Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Am i still infected? [RESOLVED]


  • This topic is locked This topic is locked

#16
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey Kenzik,

Just a few more leftovers to remove. :)

1) Rerun OTMoveIt2

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

2) Update Adobe Reader

Please uninstall the current version of Adobe you have and go here to install the latest version.

Also, please get me a new RSIT log. Thanks. :)

Next reply (please include):

Fresh HijackThis log
RSIT logs
OTMoveIt2 log

  • 0

Advertisements


#17
Kenzik

Kenzik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the three logs, may I ask why I had to update Adobe Reader? And thanks again for continuing to help me.


HijackThis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:38 PM, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\System32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [DeadAIM] "C:\WINDOWS\system32\rundll32.exe" "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [StatBar] "C:\Program Files\Globe Software\StatBar\StatBar.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dllC:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllC:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dllC:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 8934 bytes


RSIT logs

Logfile of random's system information tool (written by random/random)
Run by Patrick at 2008-09-04 13:22:58
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (2%) free of 131 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:00 PM, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Patrick\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Patrick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X Configure] "C:\WINDOWS\System32\JMRaidTool.exe" boot
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [DeadAIM] "C:\WINDOWS\system32\rundll32.exe" "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [StatBar] "C:\Program Files\Globe Software\StatBar\StatBar.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O17 - HKLM\System\CS2\Services\Tcpip\..\{04A8EC2B-40B8-42CF-8AB5-1E4E1EF575CA}: NameServer = 66.75.164.90,66.75.164.89
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dllC:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllC:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dllC:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 8883 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\jucheck.job
C:\WINDOWS\tasks\XoftSpy.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-01 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"=C:\WINDOWS\System32\JMRaidTool.exe [2006-06-02 385024]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]
"DeadAIM"=C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-02-28 144896]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-12-05 1626112]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2001-08-23 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-08-28 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StatBar"=C:\Program Files\Globe Software\StatBar\StatBar.exe [2003-07-25 335872]
""= []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-08-09 155648]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dllC:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllC:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dllC:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Documents and Settings\Patrick\My Documents\Limewire\LimeWire.exe"="C:\Documents and Settings\Patrick\My Documents\Limewire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Patrick\My Documents\Kazaa Lite K++\klrun.exe"="C:\Documents and Settings\Patrick\My Documents\Kazaa Lite K++\klrun.exe:*:Enabled:klrun"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Azureus Vuze\Azureus.exe"="C:\Program Files\Azureus Vuze\Azureus.exe:*:Enabled:Azureus Vuze"
"C:\Documents and Settings\Patrick\My Documents\Games\Battlefield 2\BF2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike source\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\tbgnb11\half-life\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\tbgnb11\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life blue shift\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Grand Theft Auto - Vice City\gta-vc.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Grand Theft Auto - Vice City\gta-vc.exe:*:Enabled:Play GTA Vice City"
"C:\Documents and Settings\Patrick\My Documents\Kazaa\Kazaa Lite K++\KazaaLite.kpp"="C:\Documents and Settings\Patrick\My Documents\Kazaa\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Documents and Settings\Patrick\My Documents\Games\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life 2 deathmatch\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\Patrick\Desktop\utorrent 1.2.exe"="C:\Documents and Settings\Patrick\Desktop\utorrent 1.2.exe:*:Enabled:utorrent 1.2"
"C:\Documents and Settings\Patrick\My Documents\Games\F.E.A.R\fpupdate.exe"="C:\Documents and Settings\Patrick\My Documents\Games\F.E.A.R\fpupdate.exe:*:Enabled:fpupdate"
"C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\BackgroundDownloader.exe"="C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steam.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\team fortress 2\hl2.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\Launcher.exe"="C:\Documents and Settings\Patrick\My Documents\Games\World of Warcraft\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Patrick\My Documents\Games\Call of Duty 4\iw3mp.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Call of Duty 4\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\ricochet\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\deathmatch classic\hl.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\688bc66bc31dd3b27ea26b2cc8d5d251\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Patrick\My Documents\My Downloads\AoC-US-EarlyAccess.exe"="C:\Documents and Settings\Patrick\My Documents\My Downloads\AoC-US-EarlyAccess.exe:*:Enabled:Age of Conan Downloader"
"C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\common\unreal tournament 2004\System\UT2004.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Steam\steamapps\common\unreal tournament 2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Octoshape Streaming Services\Patrick\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Patrick\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\empires2.exe"="C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\age2_x1.exe"="C:\Documents and Settings\Patrick\Desktop\Age 2 + exp\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Documents and Settings\Patrick\My Documents\Games\Starcraft\Starcraft\StarCraft.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Starcraft\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe"="C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe:*:Enabled:Exteel"
"C:\Documents and Settings\Patrick\My Documents\Games\Halo\halo.exe"="C:\Documents and Settings\Patrick\My Documents\Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Documents and Settings\Patrick\Desktop\utorrent.exe"="C:\Documents and Settings\Patrick\Desktop\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe"="C:\Documents and Settings\Patrick\My Documents\Games\exteel\System\Exteel.exe:*:Enabled:Exteel"

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-04 13:05:53 ----SHD---- C:\Config.Msi
2008-09-02 22:01:13 ----A---- C:\WINDOWS\system32\suppdll.dll
2008-08-31 15:01:11 ----D---- C:\Documents and Settings\Patrick\Application Data\Malwarebytes
2008-08-31 15:01:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-31 15:01:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-31 14:34:54 ----D---- C:\_OTMoveIt
2008-08-30 02:53:56 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2008-08-29 22:52:19 ----D---- C:\rsit
2008-08-27 14:21:40 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 00:17:57 ----A---- C:\AlphaDiscLog.txt
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-08-24 00:13:22 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-08-24 00:13:21 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-08-24 00:13:10 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-08-24 00:13:09 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-08-24 00:12:53 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-08-24 00:12:52 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-08-24 00:12:49 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-08-24 00:12:29 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-08-24 00:07:18 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-08-19 19:17:03 ----D---- C:\Documents and Settings\Patrick\Application Data\IGN_DLM
2008-08-19 19:16:53 ----D---- C:\Program Files\Download Manager
2008-08-19 14:49:42 ----D---- C:\Program Files\Kaspersky Lab
2008-08-19 14:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-19 14:39:59 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-18 20:23:35 ----D---- C:\Program Files\Trend Micro
2008-08-18 18:03:55 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 07:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-18 07:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-18 07:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-18 07:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-18 07:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-18 07:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-18 07:26:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-18 07:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-17 19:07:26 ----D---- C:\Documents and Settings\Patrick\Application Data\Webroot
2008-08-17 19:07:26 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-08-17 19:07:26 ----A---- C:\WINDOWS\WRSetup.dll
2008-08-17 16:32:38 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-17 16:32:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-08-10 22:57:21 ----D---- C:\Program Files\7-Zip
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-01 23:13:14 ----A---- C:\WINDOWS\system32\java.exe
2008-08-01 14:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-01 02:40:36 ----D---- C:\Program Files\Common Files\xing shared
2008-07-29 20:21:42 ----A---- C:\WINDOWS\system32\klogon.dll
2008-07-28 16:43:56 ----A---- C:\WINDOWS\system32\wrLZMA.dll
2008-07-28 16:43:48 ----A---- C:\WINDOWS\system32\SsiEfr.exe
2008-07-26 00:30:10 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson W600 USB WMC Modem.txt
2008-07-26 00:30:01 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson W600 USB WMC Data Modem.txt
2008-07-18 23:13:00 ----D---- C:\Documents and Settings\Patrick\Application Data\Media Player Classic
2008-07-18 22:57:03 ----D---- C:\Program Files\Combined Community Codec Pack
2008-07-14 17:24:41 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-07-14 16:42:58 ----A---- C:\WINDOWS\DIIUnin.exe
2008-07-12 17:34:32 ----D---- C:\Program Files\NCSoft
2008-07-12 17:31:55 ----D---- C:\Documents and Settings\Patrick\Application Data\GetRightToGo
2008-07-06 16:29:49 ----A---- C:\WINDOWS\ScUnin.exe
2008-06-29 23:48:28 ----D---- C:\Documents and Settings\Patrick\Application Data\Ubisoft
2008-06-28 21:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-27 20:54:20 ----D---- C:\Program Files\Octoshape Streaming Services
2008-06-17 00:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-17 00:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-17 00:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-06-17 00:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-17 00:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-17 00:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-06-15 21:46:19 ----A---- C:\WINDOWS\BlendSettings.ini
2008-06-14 20:13:47 ----D---- C:\Downloads
2008-06-14 18:41:00 ----D---- C:\Program Files\Software Informer
2008-06-14 18:40:59 ----D---- C:\Documents and Settings\Patrick\Application Data\Free Download Manager
2008-06-14 18:40:56 ----D---- C:\Program Files\Free Download Manager
2008-06-14 18:40:56 ----D---- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-10 17:04:26 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-06-10 17:04:26 ----A---- C:\WINDOWS\system32\libdivx.dll

List of drivers

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-08-19 213008]
R1 NCPro;NCPro; C:\WINDOWS\system32\system32\drivers\MTictwl.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-04-12 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-04-12 25416]
R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys []
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-11-29 28432]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2006-05-23 245248]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 aidmasub;aidmasub; C:\WINDOWS\system32\drivers\aidmasub.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2005-10-21 13396]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 npkcrypt;npkcrypt; \??\C:\Documents and Settings\Patrick\My Documents\Games\Lineage 2\system\npkcrypt.sys []
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.08\RivaTuner32.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [2007-01-11 194304]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w600bus;Sony Ericsson W600 driver (WDM); C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-15 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-15 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-15 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-08-15 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-15 85952]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-18 611664]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-04 66872]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-20 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-20 654848]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------


OTMoveIt2 log


Explorer killed successfully
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys\\ deleted successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_b20.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_f88.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DFBBEB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~865e018371c0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~865e018ff250.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~867dc0c68f08.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~867dc0d290a0.htp scheduled to be deleted on reboot
  • 0

#18
Kenzik

Kenzik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The MoveIt log got cut, so here's the rest.

OTMoveIt2 log


Explorer killed successfully
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys\\ deleted successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_b20.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_f88.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DFBBEB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~865e018371c0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~865e018ff250.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~867dc0c68f08.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~867dc0d290a0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~867dd3fa10d0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~867dd4065570.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~867df70a4240.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~867df7195a50.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2c8.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09042008_124725

Files moved on Reboot...
File C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_b20.dat not found!
File C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_f88.dat not found!
C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DFBBEB.tmp moved successfully.
File C:\WINDOWS\temp\cch~865e018371c0.htp not found!
File C:\WINDOWS\temp\cch~865e018ff250.htp not found!
File C:\WINDOWS\temp\cch~867dc0c68f08.htp not found!
File C:\WINDOWS\temp\cch~867dc0d290a0.htp not found!
File C:\WINDOWS\temp\cch~867dd3fa10d0.htp not found!
File C:\WINDOWS\temp\cch~867dd4065570.htp not found!
File C:\WINDOWS\temp\cch~867df70a4240.htp not found!
File C:\WINDOWS\temp\cch~867df7195a50.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_2c8.dat not found!
  • 0

#19
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts

Here are the three logs, may I ask why I had to update Adobe Reader?


The latest Adobe Reader has some security patches that can prevent malicious people from exploiting the security holes in the outdated version of Adobe. It is best to update these softwares. :)

I'll be back with a fix soon.
  • 0

#20
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey Kenzik,

We are close, just need to clean up some stuff and do a final scan.

1) Upload file for analysis

Please ensure you can view hidden files and folders by doing the following:

  • Go to Start>Control Panel and go under Appearances and Themes
  • Click on Folder Options and go under View tab
  • Ensure that "Show hidden files and folders" is selected and click Apply

Next

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:


    • C:\WINDOWS\system32\drivers\aidmasub.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

2) Run Kaspersky

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note: If Kaspersky Webscanner fails to run, please scan with your Kaspersky Internet Security 2009 and post me its logs.

Next reply (please include):

Note: Please post ONE log in each post

Virscan log
Kaspersky scan log

Edited by Ltangelic, 05 September 2008 - 09:26 AM.

  • 0

#21
Kenzik

Kenzik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I tried to upload that file, but it gave me the error saying, "Cannot find the file." I tried to browse for it as well and couldn't find it. I know I have all of my hidden files showing too. I also ran RSIT and saw the same file, aidmasub.sys, show up, so I know it is this in my system.

I am scanning my computer now with Kaspersky, I will post it when finished.

Here it is, but I'm not sure if this is the log you wanted. I'm not sure where to get it.


Full Scan: completed 9/5/2008 4:32:32 PM (events: 456, objects: 400732, time: 01:09:47)
9/5/2008 3:22:45 PM Task started
9/5/2008 3:22:58 PM Detected: http://www.viruslist...dvisories/29320 c:\program files\microsoft office\office10\outlook.exe
9/5/2008 3:22:59 PM Detected: http://www.viruslist...dvisories/31454 c:\program files\microsoft office\office10\excel.exe
9/5/2008 3:23:02 PM Detected: http://www.viruslist...dvisories/30975 c:\program files\microsoft office\office10\winword.exe
9/5/2008 3:23:06 PM Detected: http://www.viruslist...dvisories/31453 c:\program files\microsoft office\office10\powerpnt.exe
9/5/2008 3:23:21 PM Detected: http://www.viruslist...dvisories/30150 c:\program files\microsoft office\office10\mspub.exe
9/5/2008 3:23:24 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\quicktimeplayer.exe
9/5/2008 3:23:27 PM Detected: http://www.viruslist...dvisories/12430 c:\program files\winzip\winzip32.exe
9/5/2008 3:58:06 PM Detected: Trojan.Win32.Agent.acny c:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
9/5/2008 3:58:06 PM Untreated: Trojan.Win32.Agent.acny c:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe Postponed
9/5/2008 4:08:09 PM Detected: http://www.viruslist...dvisories/28083 c:\program files\Adobe\Adobe Bridge CS3\browser\plugins\NPSWF32.dll
9/5/2008 4:11:04 PM Detected: http://www.viruslist...dvisories/25023 c:\program files\Adobe\Photoshop CS\Plug-Ins\File Formats\BMP.8BI
9/5/2008 4:15:33 PM Detected: http://www.viruslist...dvisories/29321 c:\program files\Common Files\Microsoft Shared\Office10\MSO.DLL
9/5/2008 4:17:03 PM Detected: http://www.viruslist...dvisories/31454 c:\program files\microsoft office\office10\excel.exe
9/5/2008 4:17:06 PM Detected: http://www.viruslist...dvisories/30150 c:\program files\microsoft office\office10\mspub.exe
9/5/2008 4:17:06 PM Detected: http://www.viruslist...dvisories/29320 c:\program files\microsoft office\office10\outlook.exe
9/5/2008 4:17:07 PM Detected: http://www.viruslist...dvisories/31453 c:\program files\microsoft office\office10\powerpnt.exe
9/5/2008 4:17:08 PM Detected: http://www.viruslist...dvisories/30975 c:\program files\microsoft office\office10\winword.exe
9/5/2008 4:17:49 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\PictureViewer.qtr
9/5/2008 4:17:49 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\da.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:49 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:49 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\de.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:49 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\es.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:50 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\fi.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:50 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\fr.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:50 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\it.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:50 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\ja.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:50 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\ko.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:50 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\nb.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:50 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\nl.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:50 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\ru.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:50 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\sv.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:50 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\zh_CN.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:50 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PictureViewer.Resources\zh_TW.lproj\PictureViewerLocalized.qtr
9/5/2008 4:17:51 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\PanelHelperBase.qtr
9/5/2008 4:17:51 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\da.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:51 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\de.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:51 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\en.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:51 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\es.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:51 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\it.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:52 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\ja.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:52 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\fr.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:52 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\fi.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:53 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\ko.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:53 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\nb.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:53 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\nl.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:53 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\ru.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:54 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\sv.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:55 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:55 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\PropPanelHelpers.qtr
9/5/2008 4:17:55 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj\PanelHelperBaseLocalized.qtr
9/5/2008 4:17:55 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\da.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:55 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\de.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:56 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\en.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:56 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\es.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:56 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\fi.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:56 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\fr.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:57 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\ja.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:57 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\it.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:57 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\ko.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:57 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\nb.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:57 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\nl.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:58 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\ru.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:58 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\sv.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:58 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:17:58 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr
9/5/2008 4:18:00 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.cpl
9/5/2008 4:18:01 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\CoreVideo.qtr
9/5/2008 4:18:01 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\de.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:02 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\da.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:02 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:02 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\fi.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:02 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\es.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:02 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\fr.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:03 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\ja.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:03 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\it.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:03 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\ko.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:03 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\nb.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:03 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\nl.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:04 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\ru.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:04 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\sv.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:04 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\zh_CN.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:04 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\zh_TW.lproj\CoreVideoLocalized.qtr
9/5/2008 4:18:05 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\QuickTime.qtr
9/5/2008 4:18:05 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\da.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:06 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\de.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:06 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:07 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\es.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:07 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\fi.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:08 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\fr.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:08 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\it.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:09 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\ja.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:09 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\ko.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:09 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\nb.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:10 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\nl.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:10 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\ru.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:11 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\sv.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:11 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:11 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.qtr
9/5/2008 4:18:11 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr
9/5/2008 4:18:12 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:12 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:12 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:12 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\es.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:12 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:13 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\fr.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:13 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\it.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:13 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\ja.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:13 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:13 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:14 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\ru.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:14 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\nl.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:14 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:14 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:14 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr
9/5/2008 4:18:14 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\QuickTime3GPPAuthoring.qtr
9/5/2008 4:18:15 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\da.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:15 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\de.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:15 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\en.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:15 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\es.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:15 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\fi.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:16 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\fr.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:16 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\it.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:16 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\ja.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:16 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\ko.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:16 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\nl.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:16 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\nb.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:17 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\ru.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:17 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_TW.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:17 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_CN.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:17 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\sv.lproj\QuickTime3GPPAuthoringLocalized.qtr
9/5/2008 4:18:18 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\QuickTimeAudioSupport.qtr
9/5/2008 4:18:18 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\da.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:18 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\de.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:19 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:19 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\es.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:20 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\fi.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:20 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\fr.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:20 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\it.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:21 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\ja.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:21 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:22 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\nb.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:22 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\nl.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:22 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\ru.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:23 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\sv.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:23 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:24 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj\QuickTimeAudioSupportLocalized.qtr
9/5/2008 4:18:24 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\QuickTimeAuthoring.qtr
9/5/2008 4:18:25 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\da.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:25 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\de.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:25 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:26 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\es.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:26 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\fi.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:27 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\fr.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:27 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\it.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:27 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\ja.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:28 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\ko.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:28 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\nb.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:29 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\nl.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:29 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\ru.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:30 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\sv.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:30 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:31 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\QuickTimeCapture.qtr
9/5/2008 4:18:31 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringLocalized.qtr
9/5/2008 4:18:31 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\da.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:31 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\de.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:31 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\en.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:32 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\es.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:32 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\fi.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:32 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\fr.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:32 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\it.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:33 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\ko.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:33 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\ja.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:33 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\nb.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:33 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\ru.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:33 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\nl.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:34 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:34 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\zh_TW.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:34 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\zh_CN.lproj\QuickTimeCaptureLocalized.qtr
9/5/2008 4:18:34 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\QuickTimeEffects.qtr
9/5/2008 4:18:35 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\da.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:35 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\de.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:35 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\en.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:35 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\fi.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:36 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\es.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:36 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\fr.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:36 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\it.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:36 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\ja.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:37 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\ko.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:37 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\nl.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:37 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\nb.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:37 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\ru.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:38 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\sv.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:38 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\zh_CN.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:38 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\zh_TW.lproj\QuickTimeEffectsLocalized.qtr
9/5/2008 4:18:39 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\da.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:39 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\de.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:39 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:39 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr
9/5/2008 4:18:39 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\es.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:40 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\fi.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:40 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\fr.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:40 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\it.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:41 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\nb.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:41 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\ja.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:41 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\ko.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:41 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\nl.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:42 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\ru.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:42 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\sv.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:42 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:42 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj\QuickTimeEssentialsLocalized.qtr
9/5/2008 4:18:43 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr
9/5/2008 4:18:43 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\da.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:43 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\es.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:43 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\fi.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:43 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\fr.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:43 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\de.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:43 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:44 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\it.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:44 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\ko.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:44 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\nl.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:44 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\ja.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:44 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\ru.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:44 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\nb.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:44 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\zh_CN.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:44 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\QuickTimeImage.qtr
9/5/2008 4:18:45 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\sv.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:45 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\da.lproj\QuickTimeImageLocalized.qtr
9/5/2008 4:18:45 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\zh_TW.lproj\QuickTimeH264Localized.qtr
9/5/2008 4:18:45 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\de.lproj\QuickTimeImageLocalized.qtr
9/5/2008 4:18:45 PM Detected: http://www.viruslist...dvisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\fi.lproj\QuickTimeImageLocaliz

Edited by Kenzik, 05 September 2008 - 07:01 PM.

  • 0

#22
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey Kenzik,

We need a look at that suspicious file.

1) Run FileLook

Please download FileLook by jpshortstuff from one of these mirrors:
Link 1
Link 2
  • Double-click FileLook.exe to run it.
  • Ensure that the BBCode Ouput checkbox is checked.
  • Copy the content of the following codebox into the main textfield:

    C:\WINDOWS\system32\drivers\aidmasub.sys
  • Click the FileLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at C:\fl_log.txt

2) Rerun OTMoveIt2

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    c:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe 
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next reply (please include):

OTMoveit2 log
FileLook log

  • 0

#23
Kenzik

Kenzik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hey again, here are the two logs. The XR_3DA.exe file is probably not found because after the Kaspersky scan, I manually deleted it through Kaspersky.

I also ran RSIT again and couldn't find aidmasub.sys, but I did find: S3 alf54r3n;alf54r3n; C:\WINDOWS\system32\drivers\alf54r3n.sys [] if that's any help.
I was also unable to find this file on FileLook and VirSCAN.org.


OTMoveit2 log

Explorer killed successfully
File/Folder c:\Documents and Settings\Patrick\My Documents\Games\S.T.A.L.K.E.R\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe not found.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_d08.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_e5c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DF2AC0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~7719e5169c8.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~7719e5ee3a0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2c0.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09072008_140430

Files moved on Reboot...
File C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_d08.dat not found!
File C:\DOCUME~1\Patrick\LOCALS~1\Temp\Perflib_Perfdata_e5c.dat not found!
C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DF2AC0.tmp moved successfully.
File C:\WINDOWS\temp\cch~7719e5169c8.htp not found!
File C:\WINDOWS\temp\cch~7719e5ee3a0.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_2c0.dat not found!



FileLook log

FileLook.exe v1.0 by jpshortstuff
Log created at 21:02:37 on 07/09/2008

==============================
FileLook - aidmasub.sys

Unable to find file.

==============================

=EOF=

Edited by Kenzik, 07 September 2008 - 03:17 PM.

  • 0

#24
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey Kenzik,

Sorry for the delay, I've been busy yesterday.

Your logs are clean! :) Some final steps to do.

1) Cleanup with OTMoveIt2

Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

* Click on the CleanUp! button
* A list of tool components used in the Cleanup of malware will be downloaded.
* If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
* Click Yes to begin the Cleanup process and remove these components, including this application.
* You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

2) Reset System Restore

  • Right click on "My Computer" and click on "Properties".
  • Go to "System Restore" tab and check "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
  • Then UNcheck "Turn off System Restore on all drives". Click "Yes" at the prompt. (Wait a while for it to finish)
  • Your System Restore is now turned on.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Please post back telling me if there are any problems, so I can ask a staff member to close this.
  • 0

#25
Kenzik

Kenzik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
All done here, I'll be sure to check out those extra security programs later tonight. And thanks again for all the time you took to help me!
  • 0

Advertisements


#26
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP