NOFOLDEROPTIONS

Trojan.Agent/Gen-MSFake
C:\WINDOWS\TEMP\TMP000001E526DCBD56667A4FB0
C:\WINDOWS\TEMP\TMP000001E88A73581933866F11

cfnyy51 · « **Reply #3 on:** November 01, 2010, 07:22:25 PM »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4895

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

10/20/2010 7:45:27 PM
mbam-log-2010-10-20 (19-45-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 273362
Time elapsed: 2 hour(s), 20 minute(s), 43 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 53
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 38

Memory Processes Infected:
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\iexplorer.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Documents and Settings\John\Local Settings\Temp\services.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\John\Local Settings\Temp\services.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d6ba40a1-a502-59bd-f413-04b03a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d6ba40a1-a502-59bd-f413-04b03a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6ba40a1-a502-59bd-f413-04b03a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrta (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrtaift.com&p=
r0lgodlhyaa8apcaaaaaaiaaaacaaicaaaaagia agacagicagmdawp8aaad/ap//aaaa//8a/wd/
/////waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamwaazga amqaazaaa/wazaaazmwazzgazmqazzaaz/wbm
aabmmwbmzgbmmqbmzabm/wczaaczmwczzgczmqczzacz/wdmaadmmwdmzgdmmqdmzadm/wd/aad/
mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmzadmzmzmzzjmzmtmzzdmz/znmadnmmznm
zjnmmtnmzdnm/zozadozmzozzjozmtozzdoz/zpmadpmmzpmzjpmmtpmzdpm/zp/adp/mzp/zjp/
mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm
zgzm/2azagazm2azzmazmwazzgaz/2bmagbmm2bmzmbmmwbmzgbm/2b/agb/m2b/zmb/mwb/zgb/
/5kaajkam5kazpkamzkazjka/5kzajkzm5kzzpkzmzkzzjkz/5lmajlmm5lmzplmmzlmzjlm/5mz
ajmzm5mzzpmzmzmzzjmz/5nmajnmm5nmzpnmmznmzjnm/5n/ajn/m5n/zpn/mzn/zjn//8waamwa
m8wazswamcwazmwa/8wzamwzm8wzzswzmcwzzmwz/8xmamxmm8xmzsxmmcxmzmxm/8yzamyzm8yz
zsyzmcyzzmyz/8zmamzmm8zmzszmmczmzmzm/8z/amz/m8z/zsz/mcz/zmz///8aap8am/8azv8a
mf8azp8a//8zap8zm/8zzv8zmf8zzp8z//9map9mm/9mzv9mmf9mzp9m//+zap+zm/+zzv+zmf+z
zp+z///map/mm//mzv/mmf/mzp/m////ap//m///zv//mf//zp///yh5baeaabaalaaaaadiadwa
aaj/afol+kewomgdcbmqxmiwocohep+l8hoxoswlgbp6etiwibwchwmgbimwy8aie00qpparzct/
lvn+8+pn5cmbcudw1alrj0evogeg7unwj0minckoxqqswiqntpkethnqkmmrpeuevcovydaincc6
9dml59szwg1+zeiuy9unt9cu/ao0o1wldbuyrxp3js2lclnchtpybte8dqka3djwk0+uemmaxsgy
sdqdcaw+lqny40lliqe7fu1ys2dcqemrts06rsvrrvptblurcwzxcsw+jqr3okufoixyhm7wbsio
k4letntu6na/wculni3zjdfjjh8qhunyn3odwr2m/6w9pqxa2merkyfvt/xojbthroylfuplrgkd
zj/7m3pe7t5z5br6kk3ekvnltztugutrw+b4c3l04hrpvzjuuzclbygff144nwoczvwdf2zt1l2i
zeg0xkimhziyz0xdrhb6/0w13wkazudbeettggghezniy0qnyfhzz9/5rwnii+vine05/ktyjauw
9wbwbsu02k9ranufrgbwbvwrtar3gyodkvvmbwx xwjkorulyxnxuikunmaqzivr4iy2ig2pyoqdr
js8jmcjdnyh1y3rcffqunsubxwvmg01rmnxjnpw cmquuzxaay/imkhdxivjuecibffasykrfzwof
9f9ox0oxrvbwo7rs2ezmmn44agpahsksssqz6kj cdhzq161isuscllbnstmuquxhx0gl1telocdw
dyhzh0fx65iu+rcoq03lfsiq6gjl0xg+9htksnhukt8u+jjl7uwkqubgrll6gmnpltv0yqnc8dmn
so72naqg4mo3kl4ylywqwfw1jxi+hkpamyemmvjsl8zfczvt9en0lqhbmeqvv2m+6sxb1ezl7bue
xzutts16ezg+hfvlmxvkktiruokrx1ncmsxks0hqpeyvvz4mwpredq+kb1lwknsz1vorhbrgalpm
us1teextyx7te1vctw3vb7aksis0wuoprnvxfjn/k7wzfelz6nbtftyrxd7urwdg0/kxnvpt5wvl
igkf+m/cbsbl3uchk4xiqwcxidvvm/5kx6qih9f1v2jpbje1j+mwdmiqh6w2pflfn9t+40qr4ydi
dfhx1/3yw+lxjzuiwviuc6mqsriv1lw4kvn9tv2euwxpbpwvoi3fb0uclkjdnsgyeu9nh9au6akt
lro1eyz/8l4v6fo/+fr7d2t4eumtdzwbgnco1taxtytrenovgczlkwxdbw1tmh3xgbi/5tgpjhae
nomc5kmlqalum/vburcvn4ujl1z1upx1zhs0mprliyelwxgi5b1yvsypsysa/tkwttm8bv8okjko
/yjitcwibso6grbowuwemearop2ikbnymscgtdcgizridkukmgck73zxmrbfuoyh+vglbaqy4egs
hs2/qou0domdfv/fsayajuvcnfguldyeelfjec1ewdb0espzgdbegloqqmpflidckyoec43bymey
3evovfu6oxl+vjmnnw5btzrkhztmrsdu60vv+xmlcvot3bvykkzr2kxkuhtqmi9emonhjipwqwvj
5hqeyrfciti/gtwnxa+lmhkk9k1gyerwpbqzacokugpgsglgwv2genywkk1zaohjifo4ojbzacrw
0jun6etioabq6jcq0hqluwo52fgqgpvsttnixv/cytcrc1id5+aehkoyekwjb01vf5s0y6p8kfvp
0eydqfsxnappns6kolhe5ze/ak1en2pi6miixjgjevedaov8nhse5yuiew1hhtrv0jihcjnuc8ga
ebdpwkiosqfnowhsegtlj50ppjfpeneka83+gfcnqnihyctzr/wtdz9+aeniskuvyk2llxhcc+yy
z6l6wsk1mhmnjiomg84rckzhdnczw/i0vijojlpulcekohjggodiz7maziz2s6ei0skucyflsisd
8vgxm5c9fqvfzuzpqbat3cee6orjs5e2xkcclft vzluwpxsusvebpc+kuydgguswudtbi0scntj/
ssispemqcwfloctcvlh005f8akfekk7xo0o5yg7 yecxnmnbtysodye6dtemrr1l3fgjd3fjpaakn
j3p9rm78sfclwtc2rn3j1tsmr7r57odndyphpyf df2n1m0ktpiz/kxvjobsfcjelywlbqopwcljj
mpklmnirw86yc/sdadopmk0avaxyb+oifduwh+czziqnwm24xlydbzwvf1gblqsogmb0jhve1cpd
cgtsfgoduyqbyalhployacytpoxx71s466z9gve vnf1vrd4mlpen85pj0ygyblteglvjhbb1veyl
nqxr3cd8tsyzaw56vqdazsfdy69mhule7rgx/8tyu+fw98cmr8m2ruoh5gxdijy/gmh6kvepugtv
l/hslj46vtkiipjnaqckxewhn28sx5czvwbc4nmrhnqchf0x+h96qpokicrozhokpxm+iyvxgquk
y+1upoyxmmcqn5eznniu6cihz9kvo+7yjtkpn5ujhtwr3wc8vbsvplrupyux2ysitwbmjvuw6awg
maemc6vynghpw6ytuq6lrwftobm+cy/x/a6sjixuvlf73azo9v/t+kytkwhnslyljnwkqmmzsykv
exnp0ilylgzbswxayqbmgduw6xfvnc6istj92zm rvtrxtlejvt1mm4f4ckbczmeznjgda1xlof+h
mer3xs9id1k6vfocyq9x6v8k3i8el3nghkjtacn abjwh2zyr0nnd3wtxzpunytnw4oq1upuuwvm9
l+y6zysvao8xwyzomuq9ffnpggm4frpt9mppfdhme3uvez1niv2tehj1ntbvrhngr2ewiihlw85f
jdsmln4zkdzgy84qet/c7yehvf6cfqq0oxo6bud2crkfw3bf2ct0tvxxrhnowo+i7avcn5iwh82k
h15tp49gsr4ynzkjnnigtt2qz/uptv9f7r/n+nwepzeer6y17iuaftm+wwr9zvjvrj63f7z6vw9c
9i2hfs6ljxjso3rucgu4um4i+eg/vzf3o74cycwtl+yl//wak3nl0k/9semdjiyhxpetzpoaaaa7
== (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrtar.com&p=
r0lgodlhyaa8apcaaaaaaiaaaacaaicaaaaagia agacagicagmdawp8aaad/ap//aaaa//8a/wd/
/////waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamwaazga amqaazaaa/wazaaazmwazzgazmqazzaaz/wbm
aabmmwbmzgbmmqbmzabm/wczaaczmwczzgczmqczzacz/wdmaadmmwdmzgdmmqdmzadm/wd/aad/
mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmzadmzmzmzzjmzmtmzzdmz/znmadnmmznm
zjnmmtnmzdnm/zozadozmzozzjozmtozzdoz/zpmadpmmzpmzjpmmtpmzdpm/zp/adp/mzp/zjp/
mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm
zgzm/2azagazm2azzmazmwazzgaz/2bmagbmm2bmzmbmmwbmzgbm/2b/agb/m2b/zmb/mwb/zgb/
/5kaajkam5kazpkamzkazjka/5kzajkzm5kzzpkzmzkzzjkz/5lmajlmm5lmzplmmzlmzjlm/5mz
ajmzm5mzzpmzmzmzzjmz/5nmajnmm5nmzpnmmznmzjnm/5n/ajn/m5n/zpn/mzn/zjn//8waamwa
m8wazswamcwazmwa/8wzamwzm8wzzswzmcwzzmwz/8xmamxmm8xmzsxmmcxmzmxm/8yzamyzm8yz
zsyzmcyzzmyz/8zmamzmm8zmzszmmczmzmzm/8z/amz/m8z/zsz/mcz/zmz///8aap8am/8azv8a
mf8azp8a//8zap8zm/8zzv8zmf8zzp8z//9map9mm/9mzv9mmf9mzp9m//+zap+zm/+zzv+zmf+z
zp+z///map/mm//mzv/mmf/mzp/m////ap//m///zv//mf//zp///yh5baeaabaalaaaaadiadwa
aaj/ap8jheiwoegdqvidxdhqicohecnkneixoswl//yk0ugho0bqb/2apegtocobi/+lponxysqu
lvvsfamr5koybtn60dkxjsqfoygafmjs50yjsd8 i5bixac+kbkhiljrxquyejmgmmgo1is6jvg9e
luj160+c1hy63rnuo9mubvvse1vsydgueikufbvr6ua1svnipfl2bfy5cwmlbfo0rodfz2mg1xjs
sdk0bnue3ju2os3orytuljv25na7jxsunxl4pf+mmfmmjsrws8cdzufq/mkstwcrfz2ezby1p+yx
xakfva54nkhf/xzurlvyoflobvljvw28jv/rs3ot/zq4oipzxgq1ekyou6rruyup+/6+lfpakzkj
e3u+3ujh7l6dnthejc02ffjpncqwzsbzvlntxc3vw0lniqcawn5madlp4mefxyegtyeczr195mcf
ic2yn0yflagfwrzc+j1ri1v3mo0lwqjudhrl5zvwfqawbx4lnmbfyplxfjjvopf4e3giwhgvjqcl
vj1qqxgflptihahyjronksr+lw1l21xj1rflcyhlmzija1zyg5qv9kvhvdfmmen+nqkynxxbdsko
emwettfhctrzx3usnfigrsdm5unk6xwu1aw96yg quwpjfasyipmji1wilqqbnqlqpiqlceem4amw
vv/aapjs/cuwwhtiququu7nh66+nijzqda/ukmwqguix36eh3rldk0rplj2lpgwo2wvyqvccghtm
whieoxgjw2c7phrrr9d11lnvvkyijarwiakzrcq xjvj8k6rukn5e6tbahqxh9+rtkx0lfknwcppw
edezifp8dq1pruba9kosmugki1jtc1vm4hhuzca vq1syc/bacvkn0mkmhkwaohmlmazeztvabzoi
zzyfra7aycjkadesrisp5mllricpevldi4/swisrm6xsowr/jlfqx4qfutmjs8xvtgx5mfs8xxul
cnmjcxpxrc4iwrhf+jizh5ghphwwyqqbgng9al3/lsef0smsmgv1jzvdzxntizszyaom0wzjc+mi
sskstl6nw0oyxathzxpqurcx6+/hifytk6aykzo5ntmblpfd9erhq3mbdymbbqoo2wmgaj9x3mdx
nunozdyarefztr1dcvzjo34yhcm2xmdotlk3klz f6g79wm5tmybvyypdmowty/hmwbkyippol9pi
ie7ev+su7aqaot25xjs/kbnd9xw0/mvqwfb0prv+nyqlxsrbwktsfsbortgcgtuzuhulljhfb2y5
wn8ax68abcpkn/rbv6qmlhebz1mtk4qvwlw9p2xeseixfujyldz98awqcnjxwkboeskhikwsu9hd
//iforsiklqzykwcl0kkvl2ojxwk0v8ezdajvipsinniff6smbj97nj/ut9dgkcxawlrytgjyrjw
zeodtw1z8glgyvghl/vnjfycg86gsfo/q1ureauykhsopy3q8o15kepp1nccwdrtmskcw1niifi2
hzyluwoyu+9yaii9oqynl8zcbpwshrpuss1kixmdcnk4hgjvt04di844xmhkaeg8bzrfrya0l/b9
tf4h+uo7guyys41ew1+rjmoy9zfwiumdsnnumofzy84eusqzu13ffjyv3jwtmsv5wunqwcy8/rio
qrifd5h0waweee/vqexnunkvetiklnqrzfgeh/+wmsvtn/4enhh4hy735ugheczb1wdskalp7obf
8zokteixlxqrai5iaefs9hyzbvgofcmfj6/5sv84njs/3eisgvkp1nezcevcckqlsid4/c6aod0b
ughmt1kgdchzdgfoa0svjr7kwn+x4ozgduaemucrgsjmdg6lkjgyrj1vwlp3cexunlxljxkseuje
ubdiviwk1cyoaao1s7bpi3ply53cpmkdnb21yu5 fcd1zutnrwe8slbkxbzvlwzygtwfq0uokmxro
lqdmnixnjfes8hrvichmpxpfwbxbmrbxjccfwxp iojmzroyepz7cughp2jwazeqbadxuasfws3d/
fhvktosnkhpk1keqdahyazq59dwwm3xwootrdwd fg6eqjimayrptfzjuk5glqz5kog1diwi7vl0r
gsvpxyjjucqy2wxejlfnclmapumkbtor5brjhki zgcvkzhyp0fkgirdkxtv5wpxt5ok7uwkxkjgm
shxnzilgnhbrufxlk6smbv2e5tz3dyprm10np3t ls2m9yu5mw6hcbnruzqyjdobsg9orppv7rm0m
bwitrtkud3pavckbpyguuc7xeupbqoflqush1cu 0ekqj3iam29qoc8n4++6hdzyrhrzwr/gkv602
hrta5nebbj5yyxzvzieeszigxmsootjk7qyx/8epmu0h2txvcsllxekno+9ufoc2nyxjlwnjlq3z
4sq904kzbo1qxuksxbzuy4ukfkkbbjvfpqtqllk svjbrs/raqxzxi9iptfsn1zyima10y+skrdrg
ecygcnzta6uyrodj8jk8pmlir9zt9ryukbkjde3 6z8ca881rhevr4zs5yrqnojecjdbt8jidbzla
r5h7gd8fryee0zv6bf6xco9jaf4kmlgpipdiwnp zs+ftju++sygym7wkblfvkpkuoac0ft8ywqm6
hs9bd5qg5pwbx4kg3cokuwmpme6ppnt1k5ufo1d xedvahgvyhmlul/bfkqioyy+oznxbwxqqgf/t
0f0kupecykr8udyouxs97dsygngc37aausto36z zfggt721v2rgbjto1gv9bchbpetw2s7gy9zpl
wrynfx0businiwnkqysjp2dgovxwanw4iyid3g0 wwpieex1ti7uhczlmekh1akrobv3qvakqiftq
wzfsp9vgku7gv25yn9rxpmycsp4auvuroyxrhyz og5vaxf+tbyhtgzxly1s66dq8okxhmoffrjpj
xqjnd6y1ipgl6tr75cnbmxtsai6uhf544puvzy1 s46x0bxtjjr99kl+e+c85+khs3x7ykb0xes9w
7iwxowon6gdkgurgjy063gnffa3zz/geetpyf6zs7ego/s3pifnfpo3974ftzsgz5199fpcyekv+
+wviukd9kva/pvruv38h93w/hjjy0vwan2gaihagcssdi3vnp4abggfdn025v4hqjynpx0nikxeb
aqa7 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrta (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrtaift.com&p=
r0lgodlhyaa8apcaaaaaaiaaaacaaicaaaaagia agacagicagmdawp8aaad/ap//aaaa//8a/wd/
/////waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamwaazga amqaazaaa/wazaaazmwazzgazmqazzaaz/wbm
aabmmwbmzgbmmqbmzabm/wczaaczmwczzgczmqczzacz/wdmaadmmwdmzgdmmqdmzadm/wd/aad/
mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmzadmzmzmzzjmzmtmzzdmz/znmadnmmznm
zjnmmtnmzdnm/zozadozmzozzjozmtozzdoz/zpmadpmmzpmzjpmmtpmzdpm/zp/adp/mzp/zjp/
mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm
zgzm/2azagazm2azzmazmwazzgaz/2bmagbmm2bmzmbmmwbmzgbm/2b/agb/m2b/zmb/mwb/zgb/
/5kaajkam5kazpkamzkazjka/5kzajkzm5kzzpkzmzkzzjkz/5lmajlmm5lmzplmmzlmzjlm/5mz
ajmzm5mzzpmzmzmzzjmz/5nmajnmm5nmzpnmmznmzjnm/5n/ajn/m5n/zpn/mzn/zjn//8waamwa
m8wazswamcwazmwa/8wzamwzm8wzzswzmcwzzmwz/8xmamxmm8xmzsxmmcxmzmxm/8yzamyzm8yz
zsyzmcyzzmyz/8zmamzmm8zmzszmmczmzmzm/8z/amz/m8z/zsz/mcz/zmz///8aap8am/8azv8a
mf8azp8a//8zap8zm/8zzv8zmf8zzp8z//9map9mm/9mzv9mmf9mzp9m//+zap+zm/+zzv+zmf+z
zp+z///map/mm//mzv/mmf/mzp/m////ap//m///zv//mf//zp///yh5baeaabaalaaaaadiadwa
aaj/afol+kewomgdcbmqxmiwocohep+l8hoxoswlgbp6etiwibwchwmgbimwy8aie00qpparzct/
lvn+8+pn5cmbcudw1alrj0evogeg7unwj0minckoxqqswiqntpkethnqkmmrpeuevcovydaincc6
9dml59szwg1+zeiuy9unt9cu/ao0o1wldbuyrxp3js2lclnchtpybte8dqka3djwk0+uemmaxsgy
sdqdcaw+lqny40lliqe7fu1ys2dcqemrts06rsvrrvptblurcwzxcsw+jqr3okufoixyhm7wbsio
k4letntu6na/wculni3zjdfjjh8qhunyn3odwr2m/6w9pqxa2merkyfvt/xojbthroylfuplrgkd
zj/7m3pe7t5z5br6kk3ekvnltztugutrw+b4c3l04hrpvzjuuzclbygff144nwoczvwdf2zt1l2i
zeg0xkimhziyz0xdrhb6/0w13wkazudbeettggghezniy0qnyfhzz9/5rwnii+vine05/ktyjauw
9wbwbsu02k9ranufrgbwbvwrtar3gyodkvvmbwx xwjkorulyxnxuikunmaqzivr4iy2ig2pyoqdr
js8jmcjdnyh1y3rcffqunsubxwvmg01rmnxjnpw cmquuzxaay/imkhdxivjuecibffasykrfzwof
9f9ox0oxrvbwo7rs2ezmmn44agpahsksssqz6kj cdhzq161isuscllbnstmuquxhx0gl1telocdw
dyhzh0fx65iu+rcoq03lfsiq6gjl0xg+9htksnhukt8u+jjl7uwkqubgrll6gmnpltv0yqnc8dmn
so72naqg4mo3kl4ylywqwfw1jxi+hkpamyemmvjsl8zfczvt9en0lqhbmeqvv2m+6sxb1ezl7bue
xzutts16ezg+hfvlmxvkktiruokrx1ncmsxks0hqpeyvvz4mwpredq+kb1lwknsz1vorhbrgalpm
us1teextyx7te1vctw3vb7aksis0wuoprnvxfjn/k7wzfelz6nbtftyrxd7urwdg0/kxnvpt5wvl
igkf+m/cbsbl3uchk4xiqwcxidvvm/5kx6qih9f1v2jpbje1j+mwdmiqh6w2pflfn9t+40qr4ydi
dfhx1/3yw+lxjzuiwviuc6mqsriv1lw4kvn9tv2euwxpbpwvoi3fb0uclkjdnsgyeu9nh9au6akt
lro1eyz/8l4v6fo/+fr7d2t4eumtdzwbgnco1taxtytrenovgczlkwxdbw1tmh3xgbi/5tgpjhae
nomc5kmlqalum/vburcvn4ujl1z1upx1zhs0mprliyelwxgi5b1yvsypsysa/tkwttm8bv8okjko
/yjitcwibso6grbowuwemearop2ikbnymscgtdcgizridkukmgck73zxmrbfuoyh+vglbaqy4egs
hs2/qou0domdfv/fsayajuvcnfguldyeelfjec1ewdb0espzgdbegloqqmpflidckyoec43bymey
3evovfu6oxl+vjmnnw5btzrkhztmrsdu60vv+xmlcvot3bvykkzr2kxkuhtqmi9emonhjipwqwvj
5hqeyrfciti/gtwnxa+lmhkk9k1gyerwpbqzacokugpgsglgwv2genywkk1zaohjifo4ojbzacrw
0jun6etioabq6jcq0hqluwo52fgqgpvsttnixv/cytcrc1id5+aehkoyekwjb01vf5s0y6p8kfvp
0eydqfsxnappns6kolhe5ze/ak1en2pi6miixjgjevedaov8nhse5yuiew1hhtrv0jihcjnuc8ga
ebdpwkiosqfnowhsegtlj50ppjfpeneka83+gfcnqnihyctzr/wtdz9+aeniskuvyk2llxhcc+yy
z6l6wsk1mhmnjiomg84rckzhdnczw/i0vijojlpulcekohjggodiz7maziz2s6ei0skucyflsisd
8vgxm5c9fqvfzuzpqbat3cee6orjs5e2xkcclft vzluwpxsusvebpc+kuydgguswudtbi0scntj/
ssispemqcwfloctcvlh005f8akfekk7xo0o5yg7 yecxnmnbtysodye6dtemrr1l3fgjd3fjpaakn
j3p9rm78sfclwtc2rn3j1tsmr7r57odndyphpyf df2n1m0ktpiz/kxvjobsfcjelywlbqopwcljj
mpklmnirw86yc/sdadopmk0avaxyb+oifduwh+czziqnwm24xlydbzwvf1gblqsogmb0jhve1cpd
cgtsfgoduyqbyalhployacytpoxx71s466z9gve vnf1vrd4mlpen85pj0ygyblteglvjhbb1veyl
nqxr3cd8tsyzaw56vqdazsfdy69mhule7rgx/8tyu+fw98cmr8m2ruoh5gxdijy/gmh6kvepugtv
l/hslj46vtkiipjnaqckxewhn28sx5czvwbc4nmrhnqchf0x+h96qpokicrozhokpxm+iyvxgquk
y+1upoyxmmcqn5eznniu6cihz9kvo+7yjtkpn5ujhtwr3wc8vbsvplrupyux2ysitwbmjvuw6awg
maemc6vynghpw6ytuq6lrwftobm+cy/x/a6sjixuvlf73azo9v/t+kytkwhnslyljnwkqmmzsykv
exnp0ilylgzbswxayqbmgduw6xfvnc6istj92zm rvtrxtlejvt1mm4f4ckbczmeznjgda1xlof+h
mer3xs9id1k6vfocyq9x6v8k3i8el3nghkjtacn abjwh2zyr0nnd3wtxzpunytnw4oq1upuuwvm9
l+y6zysvao8xwyzomuq9ffnpggm4frpt9mppfdhme3uvez1niv2tehj1ntbvrhngr2ewiihlw85f
jdsmln4zkdzgy84qet/c7yehvf6cfqq0oxo6bud2crkfw3bf2ct0tvxxrhnowo+i7avcn5iwh82k
h15tp49gsr4ynzkjnnigtt2qz/uptv9f7r/n+nwepzeer6y17iuaftm+wwr9zvjvrj63f7z6vw9c
9i2hfs6ljxjso3rucgu4um4i+eg/vzf3o74cycwtl+yl//wak3nl0k/9semdjiyhxpetzpoaaaa7
== (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrrtar.com&p=
r0lgodlhyaa8apcaaaaaaiaaaacaaicaaaaagia agacagicagmdawp8aaad/ap//aaaa//8a/wd/
/////waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamwaazga amqaazaaa/wazaaazmwazzgazmqazzaaz/wbm
aabmmwbmzgbmmqbmzabm/wczaaczmwczzgczmqczzacz/wdmaadmmwdmzgdmmqdmzadm/wd/aad/
mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmzadmzmzmzzjmzmtmzzdmz/znmadnmmznm
zjnmmtnmzdnm/zozadozmzozzjozmtozzdoz/zpmadpmmzpmzjpmmtpmzdpm/zp/adp/mzp/zjp/
mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm
zgzm/2azagazm2azzmazmwazzgaz/2bmagbmm2bmzmbmmwbmzgbm/2b/agb/m2b/zmb/mwb/zgb/
/5kaajkam5kazpkamzkazjka/5kzajkzm5kzzpkzmzkzzjkz/5lmajlmm5lmzplmmzlmzjlm/5mz
ajmzm5mzzpmzmzmzzjmz/5nmajnmm5nmzpnmmznmzjnm/5n/ajn/m5n/zpn/mzn/zjn//8waamwa
m8wazswamcwazmwa/8wzamwzm8wzzswzmcwzzmwz/8xmamxmm8xmzsxmmcxmzmxm/8yzamyzm8yz
zsyzmcyzzmyz/8zmamzmm8zmzszmmczmzmzm/8z/amz/m8z/zsz/mcz/zmz///8aap8am/8azv8a
mf8azp8a//8zap8zm/8zzv8zmf8zzp8z//9map9mm/9mzv9mmf9mzp9m//+zap+zm/+zzv+zmf+z
zp+z///map/mm//mzv/mmf/mzp/m////ap//m///zv//mf//zp///yh5baeaabaalaaaaadiadwa
aaj/ap8jheiwoegdqvidxdhqicohecnkneixoswl//yk0ugho0bqb/2apegtocobi/+lponxysqu
lvvsfamr5koybtn60dkxjsqfoygafmjs50yjsd8 i5bixac+kbkhiljrxquyejmgmmgo1is6jvg9e
luj160+c1hy63rnuo9mubvvse1vsydgueikufbvr6ua1svnipfl2bfy5cwmlbfo0rodfz2mg1xjs
sdk0bnue3ju2os3orytuljv25na7jxsunxl4pf+mmfmmjsrws8cdzufq/mkstwcrfz2ezby1p+yx
xakfva54nkhf/xzurlvyoflobvljvw28jv/rs3ot/zq4oipzxgq1ekyou6rruyup+/6+lfpakzkj
e3u+3ujh7l6dnthejc02ffjpncqwzsbzvlntxc3vw0lniqcawn5madlp4mefxyegtyeczr195mcf
ic2yn0yflagfwrzc+j1ri1v3mo0lwqjudhrl5zvwfqawbx4lnmbfyplxfjjvopf4e3giwhgvjqcl
vj1qqxgflptihahyjronksr+lw1l21xj1rflcyhlmzija1zyg5qv9kvhvdfmmen+nqkynxxbdsko
emwettfhctrzx3usnfigrsdm5unk6xwu1aw96yg quwpjfasyipmji1wilqqbnqlqpiqlceem4amw
vv/aapjs/cuwwhtiququu7nh66+nijzqda/ukmwqguix36eh3rldk0rplj2lpgwo2wvyqvccghtm
whieoxgjw2c7phrrr9d11lnvvkyijarwiakzrcq xjvj8k6rukn5e6tbahqxh9+rtkx0lfknwcppw
edezifp8dq1pruba9kosmugki1jtc1vm4hhuzca vq1syc/bacvkn0mkmhkwaohmlmazeztvabzoi
zzyfra7aycjkadesrisp5mllricpevldi4/swisrm6xsowr/jlfqx4qfutmjs8xvtgx5mfs8xxul
cnmjcxpxrc4iwrhf+jizh5ghphwwyqqbgng9al3/lsef0smsmgv1jzvdzxntizszyaom0wzjc+mi
sskstl6nw0oyxathzxpqurcx6+/hifytk6aykzo5ntmblpfd9erhq3mbdymbbqoo2wmgaj9x3mdx
nunozdyarefztr1dcvzjo34yhcm2xmdotlk3klz f6g79wm5tmybvyypdmowty/hmwbkyippol9pi
ie7ev+su7aqaot25xjs/kbnd9xw0/mvqwfb0prv+nyqlxsrbwktsfsbortgcgtuzuhulljhfb2y5
wn8ax68abcpkn/rbv6qmlhebz1mtk4qvwlw9p2xeseixfujyldz98awqcnjxwkboeskhikwsu9hd
//iforsiklqzykwcl0kkvl2ojxwk0v8ezdajvipsinniff6smbj97nj/ut9dgkcxawlrytgjyrjw
zeodtw1z8glgyvghl/vnjfycg86gsfo/q1ureauykhsopy3q8o15kepp1nccwdrtmskcw1niifi2
hzyluwoyu+9yaii9oqynl8zcbpwshrpuss1kixmdcnk4hgjvt04di844xmhkaeg8bzrfrya0l/b9
tf4h+uo7guyys41ew1+rjmoy9zfwiumdsnnumofzy84eusqzu13ffjyv3jwtmsv5wunqwcy8/rio
qrifd5h0waweee/vqexnunkvetiklnqrzfgeh/+wmsvtn/4enhh4hy735ugheczb1wdskalp7obf
8zokteixlxqrai5iaefs9hyzbvgofcmfj6/5sv84njs/3eisgvkp1nezcevcckqlsid4/c6aod0b
ughmt1kgdchzdgfoa0svjr7kwn+x4ozgduaemucrgsjmdg6lkjgyrj1vwlp3cexunlxljxkseuje
ubdiviwk1cyoaao1s7bpi3ply53cpmkdnb21yu5 fcd1zutnrwe8slbkxbzvlwzygtwfq0uokmxro
lqdmnixnjfes8hrvichmpxpfwbxbmrbxjccfwxp iojmzroyepz7cughp2jwazeqbadxuasfws3d/
fhvktosnkhpk1keqdahyazq59dwwm3xwootrdwd fg6eqjimayrptfzjuk5glqz5kog1diwi7vl0r
gsvpxyjjucqy2wxejlfnclmapumkbtor5brjhki zgcvkzhyp0fkgirdkxtv5wpxt5ok7uwkxkjgm
shxnzilgnhbrufxlk6smbv2e5tz3dyprm10np3t ls2m9yu5mw6hcbnruzqyjdobsg9orppv7rm0m
bwitrtkud3pavckbpyguuc7xeupbqoflqush1cu 0ekqj3iam29qoc8n4++6hdzyrhrzwr/gkv602
hrta5nebbj5yyxzvzieeszigxmsootjk7qyx/8epmu0h2txvcsllxekno+9ufoc2nyxjlwnjlq3z
4sq904kzbo1qxuksxbzuy4ukfkkbbjvfpqtqllk svjbrs/raqxzxi9iptfsn1zyima10y+skrdrg
ecygcnzta6uyrodj8jk8pmlir9zt9ryukbkjde3 6z8ca881rhevr4zs5yrqnojecjdbt8jidbzla
r5h7gd8fryee0zv6bf6xco9jaf4kmlgpipdiwnp zs+ftju++sygym7wkblfvkpkuoac0ft8ywqm6
hs9bd5qg5pwbx4kg3cokuwmpme6ppnt1k5ufo1d xedvahgvyhmlul/bfkqioyy+oznxbwxqqgf/t
0f0kupecykr8udyouxs97dsygngc37aausto36z zfggt721v2rgbjto1gv9bchbpetw2s7gy9zpl
wrynfx0businiwnkqysjp2dgovxwanw4iyid3g0 wwpieex1ti7uhczlmekh1akrobv3qvakqiftq
wzfsp9vgku7gv25yn9rxpmycsp4auvuroyxrhyz og5vaxf+tbyhtgzxly1s66dq8okxhmoffrjpj
xqjnd6y1ipgl6tr75cnbmxtsai6uhf544puvzy1 s46x0bxtjjr99kl+e+c85+khs3x7ykb0xes9w
7iwxowon6gdkgurgjy063gnffa3zz/geetpyf6zs7ego/s3pifnfpo3974ftzsgz5199fpcyekv+
+wviukd9kva/pvruv38h93w/hjjy0vwan2gaihagcssdi3vnp4abggfdn025v4hqjynpx0nikxeb
aqa7 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d6ba40a1-a502-59bd-f413-04b03a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nukaguo (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+mv0nukaguo (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrouqc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrouqc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrrrb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrrrb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkbuqc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkeg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkese (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfa (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfa (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpuc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpz (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpz0 (windows; u; windows nt 5.1; en-us) applewebkit/533.9 (khtml, like gecko) chrome/6.0.401.1 safari/533.9 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrota (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrspe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrspc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkasc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkcz (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkdw+ (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkerb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkevc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysguard (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpuc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrspe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpz (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrpz0 (windows; u; windows nt 5.1; en-us) applewebkit/533.9 (khtml, like gecko) chrome/6.0.401.1 safari/533.9 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrspc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnukroxrota (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnujoxrotc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkasc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkaz (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkbta (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkcz (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkdw+ (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mketa (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mketc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkevc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkfpe (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AV8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\iexplorer.exe (Malware.Packer.Gen) -> Delete on reboot.
C:\Documents and Settings\John\Local Settings\Temp\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mpnje1tau.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\login.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\sysedit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\user.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\2438210202.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\3225553952.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\552127346.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\debug.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\drweb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Application Data\Powiy\azod.exe (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\ppwkvch.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\thdttbs.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\eueidifw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\fj2mw.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\phnrkpp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\anhw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpyWareSetup.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AV8\av8.exe (Rogue.Antivirus8) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Desktop\Antivirus8.LNK (Rogue.Antivirus8) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Desktop\Antivirus8.LNK (Rogue.Antivirus8) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\APUD.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\iexplarer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\iExplorer.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\pdfupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mario Graziano\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplarer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\win.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

villar1598 · « **Reply #4 on:** November 02, 2010, 12:28:55 PM »

Is this really a virus?
Because i see it everyday in my running processes
Please let me know.

SuperDave · « **Reply #5 on:** November 04, 2010, 01:07:26 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

****************************************
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

*************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [Lbihoko] rundll32.exe "C:\WINDOWS\idokifurizevulad.dll",Startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Bmupurega] rundll32.exe "C:\WINDOWS\dcxsnut.dll",Startup (User 'SYSTEM')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
***************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

cfnyy51 · « **Reply #6 on:** November 04, 2010, 09:28:14 PM »

SuperDave, thank you for taking the time to respond and provide help. I did not complete the entire process you outlined. Here is why:

1: One thing I've noticed about the help provided here: you better do exactly what the specialist tell you to do. When I removed Windows Messenger, it prompted me to do a reboot. I elected not to reboot because it did not mention to do so in your directions. I know, its picky, but your directions stated to delete the two files on the desktop. (I hope I do not sound rude in that previous sentence, I just dont want to mess up the steps).

2: This isnt what caused me to stop the process, but none of the items you suggested I remove via HJT this were present in the scan. Again, not why I stopped, just letting you know.

3: When I went to start>run and entered the command you provided, I get the following prompt:
"Windows cannot find 'C:\Documents and Settings\(user profile)\desktop\commy.exe'. Make sure you typed the name correctly...

(Yes, commy.exe is on the desktop)

SuperDave · « **Reply #7 on:** November 05, 2010, 12:16:33 PM »

Ok. Let's try this:

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.

cfnyy51 · « **Reply #8 on:** November 05, 2010, 01:27:21 PM »

SuperDave,

Same result as before.

I suppose I should mention this: In between my original post and your response, Antivir stumbled across another virus, Boot/Alureon. I am not sure if that is effecting ComboFix.

Thank you

SuperDave · « **Reply #9 on:** November 05, 2010, 07:14:40 PM »

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
*********************************************************
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

cfnyy51 · « **Reply #10 on:** November 06, 2010, 10:24:03 AM »

OTL logfile created on: 11/6/2010 12:09:46 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Mario Graziano\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 274.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.03 Gb Total Space | 42.63 Gb Free Space | 60.01% Space Free | Partition Type: NTFS

Computer Name: D96S1Y61 | User Name: Mario Graziano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/06 12:07:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mario Graziano\Desktop\OTL.exe
PRC - [2010/11/05 16:21:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/05 16:20:59 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/05 16:20:59 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/07/07 13:52:58 | 003,065,160 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft\Online Armor\oahlp.exe
PRC - [2010/07/07 13:52:54 | 006,854,984 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft\Online Armor\oaui.exe
PRC - [2010/07/07 13:52:54 | 003,364,680 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft\Online Armor\oasrv.exe
PRC - [2010/07/07 13:52:54 | 001,283,400 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft\Online Armor\oacat.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/08/13 18:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/12 17:23:31 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1125946752\ee\aolsoftware.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 16:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/10/14 22:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/11/06 12:07:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mario Graziano\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/07 13:52:56 | 000,947,016 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft\Online Armor\oawatch.dll
MOD - [2008/04/14 08:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/14 08:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 08:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 08:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\Ipripv32.dll -- (Iprip)
SRV - [2010/11/05 16:21:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/05 16:20:59 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/07 13:52:54 | 003,364,680 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/07/07 13:52:54 | 001,283,400 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft\Online Armor\OAcat.exe -- (OAcat)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/07/01 16:45:46 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\John\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/05 16:21:00 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/05 16:21:00 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/07 13:25:58 | 000,022,600 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/07/07 13:25:42 | 000,028,232 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/07/07 13:25:38 | 000,236,104 | ---- | M] (Emsisoft) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/08/12 08:56:42 | 000,008,448 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51)
DRV - [2005/03/07 12:32:14 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/10 04:45:34 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 17:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/02/09 12:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003/03/06 14:48:08 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,StartPage = http://www.optonline.net
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {47F579EB-CAAC-486B-9D93-C24124D8D725}:1.9.1
FF - prefs.js..extensions.enabledItems: {8624C5D8-18B9-4F97-B3CE-68BF1D4DA700}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\extensions\\{47F579EB-CAAC-486B-9D93-C24124D8D725}: C:\Documents and Settings\John\Local Settings\Application Data\{47F579EB-CAAC-486B-9D93-C24124D8D725}\ [2010/10/29 02:19:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{8624C5D8-18B9-4F97-B3CE-68BF1D4DA700}: C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\{8624C5D8-18B9-4F97-B3CE-68BF1D4DA700} [2010/11/01 18:17:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 16:42:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 16:42:11 | 000,000,000 | ---D | M]

[2009/08/14 17:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Extensions
[2010/11/04 23:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\extensions
[2010/10/24 12:25:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mario Graziano\Application Data\Mozilla\Firefox\Profiles\f9yxi14f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/04 23:02:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/01 18:59:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/27 21:15:18 | 000,423,461 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 127.0.0.1   123fporn.info
O1 - Hosts: 14620 more lines...
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Emsisoft\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125946752\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.20/uploader2.cab (UploadListView Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/43.10/uploader2.cab (UploadListView Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288724950125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154980515546 (MUWebControl Class)
O16 - DPF: {6EC00533-A02A-4C97-A93C-66BDB184EBD7} http://nwmiddle.udayton.edu/nls/English/ZfdInstallMgr.cab (ZfdWebInstaller Class)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab (Ofoto Upload Manager Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://www.optonline.net//images/Common/header/hdrIdTexArea_back.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Emsisoft\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\Ipripv32.dll File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "MpfService"
MsConfig - Services: "McShield"
MsConfig - Services: "aolavupd"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit, Inc.)
MsConfig - StartUpReg: AOLDialer - hkey= - key= - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
MsConfig - StartUpReg: AV8 - hkey= - key= - C:\Program Files\AV8\av8.exe File not found
MsConfig - StartUpReg: Dell Photo AIO Printer 942 - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
MsConfig - StartUpReg: DellMCM - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: HNUjOXRouqc - hkey= - key= - C:\DOCUME~1\John\LOCALS~1\Temp\iexplarer.exe File not found
MsConfig - StartUpReg: HNUKROXRota - hkey= - key= - C:\DOCUME~1\MARIOG~1\LOCALS~1\Temp\install.exe File not found
MsConfig - StartUpReg: HNUKROXRspe - hkey= - key= - C:\DOCUME~1\MARIOG~1\LOCALS~1\Temp\winamp.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MKasc - hkey= - key= - C:\WINDOWS\drweb.exe File not found
MsConfig - StartUpReg: MKbta - hkey= - key= - C:\WINDOWS\install.exe File not found
MsConfig - StartUpReg: MKfa - hkey= - key= - C:\WINDOWS\win.exe File not found
MsConfig - StartUpReg: MPFExe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: Pure Networks Port Magic - hkey= - key= - C:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/06 12:07:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mario Graziano\Desktop\OTL.exe
[2010/11/04 23:09:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/04 22:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2010/11/03 15:45:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mario Graziano\PrivacIE
[2010/11/03 15:39:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mario Graziano\IETldCache
[2010/11/03 15:35:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/03 15:30:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/01 23:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/11/01 19:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Application Data\OnlineArmor
[2010/11/01 19:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/11/01 19:56:36 | 000,022,600 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2010/11/01 19:56:35 | 000,236,104 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2010/11/01 19:56:35 | 000,028,232 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2010/11/01 19:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft
[2010/11/01 18:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/01 18:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\{8624C5D8-18B9-4F97-B3CE-68BF1D4DA700}
[2010/11/01 18:11:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/01 18:07:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/11/01 18:07:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/11/01 18:07:32 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/11/01 18:05:32 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/10/29 02:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/26 23:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/26 15:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\My Documents\Downloads
[2010/10/24 21:08:35 | 008,567,024 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.11.exe
[2010/10/24 15:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\Sunbelt Software
[2010/10/24 12:28:57 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Mario Graziano\Desktop\Ad-AwareInstall.exe
[2010/10/23 11:59:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mario Graziano\Recent
[2010/10/21 00:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/10/21 00:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/20 22:09:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/20 22:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Application Data\Avira
[2010/10/20 21:57:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/20 21:57:35 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/20 21:57:35 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/20 21:57:35 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/20 21:57:35 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/20 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/20 21:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/20 20:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Application Data\SUPERAntiSpyware.com
[2010/10/20 20:04:09 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Mario Graziano\Desktop\SUPERAntiSpyware.exe
[2010/10/20 17:14:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/20 17:14:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/20 17:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/20 17:14:17 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mario Graziano\Desktop\mbam-setup-1.46.exe
[2010/10/20 16:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mario Graziano\Local Settings\Application Data\Threat Expert
[2010/10/20 16:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/20 16:43:58 | 036,317,280 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Mario Graziano\Desktop\spyware-doctor.exe
[2010/10/17 21:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/10/17 21:40:15 | 001,064,736 | ---- | C] (Microsoft Corporation) -- C:\Program Files\VB6.0-KB290887-X86.exe
[2010/10/17 21:22:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/10/17 21:14:14 | 133,582,520 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
[2010/10/08 11:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/10/07 23:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/07 23:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/09 09:15:51 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup233.exe
[2009/02/18 20:58:22 | 035,348,744 | ---- | C] (COMODO) -- C:\Program Files\CIS_Setup_3.8.64739.471_XP_Vista_x32.exe
[2009/02/17 13:28:20 | 013,229,544 | ---- | C] (Tall Emu Pty Ltd ) -- C:\Program Files\OA190Free.exe
[2009/02/17 10:37:09 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2006/07/27 17:25:41 | 005,037,072 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd14.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/06 12:07:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mario Graziano\Desktop\OTL.exe
[2010/11/06 03:04:20 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{84D725D7-12E5-4E91-B233-8CA030B23F3C}.job
[2010/11/06 02:01:08 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/05 16:21:00 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/05 16:21:00 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/05 15:16:09 | 003,903,424 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Desktop\blackpudding.dat
[2010/11/03 16:24:44 | 000,438,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/03 16:24:44 | 000,071,012 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/03 16:21:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 16:20:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 16:16:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/03 15:39:30 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/03 15:32:51 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/11/02 16:33:22 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/02 05:41:38 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dzuyuzageyabegu.dat
[2010/11/02 05:41:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ktoxa.bin
[2010/11/01 20:46:48 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Desktop\Shortcut to sniper.exe.lnk
[2010/11/01 19:00:56 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Desktop\JavaRa.zip
[2010/11/01 18:15:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/11/01 18:09:22 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/01 18:04:00 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/01 18:03:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/11/01 18:03:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/11/01 18:03:44 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/01 18:00:33 | 000,023,428 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/01 18:00:02 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/11/01 17:59:02 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/30 18:42:38 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/30 18:37:05 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/10/27 21:15:18 | 000,423,461 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/27 20:58:14 | 000,656,896 | ---- | M] () -- C:\Program Files\MicrosoftFixit50525.msi
[2010/10/26 23:29:33 | 000,648,704 | ---- | M] () -- C:\Program Files\MicrosoftFixit50267.msi
[2010/10/26 23:23:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/24 21:11:55 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/24 15:57:44 | 000,000,560 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/10/24 12:32:21 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Mario Graziano\Desktop\Ad-AwareInstall.exe
[2010/10/24 09:19:10 | 000,423,829 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old
[2010/10/23 21:29:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/23 15:44:56 | 000,423,829 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101024-091910.backup
[2010/10/23 15:23:27 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Desktop\Spybot - Search & Destroy.lnk
[2010/10/20 21:59:39 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/20 21:53:54 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Mario Graziano\Desktop\avira_antivir_personal_en.exe
[2010/10/20 20:06:51 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/20 20:04:44 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Mario Graziano\Desktop\SUPERAntiSpyware.exe
[2010/10/20 17:14:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 17:14:19 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mario Graziano\Desktop\mbam-setup-1.46.exe
[2010/10/20 16:44:48 | 036,317,280 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Mario Graziano\Desktop\spyware-doctor.exe
[2010/10/17 21:15:38 | 133,582,520 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
[2010/10/17 21:12:21 | 044,089,904 | ---- | M] () -- C:\Program Files\avira_antivir_personal_en.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/05 15:16:01 | 003,903,424 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Desktop\blackpudding.dat
[2010/11/03 15:39:30 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/03 15:32:51 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/11/01 20:46:48 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Desktop\Shortcut to sniper.exe.lnk
[2010/11/01 19:00:46 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Desktop\JavaRa.zip
[2010/11/01 18:15:11 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/11/01 18:07:20 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/11/01 18:06:40 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/11/01 18:06:28 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/11/01 18:06:27 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/11/01 18:06:25 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/11/01 18:06:14 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/11/01 18:06:08 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/11/01 18:06:03 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/11/01 18:05:36 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/10/30 18:42:38 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/10/30 18:33:47 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/10/30 18:33:13 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/10/30 18:33:13 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/10/30 18:33:13 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/10/30 18:33:13 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/10/30 18:33:12 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/10/30 18:33:12 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/10/30 18:33:12 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/10/30 18:33:12 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/10/30 18:33:12 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/10/30 18:33:12 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/10/30 18:33:12 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/10/30 18:33:12 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/10/30 18:33:12 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/10/30 18:33:12 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/10/30 18:33:12 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/10/30 18:33:12 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/10/30 18:33:12 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/10/30 18:33:11 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/10/30 18:33:11 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/10/29 02:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ktoxa.bin
[2010/10/29 02:19:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dzuyuzageyabegu.dat
[2010/10/27 20:57:40 | 000,656,896 | ---- | C] () -- C:\Program Files\MicrosoftFixit50525.msi
[2010/10/26 23:29:30 | 000,648,704 | ---- | C] () -- C:\Program Files\MicrosoftFixit50267.msi
[2010/10/24 15:57:44 | 000,000,560 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010/10/23 15:23:27 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Desktop\Spybot - Search & Destroy.lnk
[2010/10/20 21:59:39 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/20 21:52:28 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Mario Graziano\Desktop\avira_antivir_personal_en.exe
[2010/10/20 20:06:51 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/20 17:14:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/17 21:10:34 | 044,089,904 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2010/07/09 16:00:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\RegDefrag.ini
[2009/02/17 13:02:23 | 000,024,338 | ---- | C] () -- C:\Program Files\viewpointkiller.zip
[2009/02/17 10:38:19 | 006,006,816 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2006/12/24 11:46:12 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/27 19:13:42 | 000,212,849 | ---- | C] () -- C:\Program Files\hijackthis.zip
[2006/07/27 17:38:51 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/07/27 17:33:41 | 011,746,992 | ---- | C] () -- C:\Program Files\antivir_workstation_win7u_en_h.exe
[2006/07/27 17:23:09 | 002,166,352 | ---- | C] () -- C:\Program Files\XoftSpy422_193.exe
[2006/06/26 19:06:56 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/06/12 20:37:40 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/31 16:27:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/03/12 23:04:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\UccSpecB.sys
[2006/01/11 22:55:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/05 01:19:58 | 000,000,000 | ---- | C] () --

cfnyy51 · « **Reply #11 on:** November 06, 2010, 10:24:32 AM »

OTL Extras logfile created on: 11/6/2010 12:09:46 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Mario Graziano\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 274.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.03 Gb Total Space | 42.63 Gb Free Space | 60.01% Space Free | Partition Type: NTFS

Computer Name: D96S1Y61 | User Name: Mario Graziano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1125946752\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125946752\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\WINDOWS\Downloaded Program Files\ccpm_0237.exe" = C:\WINDOWS\Downloaded Program Files\ccpm_0237.exe:*:Enabled:ccpm_exe Module -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1125946752\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125946752\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1125946752\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1125946752\ee\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1125946752\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1125946752\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 22
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belarc Advisor 2.0" = Belarc Advisor 6.1
"CCleaner" = CCleaner
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"EsetOnlineScanner" = ESET Online Scanner
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"InstallShield_{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSNINST" = MSN
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"OnlineArmor_is1" = Online Armor 4.0
"Optimum Online net guide" = Optimum Online net guide
"Port Magic" = Pure Networks Port Magic
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WinASO Registry Optimizer 4.5.5_is1" = WinASO Registry Optimizer 4.5.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2010 12:44:13 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/2/2010 12:44:18 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/2/2010 12:44:18 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/2/2010 12:44:18 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/2/2010 10:14:07 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: The connection with the server was terminated abnormally

Error - 11/2/2010 10:14:07 AM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: This network connection does not exist.

Error - 11/3/2010 2:28:04 AM | Computer Name = D96S1Y61 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80080005, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 11/3/2010 6:27:11 PM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/3/2010 6:27:11 PM | Computer Name = D96S1Y61 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/4/2010 2:01:02 AM | Computer Name = D96S1Y61 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024001f, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 11/3/2010 3:39:40 PM | Computer Name = D96S1Y61 | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 11/3/2010 3:39:43 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 11/3/2010 3:39:43 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7023
Description = The NWCWorkstation service terminated with the following error: %%2

Error - 11/3/2010 3:40:10 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SASKUTIL

Error - 11/3/2010 4:20:45 PM | Computer Name = D96S1Y61 | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 11/3/2010 4:21:00 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 11/3/2010 4:21:00 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7023
Description = The NWCWorkstation service terminated with the following error: %%2

Error - 11/3/2010 4:21:18 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SASKUTIL

Error - 11/3/2010 4:22:28 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 11/3/2010 4:22:56 PM | Computer Name = D96S1Y61 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

< End of report >

SuperDave · « **Reply #12 on:** November 06, 2010, 12:54:58 PM »

Delete An Uninstall Entry

•Start HijackThis

•Click on the Open the Misc Tools section

•Click on the Open Uninstall Manager button.

•Highlight the entry you want to remove.
My Way Search Assistant
•Click Delete this entry
Close HJT
********************************

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
:Files
C:\WINDOWS\Dzuyuzageyabegu.dat
C:\WINDOWS\Ktoxa.bin

:otl
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 127.0.0.1   123fporn.info
O1 - Hosts: 14620 more lines...
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************
Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

•Open the folder and run Dial-a-fix.exe
•2 windows will open. Close the one in the background labeled Restrictive Policies
•Check the box in section 1, Empty temp folders.

•Check the box in section 2, Fix Windows Installer.

•Check the box in section 3, Fix Windows Update.

•Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked

•Check all boxes in section 5, labeled Registration Center.

•Click Go

•OK any error messages if received, but write them down and post them here.

•Restart the computer when done.

cfnyy51 · « **Reply #13 on:** November 06, 2010, 02:42:37 PM »

SD,

When I went into the Uninstall Manager in HJT, My Way Search Assistant was not in the list.

I ran the OTL Custom Scan/Fix and I rebooted the PC after prompted to do so. I apologize for any inconvenience this may cause, but I closed the log. I thought it was going to be saved like the other two logs were. The other two were saved on the desktop.

I ran Dial-a-Fix, and the following errors were reported, most of them had the same message, but for different dlls:

"Error 127: C:\Windows\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

The same message appeared for imgutil.dll, inseng.dll, msrating.dll, pngfilt.dll, and webcheck.dll.

There were 2 more error messages, but the only difference between these and the errors mentioned above was the version number.

occache.dll 8.00.6001.18968
mshtml.dll 8.00.6001.18975

SuperDave · « **Reply #14 on:** November 06, 2010, 06:19:32 PM »

Quote

When I went into the Uninstall Manager in HJT, My Way Search Assistant was not in the list.

I just wanted to make sure it was still not there. MBAM must have removed it.

NOTE: Please run this even if you don't have your OS disk. If it asks for a disk we'll know there's something wrong with the files.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

cfnyy51 · « **Reply #15 on:** November 07, 2010, 06:52:22 AM »

I had the OS Disk and ran the scan. It did not ask for the disk.

Antivir is still detecting BOO/Alureon A.

SuperDave · « **Reply #16 on:** November 07, 2010, 10:40:12 AM »

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was

extracted to. Open the text file and copy/paste the log here.
[/list]

cfnyy51 · « **Reply #17 on:** November 07, 2010, 06:01:10 PM »

After clicking "Create Log", a few seconds passes as a blue status bar progresses. Then, the attached image appears.

[recovering disk space - old attachment deleted by admin]

SuperDave · « **Reply #18 on:** November 07, 2010, 07:09:36 PM »

Ok. Forget about that one and try this:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

cfnyy51 · « **Reply #19 on:** November 08, 2010, 03:51:29 AM »

GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-08 05:47:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A 8.16
Running: gmer.exe; Driver: C:\DOCUME~1\MARIOG~1\LOCALS~1\Temp\pxloapoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwAllocateVirtualMemory [0xEE9EFED0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwAssignProcessToJobObject [0xEE9F0700]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwConnectPort [0xEE9EDDA0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateFile [0xEE9FD9C0]
SSDT F8B6E636 ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreatePort [0xEE9ED8E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateProcess [0xEE9EA620]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateProcessEx [0xEE9EAA30]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateSection [0xEE9E9EF0]
SSDT F8B6E62C ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwDebugActiveProcess [0xEE9ECB90]
SSDT F8B6E63B ZwDeleteKey
SSDT F8B6E645 ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwDuplicateObject [0xEE9ED6F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwLoadDriver [0xEE9EF490]
SSDT F8B6E64A ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwOpenFile [0xEE9FE040]
SSDT F8B6E618 ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwOpenSection [0xEE9EA310]
SSDT F8B6E61D ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwProtectVirtualMemory [0xEE9F0350]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwQueryDirectoryFile [0xEE9EFA70]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwQueueApcThread [0xEE9F08A0]
SSDT F8B6E654 ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwRequestPort [0xEE9EE9A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwRequestWaitReplyPort [0xEE9EEF90]
SSDT F8B6E64F ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwResumeThread [0xEE9ED340]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSecureConnectPort [0xEE9EE190]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSetContextThread [0xEE9EC970]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSetSystemInformation [0xEE9ECD30]
SSDT F8B6E640 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwShutdownSystem [0xEE9EF370]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSuspendProcess [0xEE9ED520]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSuspendThread [0xEE9ED130]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSystemDebugControl [0xEE9ECF40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwTerminateProcess [0xEE9EBC80]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwTerminateThread [0xEE9EC760]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwUnloadDriver [0xEE9EF780]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwWriteVirtualMemory [0xEE9F0520]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [E0, D8, 9E, EE, 20, A6, 9E, ...] {LOOPNZ 0xffffffffffffffda; SAHF ; OUT DX, AL ; AND [ESI-0x55cf1162], AH; SAHF ; OUT DX, AL }
.text ntoskrnl.exe!_abnormal_termination + 368 804E29D4 8 Bytes JMP 6FDF1877
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [20, D5, 9E, EE, 30, D1, 9E, ...] {AND CH, DL; SAHF ; OUT DX, AL ; XOR CL, DL; SAHF ; OUT DX, AL ; INC EAX; IRET ; SAHF ; OUT DX, AL }
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF88F3760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7158F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[168] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[212] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\csrss.exe[448] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\winlogon.exe[472] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text ...
.text C:\Program Files\Windows Defender\MSASCui.exe[532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001
.text C:\Program Files\Windows Defender\MSASCui.exe[532] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[532] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[532] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Windows Defender\MSASCui.exe[532] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[532] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[532] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[532] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[536] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[572] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[788] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E40001
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[788] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[788] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[788] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[788] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F130F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[788] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[788] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[788] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Windows Defender\MsMpEng.exe[888] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\System32\svchost.exe[928] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text ...
.text C:\WINDOWS\system32\igfxpers.exe[1148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001
.text C:\WINDOWS\system32\igfxpers.exe[1148] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxpers.exe[1148] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxpers.exe[1148] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\igfxpers.exe[1148] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\igfxpers.exe[1148] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxpers.exe[1148] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxpers.exe[1148] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Emsisoft\Online Armor\OAcat.exe[1200] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\spoolsv.exe[1396] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1588] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text ...
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1756] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CD0001
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1756] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1756] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1756] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1756] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1756] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F1B0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1756] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1E0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1756] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[1804] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\DellSupport\DSAgnt.exe[1808] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text C:\Program Files\DellSupport\DSAgnt.exe[1808] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1808] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1808] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\DellSupport\DSAgnt.exe[1808] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F130F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1808] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F160F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1808] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1808] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1848] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1936] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\taskmgr.exe[2388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001
.text C:\WINDOWS\system32\taskmgr.exe[2388] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\taskmgr.exe[2388] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\taskmgr.exe[2388] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\taskmgr.exe[2388] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\taskmgr.exe[2388] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\taskmgr.exe[2388] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\taskmgr.exe[2388] iphlpapi.dll!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[2776] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\ctfmon.exe[2780] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\WINDOWS\system32\ctfmon.exe[2780] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2780] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2780] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\ctfmon.exe[2780] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[2780] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[2780] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2780] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\hkcmd.exe[2848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001
.text C:\WINDOWS\system32\hkcmd.exe[2848] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[2848] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hkcmd.exe[2848] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\hkcmd.exe[2848] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\hkcmd.exe[2848] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\hkcmd.exe[2848] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\hkcmd.exe[2848] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EB0001
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[3008] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[3008] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[3008] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E80001
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!ExitWindowsEx &nb

SuperDave · « **Reply #20 on:** November 08, 2010, 12:03:05 PM »

Is your computer running any better now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

cfnyy51 · « **Reply #21 on:** November 08, 2010, 09:04:28 PM »

May I run an Anti-Vir scan at this point and see if it still detects BOO/Alureon A?

-------------------------------------------------------------------
ESET scan results"

C:\WINDOWS\Web\ksidgmi.bak1   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\WINDOWS\Web\ksidgmi.bak2   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\WINDOWS\Web\ksidgmi.ini   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\WINDOWS\Web\ksidgmi.ini2   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined

SuperDave · « **Reply #22 on:** November 09, 2010, 11:35:20 AM »

Quote

May I run an Anti-Vir scan at this point and see if it still detects BOO/Alureon A?

Yes, go ahead but it's probably a false positive. You can also download another AV and run a scan with that but don't enable two AV's on your computer because they will conflict. Just use one for occasional scanning
Microsoft Security Essentials for Windows XP

Let's see if you can run ComboFix again as outlined in Reply #5.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

cfnyy51 · « **Reply #23 on:** November 09, 2010, 05:34:02 PM »

Few things:

1) I ran MBR Check, and the log is what follows after these few notes.

2) I have attached a photo of a message from combofix. I did not get this far prior to this. However, after seeing the message and what your last post suggested, I removed AntiVir, and Combofix is still seeing it. Also, (this is not my PC) I have no idea where AOL antivirus is or how to close it/disable it.

3) svchost.exe is still taking up a large amount of the cpu. Near 100%. Is this because I uninstalled ANtivir?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows XP Professional
Windows Information:      Service Pack 3 (build 2600)
Logical Drives Mask:      0x0000001d

Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8A38000 \WINDOWS\system32\KDCOM.DLL
0xF8948000 \WINDOWS\system32\BOOTVID.dll
0xF84E9000 ACPI.sys
0xF8A3A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84D8000 pci.sys
0xF8538000 isapnp.sys
0xF8B00000 pciide.sys
0xF87B8000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8A3C000 intelide.sys
0xF8548000 MountMgr.sys
0xF84B9000 ftdisk.sys
0xF8A3E000 dmload.sys
0xF8493000 dmio.sys
0xF87C0000 PartMgr.sys
0xF8558000 VolSnap.sys
0xF847B000 atapi.sys
0xF8568000 disk.sys
0xF8578000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF845B000 fltmgr.sys
0xF8449000 sr.sys
0xF8434000 drvmcdb.sys
0xF87C8000 PxHelp20.sys
0xF841D000 KSecDD.sys
0xF8390000 Ntfs.sys
0xF8363000 NDIS.sys
0xF8349000 Mup.sys
0xF85E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF743C000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7428000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF88E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7404000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF88E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF85F8000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xF73E1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF72BA000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xF7225000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xF88F0000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xF88F8000 \SystemRoot\System32\Drivers\Modem.SYS
0xF71FF000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF8900000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8608000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8908000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8618000 \SystemRoot\system32\DRIVERS\serial.sys
0xF830C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF71EB000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8A56000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF8628000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8638000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8308000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF8648000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF71AB000 \SystemRoot\system32\drivers\smwdm.sys
0xF7187000 \SystemRoot\system32\drivers\portcls.sys
0xF8658000 \SystemRoot\system32\drivers\drmk.sys
0xF70D4000 \SystemRoot\system32\drivers\senfilt.sys
0xF8C0B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8668000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF82FC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF70BD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8678000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8688000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8910000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF8918000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8920000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8928000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF708D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8698000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8930000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8A58000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF702F000 \SystemRoot\system32\DRIVERS\update.sys
0xF78F2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF86A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8758000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A66000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8A08000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF8808000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8A20000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8A72000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B58000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A74000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8818000 \SystemRoot\system32\drivers\ssrtln.sys
0xF8820000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8828000 \SystemRoot\System32\drivers\vga.sys
0xF8A76000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A78000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8830000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8838000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8A2C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF75CA000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xEEC41000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF75BA000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xEEB48000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF8840000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xEEB20000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF8A34000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEEAFE000 \SystemRoot\System32\drivers\afd.sys
0xF75AA000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF8848000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xEEA72000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF759A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF8850000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEEA47000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE9D1000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
0xEE961000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF758A000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8B67000 \SystemRoot\System32\Drivers\BANTExt.sys
0xEE93E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF8A7C000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xEEF30000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF85A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xEEF2C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEEE3F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE729000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8AA2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEECAB000 \SystemRoot\System32\drivers\Dxapi.sys
0xEE88E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BA4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEE6C4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xEE839000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8BBC000 \SystemRoot\system32\dla\tfsndres.sys
0xEE6AE000 \SystemRoot\system32\dla\tfsnifs.sys
0xEEEE5000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8AC4000 \SystemRoot\system32\dla\tfsnpool.sys
0xEE886000 \SystemRoot\system32\dla\tfsnboio.sys
0xEE829000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8BBD000 \SystemRoot\system32\dla\tfsndrct.sys
0xEE695000 \SystemRoot\system32\dla\tfsnudf.sys
0xEE67C000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEE654000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEE41F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEE3D3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF8AA4000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF8AAA000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xEE1DA000 \SystemRoot\System32\Drivers\HTTP.sys
0xEE10A000 \SystemRoot\system32\DRIVERS\srv.sys
0xEDB7F000 \SystemRoot\system32\drivers\wdmaud.sys
0xEDD1A000 \SystemRoot\system32\drivers\sysaudio.sys
0xF8A4E000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xED594000 \??\C:\DOCUME~1\MARIOG~1\LOCALS~1\Temp\pxloapoc.sys
0xED429000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
408 C:\WINDOWS\system32\smss.exe
448 csrss.exe
472 C:\WINDOWS\system32\winlogon.exe
516 C:\WINDOWS\system32\services.exe
536 C:\WINDOWS\system32\lsass.exe
724 C:\WINDOWS\system32\svchost.exe
820 svchost.exe
888 C:\Program Files\Windows Defender\MsMpEng.exe
928 C:\WINDOWS\system32\svchost.exe
1000 svchost.exe
1136 svchost.exe
1200 C:\Program Files\Emsisoft\Online Armor\oacat.exe
1396 C:\WINDOWS\system32\spoolsv.exe
1444 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1508 svchost.exe
1588 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1692 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
1804 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
1936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
168 aoltpspd.exe
360 C:\Program Files\Bonjour\mDNSResponder.exe
572 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1592 C:\WINDOWS\system32\svchost.exe
1848 C:\Program Files\Java\jre6\bin\jqs.exe
212 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
880 C:\WINDOWS\system32\svchost.exe
1720 C:\WINDOWS\wanmpsvc.exe
2776 alg.exe
3008 C:\WINDOWS\explorer.exe
3404 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
4028 C:\WINDOWS\system32\dla\tfswctrl.exe
4068 C:\Program Files\Common Files\AOL\1125946752\ee\aolsoftware.exe
532 C:\Program Files\Windows Defender\MSASCui.exe
3476 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
1756 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2848 C:\WINDOWS\system32\hkcmd.exe
1148 C:\WINDOWS\system32\igfxpers.exe
788 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3224 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1808 C:\Program Files\DellSupport\DSAgnt.exe
2780 C:\WINDOWS\system32\ctfmon.exe
2388 C:\WINDOWS\system32\taskmgr.exe
1912 C:\Program Files\Internet Explorer\iexplore.exe
3060 C:\Program Files\Internet Explorer\iexplore.exe
1960 C:\WINDOWS\system32\notepad.exe
960 C:\Documents and Settings\Mario Graziano\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: ST380011A, Rev: 8.16

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D13DDF8A51F8C99D562C7C0018E2F8FDA7D48E0 7

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

[recovering disk space - old attachment deleted by admin]

SuperDave · « **Reply #24 on:** November 10, 2010, 12:37:13 PM »

•Start HijackThis
•Click on the Misc Tools button
•Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.

cfnyy51 · « **Reply #25 on:** November 10, 2010, 01:39:59 PM »

Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Belarc Advisor 6.1
Bonjour
BUM
CCleaner
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 942
Dell Picture Studio v3.0
Dell Support Center (Support Software)
DellSupport
EarthLink setup files
ESET Online Scanner
ESET Online Scanner v3
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InterActual Player
Internet Explorer Default Page
iPod for Windows 2005-02-07
iPod for Windows 2005-06-26
iPod for Windows 2006-01-10
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 22
KODAK EASYSHARE Gallery Upload ActiveX Control
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.12)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Netflix Movie Viewer
Online Armor 4.0
OpenOffice.org Installer 1.0
Optimum Online net guide
PowerDVD 5.3
Pure Networks Port Magic
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer Basic
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCyberCoach 3.2 Dell
WinASO Registry Optimizer 4.5.5
Windows Defender
Windows Defender Signatures
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Media Player 11
WordPerfect Office 12

SuperDave · « **Reply #26 on:** November 10, 2010, 05:25:31 PM »

Quote

I have no idea where AOL antivirus is or how to close it/disable it.

This was probably installed with AOL Uninstaller (Choose which Products to Remove)
. You can have a look in there to see if it is actually there and remove it.

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
WinASO Registry Optimizer 4.5.5

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
********************************************
Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
Go to Start > Run and type: cmd.exe
press Ok.
At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
press Enter.
The process is automatic...a black DOS window will open and quickly disappear. This is normal.
A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.

cfnyy51 · « **Reply #27 on:** November 10, 2010, 05:53:24 PM »

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.8.16 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST380011A_______________________________8.16____#
4a354b563639454520202020202020202020202 0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x82324398
user != kernel MBR !!!
sectors 156249998 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

SuperDave · « **Reply #28 on:** November 11, 2010, 07:02:07 AM »

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code: [Select]

cd desktop

mbr.exe -f

exit

Post a log (MBR.log).

cfnyy51 · « **Reply #29 on:** November 11, 2010, 07:43:20 AM »

When I type in the second command, mbr.exe -f, it says it is not recognized as an internal or external command, operal program or batch file.

I could be absolutely wrong in assuming what the first command (cd desktop) means, but since mbr.exe was saved in the root directory, wouldnt it not be in the desktop?

Again, I could absolutely be wrong.

Salmon Trout · « **Reply #30 on:** November 11, 2010, 08:11:08 AM »

The root directory of drive C is C:\ - not "the desktop".

Computer Hope Forum

News:

Author Topic: svchost.exe and windows update (Read 38313 times)

cfnyy51

cfnyy51

cfnyy51

cfnyy51

villar1598

SuperDave

cfnyy51

SuperDave

cfnyy51

SuperDave

cfnyy51

cfnyy51

SuperDave

cfnyy51

SuperDave

cfnyy51

SuperDave

cfnyy51

SuperDave

cfnyy51

SuperDave

cfnyy51

SuperDave

cfnyy51

SuperDave

cfnyy51

SuperDave

cfnyy51

SuperDave

cfnyy51

Salmon Trout