Help Trojan Win32/Renos.IO [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Help Trojan Win32/Renos.IO [Solved], Win32 Renos Can't use Malwarebytes or other programs Firefox won&#

Options

moebius34 View Member Profile	Jul 3 2009, 02:39 PM Post #1
New Member Posts: 4 OS: windows vista	Hi: Please Help! I stupidly allowed the Trojan downloader Win32/Renos.IO virus when I was asked to update media player with Flash. I have followed the Malware steps but when i download and install Malwarebytes it wont run, the same happens with Spybot and others. I also cant open mozilla. Running windows vista (sp1) Following is the logs for Rooter: Followed by OTL Rooter.exe (v1.0.2) by Eric_71 . The token does not have the SeDebugPrivilege privilege ! (error:1300) Can not acquire SeDebugPrivilege ! Please run the tool as administrator .. . Windows Vista Home Edition (6.0.6001) Service Pack 1 [32_bits] - x86 Family 15 Model 107 Stepping 2, AuthenticAMD . Error OpenService (wscsvc) : 6 Error OpenSCManager : 5 Error OpenService (MpsSvc) : 6 Windows Defender -> Enabled User Account Control (UAC) -> Enabled . Internet Explorer 7.0.6001.18000 Mozilla Firefox 3.0.11 (en-GB) . C:\ [Fixed-NTFS] .. ( Total:113 Go - Free:58 Go ) D:\ [Fixed-NTFS] .. ( Total:170 Go - Free:42 Go ) E:\ [CD_Rom] F:\ [Removable] G:\ [Removable] H:\ [Removable] I:\ [Removable] J:\ [Removable] K:\ [Fixed-FAT32] .. ( Total:149 Go - Free:3 Go ) M:\ [Removable] . Scan : 12:57.08 Path : C:\Users\Maxine\Documents\Downloads\Rooter.exe User : Maxine ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) Locked System (4) Locked smss.exe (444) Locked csrss.exe (592) Locked wininit.exe (652) Locked csrss.exe (664) Locked services.exe (708) Locked lsass.exe (724) Locked lsm.exe (732) Locked winlogon.exe (764) Locked svchost.exe (980) Locked svchost.exe (1052) Locked svchost.exe (1168) Locked svchost.exe (1200) Locked Ati2evxx.exe (1236) Locked svchost.exe (1252) Locked svchost.exe (1312) Locked svchost.exe (1332) Locked audiodg.exe (1424) Locked SLsvc.exe (1468) Locked svchost.exe (1508) Locked Ati2evxx.exe (1656) ______ C:\Windows\system32\Dwm.exe (1932) Locked spoolsv.exe (2020) ______ C:\Windows\Explorer.EXE (124) Locked taskeng.exe (256) Locked svchost.exe (288) ______ C:\Windows\system32\taskeng.exe (1648) Rooter.exe (v1.0.2) by Eric_71 . The token does not have the SeDebugPrivilege privilege ! (error:1300) Can not acquire SeDebugPrivilege ! Please run the tool as administrator .. . Windows Vista Home Edition (6.0.6001) Service Pack 1 [32_bits] - x86 Family 15 Model 107 Stepping 2, AuthenticAMD . Error OpenService (wscsvc) : 6 Error OpenSCManager : 5 Error OpenService (MpsSvc) : 6 Windows Defender -> Enabled User Account Control (UAC) -> Enabled . Internet Explorer 7.0.6001.18000 Mozilla Firefox 3.0.11 (en-GB) . C:\ [Fixed-NTFS] .. ( Total:113 Go - Free:58 Go ) D:\ [Fixed-NTFS] .. ( Total:170 Go - Free:42 Go ) E:\ [CD_Rom] F:\ [Removable] G:\ [Removable] H:\ [Removable] I:\ [Removable] J:\ [Removable] K:\ [Fixed-FAT32] .. ( Total:149 Go - Free:3 Go ) M:\ [Removable] . Scan : 12:57.08 Path : C:\Users\Maxine\Documents\Downloads\Rooter.exe User : Maxine ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) Locked System (4) Locked smss.exe (444) Locked csrss.exe (592) Locked wininit.exe (652) Locked csrss.exe (664) Locked services.exe (708) Locked lsass.exe (724) Locked lsm.exe (732) Locked winlogon.exe (764) Locked svchost.exe (980) Locked svchost.exe (1052) Locked svchost.exe (1168) Locked svchost.exe (1200) Locked Ati2evxx.exe (1236) Locked svchost.exe (1252) Locked svchost.exe (1312) Locked svchost.exe (1332) Locked audiodg.exe (1424) Locked SLsvc.exe (1468) Locked svchost.exe (1508) Locked Ati2evxx.exe (1656) ______ C:\Windows\system32\Dwm.exe (1932) Locked spoolsv.exe (2020) ______ C:\Windows\Explorer.EXE (124) Locked taskeng.exe (256) Locked svchost.exe (288) ______ C:\Windows\system32\taskeng.exe (1648) OTL logfile created on: 7/3/2009 1:32:06 PM - Run 2 OTL by OldTimer - Version 3.0.6.4 Folder = C:\Users\Maxine\Documents\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.75 Gb Total Physical Memory \| 0.92 Gb Available Physical Memory \| 52.79% Memory free 3.75 Gb Paging File \| 2.61 Gb Available in Paging File \| 69.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 113.36 Gb Total Space \| 57.91 Gb Free Space \| 51.09% Space Free \| Partition Type: NTFS Drive D: \| 170.08 Gb Total Space \| 42.52 Gb Free Space \| 25.00% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: \| 149.01 Gb Total Space \| 3.41 Gb Free Space \| 2.29% Space Free \| Partition Type: FAT32 Drive M: \| 967.22 Mb Total Space \| 584.38 Mb Free Space \| 60.42% Space Free \| Partition Type: FAT Computer Name: KWOMAIS Current User Name: Maxine Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe () PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Northstar\SmartCopy\SmartCopy.exe () PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files\Northstar\SmartLauncher\SmartLauncher.exe (North Star com.) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Users\Maxine\Documents\Downloads\OTL (1).exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Acer HomeMedia Connect Service [Auto \| Running]) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (Adobe LM Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (Ati External Event Utility [Auto \| Running]) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) SRV - (avg8emc [Auto \| Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg8wd [Auto \| Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (BUNAgentSvc [Auto \| Running]) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (eDataSecurity Service [Auto \| Running]) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (ehRecvr [On_Demand \| Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [On_Demand \| Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart [Auto \| Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (ETService [Auto \| Running]) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV - (Eventlog [Auto \| Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (GoogleDesktopManager-080708-050100 [On_Demand \| Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (gupdate1c9868a27ed0780 [Auto \| Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (gusvc [Auto \| Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (idsvc [Unknown \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (Lavasoft Ad-Aware Service [Auto \| Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (LightScribeService [Auto \| Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (NBService [On_Demand \| Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (NMIndexingService [On_Demand \| Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (NTIBackupSvc [Auto \| Running]) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc [Auto \| Running]) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (odserv [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RichVideo [Auto \| Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe () SRV - (WinDefend [Auto \| Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (adp94xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (adpahci [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (adpu320 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ahcix86s [Boot \| Running]) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (aic78xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (aliide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (arc [Disabled \| Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (arcsas [Disabled \| Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (atikmdag [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiPcie [Boot \| Running]) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (AvgLdx86 [System \| Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86 [System \| Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgTdiX [System \| Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (BrFiltLo [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (Brserid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrSerWdm [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm [Disabled \| Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (cmdide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (E1G60 [On_Demand \| Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation) DRV - (elxstor [Disabled \| Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HpCISSs [Disabled \| Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (iaStorV [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (iirsp [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (int15 [Auto \| Running]) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (IntcAzAudAddService [On_Demand \| Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (iteatapi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (iteraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (Lbd [Boot \| Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (LSI_FC [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (LSI_SAS [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (LSI_SCSI [Disabled \| Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (megasas [Disabled \| Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR [Disabled \| Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (MODEMCSA [On_Demand \| Running]) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (Mraid35x [Disabled \| Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (nfrd960 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (NTIDrvr [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (ntrigdigi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (nvraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor [Disabled \| Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (pcouffin [On_Demand \| Running]) -- C:\Windows\System32\Drivers\pcouffin.sys (VSO Software) DRV - (PSDFilter [Boot \| Running]) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ [Auto \| Running]) -- C:\Windows\System32\DRIVERS\PSDNServ.sys (Egis Incorporated) DRV - (psdvdisk [Auto \| Running]) -- C:\Windows\System32\DRIVERS\PSDVdisk.sys (Egis Incorporated) DRV - (ql2300 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (ql40xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (secdrv [Auto \| Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiSRaid4 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (smserial [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\smserial.sys (Motorola Inc.) DRV - (Symc8xx [Disabled \| Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_hi [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Sym_u3 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (tvicport [Auto \| Running]) -- C:\Windows\System32\drivers\tvicport.sys (EnTech Taiwan) DRV - (UBHelper [Boot \| Running]) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (uliahci [Disabled \| Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (UlSata [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (ulsata2 [Disabled \| Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (viaide [Disabled \| Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (vsmraid [Disabled \| Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (WSVD [On_Demand \| Stopped]) -- C:\Windows\System32\drivers\WSVD.sys (CyberLink) DRV - (yukonwlh [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell) DRV - (zntport [Auto \| Running]) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_m1201 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_m1201 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_m1201 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 FF - prefs.js..extensions.enabledItems: avg@igeared:2.506.014.001 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/27 09:47:39 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/06/27 09:47:39 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/12 10:21:00 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/23 21:40:11 \| 00,000,000 \| ---D \| M] [2009/02/08 14:23:41 \| 00,000,000 \| ---D \| M] -- C:\Users\Maxine\AppData\Roaming\mozilla\Extensions [2009/02/08 14:23:41 \| 00,000,000 \| ---D \| M] -- C:\Users\Maxine\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/02/01 16:17:02 \| 00,000,000 \| ---D \| M] -- C:\Users\Maxine\AppData\Roaming\mozilla\Firefox\extensions [2009/02/01 16:17:02 \| 00,000,000 \| ---D \| M] -- C:\Users\Maxine\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009/07/02 21:29:53 \| 00,000,000 \| ---D \| M] -- C:\Users\Maxine\AppData\Roaming\mozilla\Firefox\Profiles\q873tpc8.default\extensions [2009/05/22 14:27:33 \| 00,000,000 \| ---D \| M] -- C:\Users\Maxine\AppData\Roaming\mozilla\Firefox\Profiles\q873tpc8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2008/11/24 15:50:50 \| 00,000,838 \| ---- \| M] () -- C:\Users\Maxine\AppData\Roaming\Mozilla\FireFox\Profiles\q873tpc8.default\searchplugins\conduit.xml [2009/07/03 12:07:22 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/06/12 10:21:00 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/11 02:11:42 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009/03/03 22:54:53 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/05/20 02:37:44 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/06/12 10:20:59 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/06/12 10:20:59 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/10 17:21:08 \| 00,163,256 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2009/05/20 02:37:29 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/06/12 10:21:00 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006/10/26 20:12:16 \| 00,016,192 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2008/10/14 22:33:30 \| 00,095,600 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/03/07 01:39:41 \| 00,001,538 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2009/03/07 01:39:41 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/06/28 12:59:31 \| 00,001,490 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml [2009/02/20 17:25:41 \| 00,002,194 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2009/03/07 01:39:41 \| 00,000,947 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2009/03/07 01:39:41 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/03/07 01:39:41 \| 00,000,759 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2009/03/07 01:39:41 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/03/07 01:39:41 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/03/07 01:39:41 \| 00,000,831 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe () O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Product Registration] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated) O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found O4 - HKLM..\Run: [Google Desktop Search] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] File not found O4 - Startup: C:\Users\Maxine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Tumblebugs/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.154.133.68 75.154.133.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.132,85.255.112.188 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 14:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/07/03 09:53:32 \| 00,000,383 \| RHS- \| M] () - M:\autorun.inf -- [ FAT ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found ========== Files/Folders - Created Within 30 Days ========== [2009/07/03 13:15:40 \| 00,000,822 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/03 13:15:37 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/07/03 13:15:36 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/07/03 13:15:36 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/07/03 13:15:35 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/07/03 12:57:45 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\Desktop\nighmare [2009/07/03 12:57:14 \| 00,000,000 \| ---D \| C] -- C:\Rooter$ [2009/07/03 12:56:13 \| 00,000,000 \| ---D \| C] -- C:\Windows\ERDNT [2009/07/03 12:55:36 \| 00,000,737 \| ---- \| C] () -- C:\Users\Maxine\Desktop\NTREGOPT.lnk [2009/07/03 12:55:36 \| 00,000,718 \| ---- \| C] () -- C:\Users\Maxine\Desktop\ERUNT.lnk [2009/07/03 12:55:33 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/07/03 12:14:21 \| 01,739,478 \| -H-- \| C] () -- C:\Users\Maxine\AppData\Local\IconCache.db [2009/07/03 12:08:55 \| 18,781,88032 \| -HS- \| C] () -- C:\hiberfil.sys [2009/07/03 11:47:26 \| 00,000,816 \| ---- \| C] () -- C:\Users\Maxine\Desktop\SpywareBlaster.lnk [2009/07/03 11:47:22 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SpywareBlaster [2009/07/03 09:34:51 \| 00,000,264 \| -H-- \| C] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job [2009/07/03 09:34:16 \| 00,062,813 \| ---- \| C] () -- C:\Program Files\Uninstall.exe [2009/07/02 22:22:27 \| 00,001,980 \| ---- \| C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2009/07/02 22:11:29 \| 00,000,000 \| ---D \| C] -- C:\Windows\Google Earth Pro 4.2 [2009/07/02 22:11:29 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Google Earth Pro 4.2 [2009/06/30 14:15:46 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\vsosdk [2009/06/30 13:58:56 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\Documents\DVDFab [2009/06/30 13:56:26 \| 00,087,608 \| ---- \| C] () -- C:\Users\Maxine\AppData\Roaming\inst.exe [2009/06/30 13:56:26 \| 00,047,360 \| ---- \| C] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys [2009/06/30 13:56:26 \| 00,047,360 \| ---- \| C] (VSO Software) -- C:\Users\Maxine\AppData\Roaming\pcouffin.sys [2009/06/30 13:56:26 \| 00,007,887 \| ---- \| C] () -- C:\Users\Maxine\AppData\Roaming\pcouffin.cat [2009/06/30 13:56:26 \| 00,001,144 \| ---- \| C] () -- C:\Users\Maxine\AppData\Roaming\pcouffin.inf [2009/06/30 13:56:25 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\Documents\PcSetup [2009/06/30 13:56:25 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\AppData\Roaming\Vso [2009/06/30 13:56:08 \| 00,000,000 \| ---D \| C] -- C:\Program Files\DVDFab 5 [2009/06/28 16:06:23 \| 00,000,886 \| ---- \| C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2009/06/28 16:06:21 \| 00,000,882 \| ---- \| C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2009/06/28 12:59:32 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\AppData\Local\AVG Security Toolbar [2009/06/26 19:46:38 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\Desktop\Wedding Invite [2009/06/26 19:31:46 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\Documents\Updater [2009/06/26 17:05:44 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\Desktop\TV Series FEB 2009 [2009/06/26 12:03:40 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\AVG Security Toolbar [2009/06/25 22:34:52 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\AppData\Roaming\WinRAR [2009/06/25 22:30:08 \| 00,000,000 \| ---D \| C] -- C:\Program Files\WinRAR [2009/06/25 19:15:26 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\LightScribe [2009/06/25 19:15:19 \| 00,002,533 \| ---- \| C] () -- C:\Users\Maxine\Desktop\Nero StartSmart.lnk [2009/06/24 09:59:46 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\AppData\Local\Ahead [2009/06/23 22:28:45 \| 00,000,069 \| ---- \| C] () -- C:\Windows\NeroDigital.ini [2009/06/23 22:11:16 \| 00,001,156 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2009/06/23 22:11:08 \| 00,000,000 \| ---D \| C] -- C:\Users\Public\Documents\Adobe PDF [2009/06/23 22:10:44 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Adobe Systems Shared [2009/06/23 21:59:45 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\AppData\Roaming\Ahead [2009/06/23 21:58:26 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Nero [2009/06/23 21:58:25 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Nero [2009/06/23 21:58:25 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Ahead [2009/06/23 21:56:41 \| 02,388,176 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2009/06/23 21:56:40 \| 02,323,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2009/06/23 21:51:44 \| 00,000,000 \| ---D \| C] -- C:\Program Files\AskTBar [2009/06/23 21:39:45 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Visual Studio [2009/06/23 21:39:45 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\DESIGNER [2009/06/23 21:39:21 \| 00,000,000 \| ---D \| C] -- C:\Windows\PCHEALTH [2009/06/23 21:39:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft.NET [2009/06/23 21:35:32 \| 00,000,000 \| RH-D \| C] -- C:\MSOCache [2009/06/23 19:12:47 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\Documents\The KMPlayer [2009/06/23 19:11:40 \| 00,000,776 \| ---- \| C] () -- C:\Users\Maxine\Desktop\KMPlayer.lnk [2009/06/23 19:11:34 \| 00,000,000 \| ---D \| C] -- C:\Program Files\The KMPlayer [2009/06/23 11:30:54 \| 00,000,000 \| ---D \| C] -- C:\Program Files\uTorrent [2009/06/23 11:30:32 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\AppData\Roaming\uTorrent [2009/06/22 23:59:30 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Tumble Bugs1 [2009/06/22 23:55:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trymedia [2009/06/22 23:55:39 \| 00,000,000 \| ---D \| C] -- C:\Program Files\PopCap Games [2009/06/22 23:54:37 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\Desktop\GaMES [2009/06/22 23:45:49 \| 00,000,000 \| ---D \| C] -- C:\Users\Maxine\Desktop\Martin [2009/06/16 12:51:47 \| 00,428,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2009/06/16 12:51:47 \| 00,293,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2009/06/16 12:51:47 \| 00,217,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2009/06/16 12:51:47 \| 00,177,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2009/06/16 12:51:47 \| 00,080,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2009/06/10 23:40:07 \| 02,033,152 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009/06/10 23:40:06 \| 00,636,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2009/06/10 23:40:04 \| 00,784,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll [2009/06/10 23:39:59 \| 03,581,952 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/06/10 23:39:58 \| 06,069,248 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/06/10 23:39:58 \| 01,166,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/06/10 23:39:58 \| 00,827,904 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/06/10 23:39:58 \| 00,270,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/06/10 23:39:57 \| 00,671,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/06/10 23:39:57 \| 00,458,240 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/06/10 23:39:57 \| 00,389,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/06/10 23:39:57 \| 00,389,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/06/10 23:39:57 \| 00,230,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/06/10 23:39:57 \| 00,102,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/06/10 23:39:57 \| 00,078,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/06/10 23:39:57 \| 00,028,160 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/06/10 23:39:57 \| 00,026,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/06/10 23:39:56 \| 01,383,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009/02/01 03:17:33 \| 00,000,674 \| ---- \| C] () -- C:\Windows\wininit.ini [2009/01/31 15:28:59 \| 00,000,042 \| ---- \| C] () -- C:\Windows\Acer(Wide).ini [2009/01/31 15:28:56 \| 00,000,044 \| ---- \| C] () -- C:\Windows\Acer(Normal).ini [2008/08/21 17:11:21 \| 00,049,152 \| ---- \| C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2008/08/21 17:10:21 \| 00,159,744 \| ---- \| C] () -- C:\Windows\System32\atitmmxx.dll [2008/08/21 14:09:23 \| 00,001,024 \| RH-- \| C] () -- C:\Windows\System32\NTIOFM4.dll [2008/08/21 14:09:23 \| 00,001,024 \| RH-- \| C] () -- C:\Windows\System32\NTIBUN5.dll [2008/08/21 13:57:51 \| 00,487,424 \| ---- \| C] () -- C:\Windows\System32\INT15.dll [2006/11/02 05:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 03:23:31 \| 00,000,219 \| ---- \| C] () -- C:\Windows\win.ini [2006/11/02 03:23:31 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 00:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2001/12/26 13:12:30 \| 00,065,536 \| ---- \| C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/09/03 20:46:38 \| 00,110,592 \| ---- \| C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 13:33:56 \| 00,118,784 \| ---- \| C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/23 19:04:36 \| 00,118,784 \| ---- \| C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Files - Modified Within 30 Days ========== [2009/07/03 13:35:25 \| 00,084,480 \| ---- \| M] () -- C:\Users\Maxine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/03 13:35:25 \| 00,000,069 \| ---- \| M] () -- C:\Windows\NeroDigital.ini [2009/07/03 13:16:42 \| 00,690,960 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/07/03 13:16:42 \| 00,599,942 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/07/03 13:16:42 \| 00,105,448 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/07/03 13:15:40 \| 00,000,822 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/03 13:13:52 \| 00,000,868 \| ---- \| M] () -- C:\Windows\tasks\Google Software Updater.job [2009/07/03 13:11:51 \| 00,001,594 \| ---- \| M] () -- C:\Users\Maxine\Desktop\Clean Registry for Free!.lnk [2009/07/03 13:11:23 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/07/03 13:11:22 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/07/03 13:11:22 \| 00,000,882 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2009/07/03 13:11:21 \| 00,000,264 \| -H-- \| M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job [2009/07/03 13:11:18 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/07/03 13:11:15 \| 00,067,584 \| ---- \| M] () -- C:\Windows\bootstat.dat [2009/07/03 13:11:07 \| 18,781,88032 \| -HS- \| M] () -- C:\hiberfil.sys [2009/07/03 13:09:13 \| 01,739,478 \| -H-- \| M] () -- C:\Users\Maxine\AppData\Local\IconCache.db [2009/07/03 12:55:36 \| 00,000,737 \| ---- \| M] () -- C:\Users\Maxine\Desktop\NTREGOPT.lnk [2009/07/03 12:55:36 \| 00,000,718 \| ---- \| M] () -- C:\Users\Maxine\Desktop\ERUNT.lnk [2009/07/03 12:11:00 \| 00,000,886 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2009/07/03 11:47:26 \| 00,000,816 \| ---- \| M] () -- C:\Users\Maxine\Desktop\SpywareBlaster.lnk [2009/07/03 09:56:03 \| 00,000,000 \| ---- \| M] () -- C:\Windows\System32\LogConfigTemp.xml [2009/07/03 09:34:16 \| 00,062,813 \| ---- \| M] () -- C:\Program Files\Uninstall.exe [2009/07/03 08:01:24 \| 37,700,955 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009/07/03 08:01:24 \| 00,005,598 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009/07/02 22:22:27 \| 00,001,980 \| ---- \| M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2009/07/02 00:06:18 \| 00,000,040 \| ---- \| M] () -- C:\Windows\popcinfo.dat [2009/06/30 13:56:26 \| 00,087,608 \| ---- \| M] () -- C:\Users\Maxine\AppData\Roaming\inst.exe [2009/06/30 13:56:26 \| 00,047,360 \| ---- \| M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys [2009/06/30 13:56:26 \| 00,047,360 \| ---- \| M] (VSO Software) -- C:\Users\Maxine\AppData\Roaming\pcouffin.sys [2009/06/30 13:56:26 \| 00,007,887 \| ---- \| M] () -- C:\Users\Maxine\AppData\Roaming\pcouffin.cat [2009/06/30 13:56:26 \| 00,001,144 \| ---- \| M] () -- C:\Users\Maxine\AppData\Roaming\pcouffin.inf [2009/06/29 18:06:27 \| 00,463,779 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg [2009/06/29 16:17:00 \| 00,000,472 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2009/06/26 12:02:51 \| 00,327,688 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2009/06/26 12:02:51 \| 00,027,784 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2009/06/26 12:02:51 \| 00,011,952 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2009/06/25 19:15:19 \| 00,002,533 \| ---- \| M] () -- C:\Users\Maxine\Desktop\Nero StartSmart.lnk [2009/06/24 09:59:49 \| 00,092,176 \| ---- \| M] () -- C:\Users\Maxine\AppData\Local\GDIPFONTCACHEV1.DAT [2009/06/24 09:58:49 \| 00,350,080 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2009/06/23 22:11:16 \| 00,001,156 \| ---- \| M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2009/06/23 21:36:40 \| 00,000,219 \| ---- \| M] () -- C:\Windows\win.ini [2009/06/23 19:12:40 \| 00,000,776 \| ---- \| M] () -- C:\Users\Maxine\Desktop\KMPlayer.lnk [2009/06/23 13:33:07 \| 00,001,975 \| ---- \| M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2009/06/17 11:27:56 \| 00,038,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/06/17 11:27:44 \| 00,019,096 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:C5E4F943 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DF30C7A6 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D509ABF5 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3E7393FC @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:6D192E3A @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2EF63291 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:0C988F7D @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:19DEDE0B < End of report >

fenzodahl512 View Member Profile	Jul 4 2009, 07:09 AM Post #2
Trusted Helper Posts: 9,206 OS: Windows XP	double posted This post has been edited by fenzodahl512: Jul 4 2009, 07:11 AM

fenzodahl512 View Member Profile	Jul 4 2009, 07:09 AM Post #3
Trusted Helper Posts: 9,206 OS: Windows XP	double posted This post has been edited by fenzodahl512: Jul 4 2009, 07:11 AM

fenzodahl512 View Member Profile	Jul 4 2009, 07:09 AM Post #4
Trusted Helper Posts: 9,206 OS: Windows XP	Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given.. Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop. Link 1 Link 2 Link 3 Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed. If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest.. When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply.. Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

fenzodahl512 View Member Profile	Jul 4 2009, 10:18 PM Post #6
Trusted Helper Posts: 9,206 OS: Windows XP	*OTListIt2 Fix step* Open OTL then do below.. Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button. CODE :processes explorer.exe :OTL @Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:C5E4F943 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DF30C7A6 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D509ABF5 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3E7393FC @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:6D192E3A @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2EF63291 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:0C988F7D @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:19DEDE0B :commands [purity] [emptytemp] [start explorer] [reboot] Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply... Please run a free online scan with the ESET Online Scanner *Note*: You will need to use Internet Explorer for this scan. Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan Wait for the scan to finish Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic How's the computer now?

moebius34 View Member Profile	Jul 5 2009, 12:09 PM Post #7
New Member Posts: 4 OS: windows vista	Thanks alot. Feels like I'm getting my mom's computer back! I'll let you you know how it's running after a test run. Here is the online ESET log file: ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=6 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=d2b6fa2f2dd65c4ca174e29846b8c310 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-07-05 06:03:46 # local_time=2009-07-05 11:03:46 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1026 61 100 100 53441344003 # compatibility_mode=5889 61 66 100 459348134805687 # compatibility_mode=0 0 0 0 0 # scanned=127391 # found=3 # cleaned=3 # scan_time=3329 C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 K:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP165\A0064103.exe Win32/HackAV.BG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 K:\UTorrent\COMPLETE\Beetle Bomp + Serpengo+ Bone Out from Boneville + Zuma Deluxe + Lemonade Tycoon 2 [found with kelforum.com ].rar Win32/Adware.Trymedia application (deleted - quarantined) 00000000000000000000000000000000

fenzodahl512 View Member Profile	Jul 5 2009, 11:25 PM Post #8
Trusted Helper Posts: 9,206 OS: Windows XP	Looks good to me.. Open OTL once again and click on the CleanUp! button.. Then, everything should be good to go.. Please response once again before we can close this topic

moebius34 View Member Profile	Jul 6 2009, 10:05 AM Post #9
New Member Posts: 4 OS: windows vista	Yeah everything looks good! Thanks so much, awesome helper, awesome service, really great, moebius

fenzodahl512 View Member Profile	Jul 7 2009, 12:55 AM Post #10
Trusted Helper Posts: 9,206 OS: Windows XP	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Win32/renos.io trojan downloader plz help	1 / 1,079	11th June 2009 - 09:19 PM dezerbois started - last by dezerbois
Virus, Spyware and Trojan Removal Win32/Renos.io & ComboFix [Solved] 1234	50 / 2,599	3rd September 2009 - 07:31 PM lttl.espana started - last by JSntgRvr
Virus, Spyware and Trojan Removal Assistance removing win32/Renos.io Trojan [Closed]	14 / 359	4th August 2009 - 11:00 PM jdugan83 started - last by fenzodahl512
Virus, Spyware and Trojan Removal Help removing TrojanDownloader:Win32/Renos.IO [Closed]	2 / 398	29th July 2009 - 01:14 PM Kelly O started - last by Essexboy