Rooter_1 text file
Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Professional (5.1.2600) Service Pack 2
32_bits - x86 Family 15 Model 36 Stepping 2, AuthenticAMD
¨
C:\ [Fixed-NTFS] .. ( Total:79 Go - Free:20 Go )
D:\ [Fixed-FAT32] .. ( Total:12 Go - Free:0 Go )
E:\ [CD_Rom]
¨
Scan : 19:26.20
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (688)
______ \??\C:\WINDOWS\system32\csrss.exe (736)
______ \??\C:\WINDOWS\system32\winlogon.exe (760)
______ C:\WINDOWS\system32\services.exe (804)
______ C:\WINDOWS\system32\lsass.exe (816)
______ C:\WINDOWS\system32\svchost.exe (956)
______ C:\WINDOWS\system32\svchost.exe (1048)
______ C:\WINDOWS\system32\svchost.exe (1120)
______ C:\WINDOWS\system32\svchost.exe (1192)
______ C:\WINDOWS\system32\svchost.exe (1280)
______ C:\WINDOWS\Explorer.EXE (1780)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (2044)
______ C:\Program Files\McAfee\MPF\MPFSrv.exe (180)
______ C:\Program Files\Spyware Doctor\pctsAuxs.exe (272)
______ C:\Program Files\Spyware Doctor\pctsSvc.exe (376)
______ C:\Program Files\Spyware Doctor\pctsTray.exe (512)
______ c:\PROGRA~1\mcafee.com\agent\mcagent.exe (636)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (1524)
______ C:\WINDOWS\system32\3361\services.exe (1584)
______ C:\WINDOWS\system32\ctfmon.exe (936)
______ c:\PROGRA~1\mcafee\msc\mcuimgr.exe (1076)
______ C:\Program Files\Internet Explorer\iexplore.exe (1972)
______ C:\Program Files\Internet Explorer\iexplore.exe (1144)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3864)
______ C:\WINDOWS\system32\3361\services.exe (1072)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (1728)
______ C:\WINDOWS\system32\3361\services.exe (1992)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:85279670784)
\Device\Harddisk0\Partition2 (Start_Offset:85287928320 | Length:13662190080)
\Device\Harddisk0\Partition3 (Start_Offset:98950118400 | Length:1077511680)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 19:26.28
¨
C:\Rooter$\Rooter_1.txt - (22/06/2009 | 19:26.28)
OTL TEXT FILES Extras.txt
OTL Extras logfile created on: 6/22/2009 7:28:55 PM - Run 1
OTL by OldTimer - Version 3.0.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.17 Mb Total Physical Memory | 629.79 Mb Available Physical Memory | 61.61% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 80.03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.42 Gb Total Space | 20.71 Gb Free Space | 26.07% Space Free | Partition Type: NTFS
Drive D: | 12.70 Gb Total Space | 0.94 Gb Free Space | 7.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-727A0A4E7C
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = csfile] -- C:\WINDOWS\System32\msdepi.exe (-)
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.com [@ = csfile] -- C:\WINDOWS\System32\msdepi.exe (-)
.exe [@ = csfile] -- C:\WINDOWS\System32\msdepi.exe (-)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8085:TCP" = 8085:TCP:*:Enabled:podmena
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (America Online, Inc.)
C:\Program Files\Common Files\AOL\1152982492\ee\aolsoftware.exe:*:Enabled:AOL Services (America Online, Inc.)
C:\Program Files\Common Files\AOL\1152982492\ee\aim6.exe:*:Enabled:AIM (America Online, Inc.)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary (Sun Microsystems, Inc.)
C:\Program Files\Steam\steamapps\[email protected]\day of defeat\hl.exe:*:Enabled:Half-Life Launcher File not found
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer (LimeWire)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord File not found
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Azureus Inc)
C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II (Microsoft Corporation)
C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper (Microsoft Corporation)
C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion (Microsoft Corporation)
C:\Program Files\Steam\steamapps\[email protected]\half-life\hl.exe:*:Enabled:Half-Life Launcher File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client (Veoh Networks)
C:\Program Files\Activision\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War (The Creative Assembly Ltd)
C:\Program Files\Steam\steamapps\klong87\day of defeat\hl.exe:*:Enabled:Half-Life Launcher (Valve)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
c:\ccaitikr.exe:*:Enabled:KL ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v1.29.0.125
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{98786147-80E3-41A5-A80C-1F3C028558CF}" = Hearts of Iron 2
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258h
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 G1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D17A2FDC-5C16-439C-A0E1-FF350079447E}" = HP User Guides 0026
"{D1A90142-A8DC-4D33-AA8C-E1AC78F4EBA9}" = General Ledger Software for Warren-Reeve Textbooks
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89" = FATE from Hewlett-Packard Laptops (remove only)
"7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"Azureus" = Azureus
"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"DED8E2B5-BA9F-448F-84E8-0AEF79876F95" = Snowboard SuperJam
"Diner Dash1.0 (Cracked By CoffeeMan)" = Diner Dash
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E90E3AE9-73E4-4E5C-BB0F-673989A808D0" = Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"ESPNMotion" = ESPNMotion
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War
"LimeWire" = LimeWire 4.18.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"MSC" = McAfee SecurityCenter
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oregon Trail II" = Oregon Trail II
"PartyPoker" = PartyPoker
"PinkCowPoker Toolbar" = PinkCowPoker Toolbar
"PokerStars" = PokerStars
"RealArcade 1.2" = RealArcade
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"Spyware Doctor" = Spyware Doctor 6.0
"StarBurn_is1" = StarBurn Version 10.5 (Build 0x20081020)
"Steam" = Steam
"Steam App 30" = Day of Defeat
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"True Sword 5_is1" = True Sword 5
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WildTangent CDA" = WildTangent Web Driver
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"burst" = burst! v3.1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/20/2009 11:13:24 AM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/20/2009 4:55:51 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2009 4:03:13 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x793d006f.
Error - 6/22/2009 4:23:33 PM | Computer Name = YOUR-727A0A4E7C | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3260 (0xcbc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Program Files\burst\burst.exe
by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)
Error - 6/22/2009 4:25:26 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000
Description = Faulting application mcsysmon.exe, version 12.1.111.0, faulting module
HWAPI.dll, version 9.1.122.0, fault address 0x000033dd.
Error - 6/22/2009 7:01:44 PM | Computer Name = YOUR-727A0A4E7C | Source = .NET Runtime | ID = 0
Description =
Error - 6/22/2009 7:02:14 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000
Description = Faulting application MBackMonitor.exe, version 1.0.2564.29819, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Error - 6/22/2009 7:04:14 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000
Description = Faulting application services.exe, version 5.1.2600.3520, faulting
module unknown, version 0.0.0.0, fault address 0x8597dda3.
Error - 6/22/2009 8:05:05 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1004
Description = Faulting application services.exe, version 5.1.2600.3520, faulting
module unknown, version 0.0.0.0, fault address 0x8597dda3.
Error - 6/22/2009 8:07:35 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
[ System Events ]
Error - 6/22/2009 8:00:05 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 6/22/2009 8:05:04 PM | Computer Name = YOUR-727A0A4E7C | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000098'
while processing the file 'liser.dll' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.
Error - 6/22/2009 8:05:59 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the r56ujxftyrsdjsxrgf46i5sgheh80
service to connect.
Error - 6/22/2009 8:05:59 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2
Error - 6/22/2009 8:09:58 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 6/22/2009 8:10:38 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 eabfiltr ElbyCDIO Fips mfehidk SASDIFSV SASKUTIL
Error - 6/22/2009 8:11:47 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
Error - 6/22/2009 8:11:50 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
Error - 6/22/2009 8:14:47 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 6/22/2009 8:24:23 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
OTL.txt FILE
OTL logfile created on: 6/22/2009 7:28:55 PM - Run 1
OTL by OldTimer - Version 3.0.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.17 Mb Total Physical Memory | 629.79 Mb Available Physical Memory | 61.61% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 80.03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.42 Gb Total Space | 20.71 Gb Free Space | 26.07% Space Free | Partition Type: NTFS
Drive D: | 12.70 Gb Total Space | 0.94 Gb Free Space | 7.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-727A0A4E7C
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\System32\3361\services.exe (sun)
PRC - c:\Program Files\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\3361\services.exe (sun)
PRC - C:\WINDOWS\System32\3361\services.exe (sun)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ehRecvr [Auto | Stopped]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Stopped]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmiex [Auto | Stopped]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (lich [Auto | Stopped]) -- C:\WINDOWS\System32\lich.exe ()
SRV - (LightScribeService [Auto | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MBackMonitor [Auto | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McrdSvc [Auto | Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (McShield [Unknown | Stopped]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (r56ujxftyrsdjsxrgf46i5sgheh80 [Auto | Stopped]) -- C:\WINDOWS\r56ujxftyrsdjsxrgf46i5sgheh81.exe ()
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe ()
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
========== Driver Services (SafeList) ==========
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdK8 [System | Stopped]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCAUD [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Stopped]) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ElbyCDIO [System | Stopped]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWATI [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MEMSWEEP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\7.tmp (Sophos Plc)
DRV - (mfeavfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Stopped]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\npf.sys (Politecnico di Torino)
DRV - (pciinfo [Auto | Stopped]) -- C:\Documents and Settings\Owner\Local Settings\Temp\HPISPz\hpdom\pciinfo.sys ()
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (StarPortLite [System | Running]) -- C:\WINDOWS\System32\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (MBAMSwissArmy [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {e17e71be-ce5d-4142-860f-a2aa19d9138e} - C:\Program Files\PinkCowPoker\tbPin1.dll (Conduit Ltd.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2008/12/08 22:33:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2008/12/08 22:33:00 | 00,000,000 | ---D | M]
O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (PinkCowPoker Toolbar) - {e17e71be-ce5d-4142-860f-a2aa19d9138e} - C:\Program Files\PinkCowPoker\tbPin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (PinkCowPoker Toolbar) - {e17e71be-ce5d-4142-860f-a2aa19d9138e} - C:\Program Files\PinkCowPoker\tbPin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PinkCowPoker Toolbar) - {E17E71BE-CE5D-4142-860F-A2AA19D9138E} - C:\Program Files\PinkCowPoker\tbPin1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] File not found
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152982492\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [wpv101245604880] C:\WINDOWS\Temp\wpv101245604880.exe File not found
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [Aim6] C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (America Online, Inc.)
O4 - HKCU..\Run: [Cognac] C:\Documents and Settings\Owner\Local Settings\Temp\b.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [kell] C:\program Files\Manson\liser.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [ttool] C:\WINDOWS\9129837.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\dplmhexyu.lnk = C:\WINDOWS\System32\dplmhexyu.exe (Company)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\fmnupd32.exe (Mmpegeu Kapmjjaglaf)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\zqosys32.exe (Sgledoy Quwfuconzax)
F3:64bit: - HKCU WinNT: Load - (C:\WINDOWS\system32\msblglvq.exe) - File not found
F3 - HKCU WinNT: Load - (C:\WINDOWS\system32\msblglvq.exe) - C:\WINDOWS\System32\msblglvq.exe (-)
F3:64bit: - HKCU WinNT: Run - (C:\WINDOWS\system32\msfmgjg.exe) - File not found
F3 - HKCU WinNT: Run - (C:\WINDOWS\system32\msfmgjg.exe) - C:\WINDOWS\System32\msfmgjg.exe (-)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20278.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.c...ers/play365.cab (Live365Player Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (c:\progra~1\Manson\liser.dll) - c:\Program Files\Manson\liser.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{a5ea0de6-4eb0-11dc-9160-0014a5a9547e}\Shell - "" = AutoRun
O33 - MountPoints2\{a5ea0de6-4eb0-11dc-9160-0014a5a9547e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a5ea0de6-4eb0-11dc-9160-0014a5a9547e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\R\Shell\AutoRun\command - "" = R:\setup.exe -- File not found
O33 - MountPoints2\R\Shell\configure\command - "" = R:\setup.exe -- File not found
O33 - MountPoints2\R\Shell\install\command - "" = R:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[98 C:\WINDOWS\System32\*.tmp files]
[2009/06/22 19:26:28 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/22 19:25:06 | 00,512,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/22 19:24:41 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/06/22 19:24:26 | 00,170,711 | ---- | C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/22 19:04:53 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2009/06/22 19:04:53 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2009/06/22 19:04:53 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asyncmac.sys
[2009/06/22 19:03:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\91549996
[2009/06/22 19:03:11 | 00,000,000 | RHSD | C] -- C:\Program Files\Manson
[2009/06/22 19:03:11 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System Volume Information
[2009/06/22 18:13:52 | 00,001,598 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\True Sword.lnk
[2009/06/22 18:13:50 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2009/06/22 18:13:50 | 00,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll
[2009/06/22 18:13:49 | 00,000,000 | ---D | C] -- C:\Program Files\True Sword 5
[2009/06/22 16:58:08 | 00,451,655 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/06/22 16:55:38 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/06/22 16:55:27 | 01,181,383 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sarsfx.exe
[2009/06/22 15:25:05 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\9129837.exe
[2009/06/22 15:20:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\lich.dat
[2009/06/22 15:15:40 | 00,000,002 | ---- | C] () -- C:\WINDOWS\010112010146118114.lso
[2009/06/22 15:15:33 | 00,000,002 | ---- | C] () -- C:\WINDOWS\010112010146118114.dat
[2009/06/22 15:09:58 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\91549996.ini
[2009/06/22 15:09:40 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\lich.exe
[2009/06/22 15:09:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\11540004
[2009/06/22 15:02:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\3361
[2009/06/22 15:02:18 | 00,065,536 | ---- | C] (njcb yrp mctv ilsgusd xlredxl) -- C:\WINDOWS\System32\wiawow32.sys
[2009/06/22 15:02:18 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\comsa32.sys
[2009/06/22 15:02:05 | 00,012,288 | ---- | C] () -- C:\WINDOWS\r56ujxftyrsdjsxrgf46i5sgheh81.exe
[2009/06/22 15:00:34 | 00,028,672 | ---- | C] () -- C:\ccaikurg.exe
[2009/06/22 15:00:17 | 00,204,912 | ---- | C] () -- C:\pcwr.exe
[2009/06/22 15:00:03 | 00,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2009/06/22 15:00:03 | 00,000,240 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/22 14:59:52 | 00,000,002 | ---- | C] () -- C:\1304952160
[2009/06/22 14:59:01 | 00,088,064 | ---- | C] () -- C:\ccaitikr.exe
[2009/06/21 22:56:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Who Are You Now_
[2009/06/21 22:22:43 | 04,901,665 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02 Poke Her Face (Feat. Kid Cudi, Common, Lady Gaga).mp3
[2009/06/21 22:18:11 | 04,717,821 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kid Cudi - Make Her Say (Feat Kanye West & Common).mp3
[2009/06/21 22:10:30 | 00,021,208 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Taking_Back_Sunday_-_New_Again_(2009)__di1b3rt_.4912000.TPB.torrent
[2009/06/17 23:18:54 | 00,056,320 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Carb Cycling V5-Custom.xls
[2009/06/17 23:13:45 | 00,056,320 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Carb Cycling V5-Custom.xls
[2009/06/12 21:43:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\531
[2009/06/12 21:42:50 | 00,005,219 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\_-Demonoid.com-_Powerlifting_5_3_1_Jim_Wendler.torrent
[2009/06/10 22:01:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/06/10 22:00:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/10 22:00:47 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/10 22:00:43 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/09 23:19:15 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/06/09 23:19:13 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/06/09 16:36:56 | 00,011,361 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/09 16:36:34 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/06/09 16:36:00 | 00,143,360 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\dunzip32.dll
[2009/06/09 16:32:04 | 00,033,832 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/06/09 16:31:59 | 00,040,488 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/06/09 16:31:58 | 00,201,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/06/09 16:31:58 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/06/09 16:31:58 | 00,035,240 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/06/09 16:31:50 | 00,113,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/06/09 16:31:17 | 00,000,340 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/09 16:31:16 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/09 16:30:27 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/06/09 16:30:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/06/09 16:29:11 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/06/09 15:08:04 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/09 15:08:03 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/09 15:07:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/09 15:06:58 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/09 15:02:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/06/07 15:47:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\McAfee
[2009/06/02 23:13:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\youtube videos and songs
[2009/06/02 23:11:54 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\YouTube Downloader.lnk
[2009/06/02 23:11:49 | 00,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2009/06/02 12:43:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/06/02 12:42:56 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/02 12:42:52 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/06/02 12:42:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/06/02 12:42:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/06/02 12:32:54 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/06/02 12:32:33 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/06/02 12:32:33 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/06/02 12:32:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/02 12:32:10 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/06/02 12:32:06 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/06/02 12:31:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2009/06/02 12:31:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/06/02 12:02:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/02 12:02:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/02 11:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/06/02 11:41:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/06/02 11:22:41 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/06/02 11:18:41 | 00,000,000 | ---D | C] -- C:\1066b9761c3e71996e
[2008/03/04 19:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/01/04 16:58:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 14:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/01/05 12:39:18 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/05 12:39:17 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/02 14:56:23 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/11/16 22:26:51 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/08/22 10:11:24 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/17 13:50:43 | 00,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2006/07/15 11:51:57 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/13 23:41:29 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/13 23:39:40 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/13 23:24:56 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/13 23:06:57 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 05:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/17 12:39:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 12:21:06 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/17 11:59:14 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/17 04:45:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 00:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/03/02 04:10:02 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== Files - Modified Within 30 Days ==========
[98 C:\WINDOWS\System32\*.tmp files]
[2009/06/22 19:27:06 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/22 19:25:08 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/22 19:24:51 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/06/22 19:24:27 | 00,170,711 | ---- | M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/22 19:10:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/22 19:10:11 | 00,011,361 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/22 19:09:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/22 19:05:01 | 00,001,338 | -HS- | M] () -- C:\hpqp.ini
[2009/06/22 19:04:54 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/06/22 19:04:47 | 00,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2009/06/22 19:04:39 | 00,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/22 19:04:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/22 18:13:52 | 00,001,598 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\True Sword.lnk
[2009/06/22 16:58:11 | 00,451,655 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/06/22 16:55:29 | 01,181,383 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sarsfx.exe
[2009/06/22 15:23:58 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\9129837.exe
[2009/06/22 15:20:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\lich.dat
[2009/06/22 15:15:40 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146118114.lso
[2009/06/22 15:15:33 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146118114.dat
[2009/06/22 15:09:58 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\91549996.ini
[2009/06/22 15:09:35 | 00,086,016 | ---- | M] () -- C:\WINDOWS\System32\lich.exe
[2009/06/22 15:02:06 | 00,012,288 | ---- | M] () -- C:\WINDOWS\r56ujxftyrsdjsxrgf46i5sgheh81.exe
[2009/06/22 15:00:47 | 00,028,672 | ---- | M] () -- C:\ccaikurg.exe
[2009/06/22 15:00:33 | 00,204,912 | ---- | M] () -- C:\pcwr.exe
[2009/06/22 15:00:17 | 00,000,002 | ---- | M] () -- C:\1304952160
[2009/06/22 14:59:12 | 00,088,064 | ---- | M] () -- C:\ccaitikr.exe
[2009/06/21 22:24:17 | 04,901,665 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02 Poke Her Face (Feat. Kid Cudi, Common, Lady Gaga).mp3
[2009/06/21 22:18:11 | 04,717,821 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kid Cudi - Make Her Say (Feat Kanye West & Common).mp3
[2009/06/21 22:10:32 | 00,021,208 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Taking_Back_Sunday_-_New_Again_(2009)__di1b3rt_.4912000.TPB.torrent
[2009/06/21 10:22:58 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\comsa32.sys
[2009/06/20 22:20:18 | 00,065,536 | ---- | M] (njcb yrp mctv ilsgusd xlredxl) -- C:\WINDOWS\System32\wiawow32.sys
[2009/06/19 20:40:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/17 23:31:27 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Carb Cycling V5-Custom.xls
[2009/06/17 23:13:49 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Carb Cycling V5-Custom.xls
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/13 17:36:33 | 00,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/12 21:42:54 | 00,005,219 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\_-Demonoid.com-_Powerlifting_5_3_1_Jim_Wendler.torrent
[2009/06/09 23:19:15 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/06/09 16:36:34 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/06/09 16:31:18 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/09 16:31:16 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/09 16:29:36 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/09 14:36:58 | 00,074,843 | ---- | M] () -- C:\VETlog.dmp
[2009/06/02 23:11:54 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\YouTube Downloader.lnk
[2009/06/02 12:42:56 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/02 12:32:10 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/06/01 09:51:14 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:0B9EE3A68D99A050
Malwarebytes' Anti-Malware 1.38
Database version: 2323
Windows 5.1.2600 Service Pack 2
6/22/2009 7:38:29 PM
mbam-log-2009-06-22 (19-38-29).txt
Scan type: Quick Scan
Objects scanned: 95278
Time elapsed: 6 minute(s), 7 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 10
Registry Data Items Infected: 7
Folders Infected: 2
Files Infected: 228
Memory Processes Infected:
C:\WINDOWS\system32\3361\services.exe (Trojan.Downloader) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r56ujxftyrsdjsxrgf46i5sgheh80 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\r56ujxftyrsdjsxrgf46i5sgheh80 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r56ujxftyrsdjsxrgf46i5sgheh80 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Downloader) -> Data: c:\windows\system32\mseko.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run (Trojan.Downloader) -> Data: c:\windows\system32\msmnn.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\progra~1\manson\liser.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Manson (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3361 (Trojan.Downloader) -> Delete on reboot.
Files Infected:
C:\WINDOWS\9129837.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\b.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msafbaqi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\r56ujxftyrsdjsxrgf46i5sgheh81.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\install.log (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lsass.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msblglvq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscdjvnz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscepaq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscgd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msckm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msclz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscmgto.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscox.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscppnnc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscrbewq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msctda.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdacjze.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdbsaxp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdbz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msddkz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdepi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdtspb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdwuv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msedi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msedreyu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msefq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msefy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseko.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msekzn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msembq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseousc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msepb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msetno.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseuhm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseuysh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msexrz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfaty.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfdxrac.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfew.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfhbj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfmgjg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfqdsp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfwhd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfzxckb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgftrmv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgjtuva.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgpn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgtqp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshcye.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshee.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshmwsk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshnvv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshomf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msialh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msidym.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msieo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msifeagn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msifm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msilvh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msiqsceo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msivslpy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msivwwut.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjcv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjggnpn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjlqidv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjmdgck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjse.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjul.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskgduqu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskgjie.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskjqpxb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msklfxvb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskppio.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskqns.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskuhl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskunzic.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskurc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskwu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskxuipy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msldotxv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msldzp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslel.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslgzfmi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslkzhuy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msltafks.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msltbz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msluwwen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslvltgu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslyvmj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmafv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmbghx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmbp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmea.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmfnhc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmgopt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmig.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmnn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmsxrkl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmtu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmvf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnat.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnbqllo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnluuak.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnmwnzr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnpu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msobg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msocw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoeyk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoisgq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msorhr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msorji.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspapbet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspcsmla.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspdif.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspwvh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspysyt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspytark.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqarebk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqnqpp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqqvnr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqws.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqxj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqymfzv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqzxcod.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrbyydc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrfbzs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrgbbw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrkyf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssahzr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssknl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msskxr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msslvkby.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssrfo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msswh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssymtk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msszjl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstbyc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstpvxr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstsdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstutlmf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstvzyib.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstwuug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstzqtm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstzx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuanl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msueaayl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuia.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuxk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuyhf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuzqxor.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvaxqa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvldai.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvsbzet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvstjid.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvvda.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswbjb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswkdvjk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswladgt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswnoe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswnofu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswpvlk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswrsw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswuck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswws.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxfp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxhudms.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msximk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxjob.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxno.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxtxagm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxwv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxxjf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyco.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyhzw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyjbr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyojub.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyoskyv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyow.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyrqkg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyydu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyylc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyyusb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyzijy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszaj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszbqpc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszjesjb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszkjj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszlh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszlskk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszpcky.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszrcc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszriti.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszydt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszynxyb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\svchost.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\winexec.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\winres.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\ccaikurg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\r56ujxftyrsdjsxrgf46i5sgheh46.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\~TM101.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\~TMF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv831243194785.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\Startup\fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\Startup\zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\Manson\liser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\Manson\liser.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\3361\services.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv521245692744.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv881243627542.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lich.dat (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\pcwr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.