Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

9129387.exe/ rootkit infection?

Started by klonger , Jun 22 2009 06:40 PM

  • Please log in to reply

#1
klonger
Posted 22 June 2009 - 06:40 PM

klonger

    New Member

  • Member
  • Pip
  • 1 posts
I've researched this 9129387.exe virus and looks like I for sure have it. I have read the FAQ and will be posting my Malwarebytes, OTL and rooter logs, (as I saw at the end of the FAQ to do). Thanks for any and all help! I know it's a lot of text, sorry!

Rooter_1 text file
Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Professional (5.1.2600) Service Pack 2
32_bits - x86 Family 15 Model 36 Stepping 2, AuthenticAMD
¨
C:\ [Fixed-NTFS] .. ( Total:79 Go - Free:20 Go )
D:\ [Fixed-FAT32] .. ( Total:12 Go - Free:0 Go )
E:\ [CD_Rom]
¨
Scan : 19:26.20
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe


User : Owner ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (688)
______ \??\C:\WINDOWS\system32\csrss.exe (736)
______ \??\C:\WINDOWS\system32\winlogon.exe (760)
______ C:\WINDOWS\system32\services.exe (804)
______ C:\WINDOWS\system32\lsass.exe (816)
______ C:\WINDOWS\system32\svchost.exe (956)
______ C:\WINDOWS\system32\svchost.exe (1048)
______ C:\WINDOWS\system32\svchost.exe (1120)
______ C:\WINDOWS\system32\svchost.exe (1192)
______ C:\WINDOWS\system32\svchost.exe (1280)
______ C:\WINDOWS\Explorer.EXE (1780)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (2044)
______ C:\Program Files\McAfee\MPF\MPFSrv.exe (180)
______ C:\Program Files\Spyware Doctor\pctsAuxs.exe (272)
______ C:\Program Files\Spyware Doctor\pctsSvc.exe (376)
______ C:\Program Files\Spyware Doctor\pctsTray.exe (512)
______ c:\PROGRA~1\mcafee.com\agent\mcagent.exe (636)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (1524)
______ C:\WINDOWS\system32\3361\services.exe (1584)
______ C:\WINDOWS\system32\ctfmon.exe (936)
______ c:\PROGRA~1\mcafee\msc\mcuimgr.exe (1076)
______ C:\Program Files\Internet Explorer\iexplore.exe (1972)
______ C:\Program Files\Internet Explorer\iexplore.exe (1144)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3864)
______ C:\WINDOWS\system32\3361\services.exe (1072)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (1728)
______ C:\WINDOWS\system32\3361\services.exe (1992)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:85279670784)
\Device\Harddisk0\Partition2 (Start_Offset:85287928320 | Length:13662190080)
\Device\Harddisk0\Partition3 (Start_Offset:98950118400 | Length:1077511680)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 19:26.28
¨
C:\Rooter$\Rooter_1.txt - (22/06/2009 | 19:26.28)





OTL TEXT FILES Extras.txt
OTL Extras logfile created on: 6/22/2009 7:28:55 PM - Run 1
OTL by OldTimer - Version 3.0.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.17 Mb Total Physical Memory | 629.79 Mb Available Physical Memory | 61.61% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 80.03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.42 Gb Total Space | 20.71 Gb Free Space | 26.07% Space Free | Partition Type: NTFS
Drive D: | 12.70 Gb Total Space | 0.94 Gb Free Space | 7.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-727A0A4E7C
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = csfile] -- C:\WINDOWS\System32\msdepi.exe (-)
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.com [@ = csfile] -- C:\WINDOWS\System32\msdepi.exe (-)
.exe [@ = csfile] -- C:\WINDOWS\System32\msdepi.exe (-)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8085:TCP" = 8085:TCP:*:Enabled:podmena

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (America Online, Inc.)
C:\Program Files\Common Files\AOL\1152982492\ee\aolsoftware.exe:*:Enabled:AOL Services (America Online, Inc.)
C:\Program Files\Common Files\AOL\1152982492\ee\aim6.exe:*:Enabled:AIM (America Online, Inc.)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary (Sun Microsystems, Inc.)
C:\Program Files\Steam\steamapps\[email protected]\day of defeat\hl.exe:*:Enabled:Half-Life Launcher File not found
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer (LimeWire)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord File not found
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Azureus Inc)
C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II (Microsoft Corporation)
C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper (Microsoft Corporation)
C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion (Microsoft Corporation)
C:\Program Files\Steam\steamapps\[email protected]\half-life\hl.exe:*:Enabled:Half-Life Launcher File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client (Veoh Networks)
C:\Program Files\Activision\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War (The Creative Assembly Ltd)
C:\Program Files\Steam\steamapps\klong87\day of defeat\hl.exe:*:Enabled:Half-Life Launcher (Valve)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
c:\ccaitikr.exe:*:Enabled:KL ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v1.29.0.125
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{98786147-80E3-41A5-A80C-1F3C028558CF}" = Hearts of Iron 2
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258h
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 G1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D17A2FDC-5C16-439C-A0E1-FF350079447E}" = HP User Guides 0026
"{D1A90142-A8DC-4D33-AA8C-E1AC78F4EBA9}" = General Ledger Software for Warren-Reeve Textbooks
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89" = FATE from Hewlett-Packard Laptops (remove only)
"7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"Azureus" = Azureus
"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"DED8E2B5-BA9F-448F-84E8-0AEF79876F95" = Snowboard SuperJam
"Diner Dash1.0 (Cracked By CoffeeMan)" = Diner Dash
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E90E3AE9-73E4-4E5C-BB0F-673989A808D0" = Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"ESPNMotion" = ESPNMotion
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"LimeWire" = LimeWire 4.18.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"MSC" = McAfee SecurityCenter
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oregon Trail II" = Oregon Trail II
"PartyPoker" = PartyPoker
"PinkCowPoker Toolbar" = PinkCowPoker Toolbar
"PokerStars" = PokerStars
"RealArcade 1.2" = RealArcade
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"Spyware Doctor" = Spyware Doctor 6.0
"StarBurn_is1" = StarBurn Version 10.5 (Build 0x20081020)
"Steam" = Steam
"Steam App 30" = Day of Defeat
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"True Sword 5_is1" = True Sword 5
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WildTangent CDA" = WildTangent Web Driver
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"burst" = burst! v3.1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2009 11:13:24 AM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/20/2009 4:55:51 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/22/2009 4:03:13 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x793d006f.

Error - 6/22/2009 4:23:33 PM | Computer Name = YOUR-727A0A4E7C | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3260 (0xcbc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Program Files\burst\burst.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 6/22/2009 4:25:26 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000
Description = Faulting application mcsysmon.exe, version 12.1.111.0, faulting module
HWAPI.dll, version 9.1.122.0, fault address 0x000033dd.

Error - 6/22/2009 7:01:44 PM | Computer Name = YOUR-727A0A4E7C | Source = .NET Runtime | ID = 0
Description =

Error - 6/22/2009 7:02:14 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000
Description = Faulting application MBackMonitor.exe, version 1.0.2564.29819, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.

Error - 6/22/2009 7:04:14 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000
Description = Faulting application services.exe, version 5.1.2600.3520, faulting
module unknown, version 0.0.0.0, fault address 0x8597dda3.

Error - 6/22/2009 8:05:05 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1004
Description = Faulting application services.exe, version 5.1.2600.3520, faulting
module unknown, version 0.0.0.0, fault address 0x8597dda3.

Error - 6/22/2009 8:07:35 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 6/22/2009 8:00:05 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/22/2009 8:05:04 PM | Computer Name = YOUR-727A0A4E7C | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000098'
while processing the file 'liser.dll' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 6/22/2009 8:05:59 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the r56ujxftyrsdjsxrgf46i5sgheh80
service to connect.

Error - 6/22/2009 8:05:59 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 6/22/2009 8:09:58 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/22/2009 8:10:38 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 eabfiltr ElbyCDIO Fips mfehidk SASDIFSV SASKUTIL

Error - 6/22/2009 8:11:47 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 6/22/2009 8:11:50 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 6/22/2009 8:14:47 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 6/22/2009 8:24:23 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

OTL.txt FILE


OTL logfile created on: 6/22/2009 7:28:55 PM - Run 1
OTL by OldTimer - Version 3.0.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.17 Mb Total Physical Memory | 629.79 Mb Available Physical Memory | 61.61% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 80.03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.42 Gb Total Space | 20.71 Gb Free Space | 26.07% Space Free | Partition Type: NTFS
Drive D: | 12.70 Gb Total Space | 0.94 Gb Free Space | 7.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-727A0A4E7C
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\System32\3361\services.exe (sun)
PRC - c:\Program Files\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\3361\services.exe (sun)
PRC - C:\WINDOWS\System32\3361\services.exe (sun)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ehRecvr [Auto | Stopped]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Stopped]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmiex [Auto | Stopped]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (lich [Auto | Stopped]) -- C:\WINDOWS\System32\lich.exe ()
SRV - (LightScribeService [Auto | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MBackMonitor [Auto | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McrdSvc [Auto | Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (McShield [Unknown | Stopped]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (r56ujxftyrsdjsxrgf46i5sgheh80 [Auto | Stopped]) -- C:\WINDOWS\r56ujxftyrsdjsxrgf46i5sgheh81.exe ()
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe ()
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdK8 [System | Stopped]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCAUD [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Stopped]) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ElbyCDIO [System | Stopped]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWATI [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MEMSWEEP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\7.tmp (Sophos Plc)
DRV - (mfeavfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Stopped]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\npf.sys (Politecnico di Torino)
DRV - (pciinfo [Auto | Stopped]) -- C:\Documents and Settings\Owner\Local Settings\Temp\HPISPz\hpdom\pciinfo.sys ()
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PCTCore [Boot | Running]) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (StarPortLite [System | Running]) -- C:\WINDOWS\System32\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (MBAMSwissArmy [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {e17e71be-ce5d-4142-860f-a2aa19d9138e} - C:\Program Files\PinkCowPoker\tbPin1.dll (Conduit Ltd.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2008/12/08 22:33:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2008/12/08 22:33:00 | 00,000,000 | ---D | M]


O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (PinkCowPoker Toolbar) - {e17e71be-ce5d-4142-860f-a2aa19d9138e} - C:\Program Files\PinkCowPoker\tbPin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (PinkCowPoker Toolbar) - {e17e71be-ce5d-4142-860f-a2aa19d9138e} - C:\Program Files\PinkCowPoker\tbPin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PinkCowPoker Toolbar) - {E17E71BE-CE5D-4142-860F-A2AA19D9138E} - C:\Program Files\PinkCowPoker\tbPin1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] File not found
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152982492\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [wpv101245604880] C:\WINDOWS\Temp\wpv101245604880.exe File not found
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [Aim6] C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (America Online, Inc.)
O4 - HKCU..\Run: [Cognac] C:\Documents and Settings\Owner\Local Settings\Temp\b.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [kell] C:\program Files\Manson\liser.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [ttool] C:\WINDOWS\9129837.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\dplmhexyu.lnk = C:\WINDOWS\System32\dplmhexyu.exe (Company)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\fmnupd32.exe (Mmpegeu Kapmjjaglaf)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\zqosys32.exe (Sgledoy Quwfuconzax)
F3:64bit: - HKCU WinNT: Load - (C:\WINDOWS\system32\msblglvq.exe) - File not found
F3 - HKCU WinNT: Load - (C:\WINDOWS\system32\msblglvq.exe) - C:\WINDOWS\System32\msblglvq.exe (-)
F3:64bit: - HKCU WinNT: Run - (C:\WINDOWS\system32\msfmgjg.exe) - File not found
F3 - HKCU WinNT: Run - (C:\WINDOWS\system32\msfmgjg.exe) - C:\WINDOWS\System32\msfmgjg.exe (-)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20278.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.c...ers/play365.cab (Live365Player Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (c:\progra~1\Manson\liser.dll) - c:\Program Files\Manson\liser.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{a5ea0de6-4eb0-11dc-9160-0014a5a9547e}\Shell - "" = AutoRun
O33 - MountPoints2\{a5ea0de6-4eb0-11dc-9160-0014a5a9547e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a5ea0de6-4eb0-11dc-9160-0014a5a9547e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\R\Shell\AutoRun\command - "" = R:\setup.exe -- File not found
O33 - MountPoints2\R\Shell\configure\command - "" = R:\setup.exe -- File not found
O33 - MountPoints2\R\Shell\install\command - "" = R:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[98 C:\WINDOWS\System32\*.tmp files]
[2009/06/22 19:26:28 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/22 19:25:06 | 00,512,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/22 19:24:41 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/06/22 19:24:26 | 00,170,711 | ---- | C] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/22 19:04:53 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2009/06/22 19:04:53 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2009/06/22 19:04:53 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asyncmac.sys
[2009/06/22 19:03:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\91549996
[2009/06/22 19:03:11 | 00,000,000 | RHSD | C] -- C:\Program Files\Manson
[2009/06/22 19:03:11 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System Volume Information
[2009/06/22 18:13:52 | 00,001,598 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\True Sword.lnk
[2009/06/22 18:13:50 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2009/06/22 18:13:50 | 00,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll
[2009/06/22 18:13:49 | 00,000,000 | ---D | C] -- C:\Program Files\True Sword 5
[2009/06/22 16:58:08 | 00,451,655 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/06/22 16:55:38 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/06/22 16:55:27 | 01,181,383 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sarsfx.exe
[2009/06/22 15:25:05 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\9129837.exe
[2009/06/22 15:20:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\lich.dat
[2009/06/22 15:15:40 | 00,000,002 | ---- | C] () -- C:\WINDOWS\010112010146118114.lso
[2009/06/22 15:15:33 | 00,000,002 | ---- | C] () -- C:\WINDOWS\010112010146118114.dat
[2009/06/22 15:09:58 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\91549996.ini
[2009/06/22 15:09:40 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\lich.exe
[2009/06/22 15:09:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\11540004
[2009/06/22 15:02:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\3361
[2009/06/22 15:02:18 | 00,065,536 | ---- | C] (njcb yrp mctv ilsgusd xlredxl) -- C:\WINDOWS\System32\wiawow32.sys
[2009/06/22 15:02:18 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\comsa32.sys
[2009/06/22 15:02:05 | 00,012,288 | ---- | C] () -- C:\WINDOWS\r56ujxftyrsdjsxrgf46i5sgheh81.exe
[2009/06/22 15:00:34 | 00,028,672 | ---- | C] () -- C:\ccaikurg.exe
[2009/06/22 15:00:17 | 00,204,912 | ---- | C] () -- C:\pcwr.exe
[2009/06/22 15:00:03 | 00,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2009/06/22 15:00:03 | 00,000,240 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/22 14:59:52 | 00,000,002 | ---- | C] () -- C:\1304952160
[2009/06/22 14:59:01 | 00,088,064 | ---- | C] () -- C:\ccaitikr.exe
[2009/06/21 22:56:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Who Are You Now_
[2009/06/21 22:22:43 | 04,901,665 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02 Poke Her Face (Feat. Kid Cudi, Common, Lady Gaga).mp3
[2009/06/21 22:18:11 | 04,717,821 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kid Cudi - Make Her Say (Feat Kanye West & Common).mp3
[2009/06/21 22:10:30 | 00,021,208 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Taking_Back_Sunday_-_New_Again_(2009)__di1b3rt_.4912000.TPB.torrent
[2009/06/17 23:18:54 | 00,056,320 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Carb Cycling V5-Custom.xls
[2009/06/17 23:13:45 | 00,056,320 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Carb Cycling V5-Custom.xls
[2009/06/12 21:43:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\531
[2009/06/12 21:42:50 | 00,005,219 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\_-Demonoid.com-_Powerlifting_5_3_1_Jim_Wendler.torrent
[2009/06/10 22:01:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/06/10 22:00:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/10 22:00:47 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/10 22:00:43 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/09 23:19:15 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/06/09 23:19:13 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/06/09 16:36:56 | 00,011,361 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/09 16:36:34 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/06/09 16:36:00 | 00,143,360 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\dunzip32.dll
[2009/06/09 16:32:04 | 00,033,832 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/06/09 16:31:59 | 00,040,488 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/06/09 16:31:58 | 00,201,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/06/09 16:31:58 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/06/09 16:31:58 | 00,035,240 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/06/09 16:31:50 | 00,113,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/06/09 16:31:17 | 00,000,340 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/09 16:31:16 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/09 16:30:27 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/06/09 16:30:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/06/09 16:29:11 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/06/09 15:08:04 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/09 15:08:03 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/09 15:07:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/09 15:06:58 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/09 15:02:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/06/07 15:47:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\McAfee
[2009/06/02 23:13:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\youtube videos and songs
[2009/06/02 23:11:54 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\YouTube Downloader.lnk
[2009/06/02 23:11:49 | 00,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2009/06/02 12:43:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/06/02 12:42:56 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/02 12:42:52 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/06/02 12:42:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/06/02 12:42:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/06/02 12:32:54 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/06/02 12:32:33 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/06/02 12:32:33 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/06/02 12:32:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/02 12:32:10 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/06/02 12:32:06 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/06/02 12:31:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2009/06/02 12:31:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/06/02 12:02:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/02 12:02:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/02 11:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/06/02 11:41:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/06/02 11:22:41 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/06/02 11:18:41 | 00,000,000 | ---D | C] -- C:\1066b9761c3e71996e
[2008/03/04 19:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/01/04 16:58:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 16:57:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 14:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/01/05 12:39:18 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/05 12:39:17 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/02 14:56:23 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/11/16 22:26:51 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/08/22 10:11:24 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/17 13:50:43 | 00,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2006/07/15 11:51:57 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/13 23:41:29 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/13 23:39:40 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/13 23:24:56 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/13 23:06:57 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 05:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/17 12:39:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 12:21:06 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/17 11:59:14 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/17 04:45:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 00:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/03/02 04:10:02 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[98 C:\WINDOWS\System32\*.tmp files]
[2009/06/22 19:27:06 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/22 19:25:08 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/22 19:24:51 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/06/22 19:24:27 | 00,170,711 | ---- | M] (Eric_71) -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/06/22 19:10:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/22 19:10:11 | 00,011,361 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/22 19:09:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/22 19:05:01 | 00,001,338 | -HS- | M] () -- C:\hpqp.ini
[2009/06/22 19:04:54 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/06/22 19:04:47 | 00,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2009/06/22 19:04:39 | 00,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/22 19:04:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/22 18:13:52 | 00,001,598 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\True Sword.lnk
[2009/06/22 16:58:11 | 00,451,655 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2009/06/22 16:55:29 | 01,181,383 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sarsfx.exe
[2009/06/22 15:23:58 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\9129837.exe
[2009/06/22 15:20:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\lich.dat
[2009/06/22 15:15:40 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146118114.lso
[2009/06/22 15:15:33 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146118114.dat
[2009/06/22 15:09:58 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\91549996.ini
[2009/06/22 15:09:35 | 00,086,016 | ---- | M] () -- C:\WINDOWS\System32\lich.exe
[2009/06/22 15:02:06 | 00,012,288 | ---- | M] () -- C:\WINDOWS\r56ujxftyrsdjsxrgf46i5sgheh81.exe
[2009/06/22 15:00:47 | 00,028,672 | ---- | M] () -- C:\ccaikurg.exe
[2009/06/22 15:00:33 | 00,204,912 | ---- | M] () -- C:\pcwr.exe
[2009/06/22 15:00:17 | 00,000,002 | ---- | M] () -- C:\1304952160
[2009/06/22 14:59:12 | 00,088,064 | ---- | M] () -- C:\ccaitikr.exe
[2009/06/21 22:24:17 | 04,901,665 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02 Poke Her Face (Feat. Kid Cudi, Common, Lady Gaga).mp3
[2009/06/21 22:18:11 | 04,717,821 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kid Cudi - Make Her Say (Feat Kanye West & Common).mp3
[2009/06/21 22:10:32 | 00,021,208 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Taking_Back_Sunday_-_New_Again_(2009)__di1b3rt_.4912000.TPB.torrent
[2009/06/21 10:22:58 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\comsa32.sys
[2009/06/20 22:20:18 | 00,065,536 | ---- | M] (njcb yrp mctv ilsgusd xlredxl) -- C:\WINDOWS\System32\wiawow32.sys
[2009/06/19 20:40:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/17 23:31:27 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Carb Cycling V5-Custom.xls
[2009/06/17 23:13:49 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Carb Cycling V5-Custom.xls
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/13 17:36:33 | 00,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/12 21:42:54 | 00,005,219 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\_-Demonoid.com-_Powerlifting_5_3_1_Jim_Wendler.torrent
[2009/06/09 23:19:15 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/06/09 16:36:34 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/06/09 16:31:18 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/09 16:31:16 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/09 16:29:36 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/09 14:36:58 | 00,074,843 | ---- | M] () -- C:\VETlog.dmp
[2009/06/02 23:11:54 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\YouTube Downloader.lnk
[2009/06/02 12:42:56 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/02 12:32:10 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/06/01 09:51:14 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\WINDOWS:0B9EE3A68D99A050

Malwarebytes' Anti-Malware 1.38
Database version: 2323
Windows 5.1.2600 Service Pack 2

6/22/2009 7:38:29 PM
mbam-log-2009-06-22 (19-38-29).txt

Scan type: Quick Scan
Objects scanned: 95278
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 10
Registry Data Items Infected: 7
Folders Infected: 2
Files Infected: 228

Memory Processes Infected:
C:\WINDOWS\system32\3361\services.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r56ujxftyrsdjsxrgf46i5sgheh80 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\r56ujxftyrsdjsxrgf46i5sgheh80 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r56ujxftyrsdjsxrgf46i5sgheh80 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Downloader) -> Data: c:\windows\system32\mseko.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run (Trojan.Downloader) -> Data: c:\windows\system32\msmnn.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\progra~1\manson\liser.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Manson (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3361 (Trojan.Downloader) -> Delete on reboot.

Files Infected:
C:\WINDOWS\9129837.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\b.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msafbaqi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\r56ujxftyrsdjsxrgf46i5sgheh81.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\install.log (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lsass.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msblglvq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscdjvnz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscepaq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscgd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msckm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msclz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscmgto.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscox.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscppnnc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscrbewq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msctda.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdacjze.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdbsaxp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdbz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msddkz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdepi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdtspb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdwuv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msedi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msedreyu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msefq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msefy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseko.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msekzn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msembq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseousc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msepb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msetno.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseuhm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseuysh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msexrz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfaty.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfdxrac.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfew.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfhbj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfmgjg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfqdsp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfwhd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfzxckb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgftrmv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgjtuva.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgpn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgtqp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshcye.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshee.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshmwsk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshnvv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshomf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msialh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msidym.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msieo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msifeagn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msifm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msilvh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msiqsceo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msivslpy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msivwwut.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjcv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjggnpn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjlqidv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjmdgck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjse.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjul.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskgduqu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskgjie.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskjqpxb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msklfxvb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskppio.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskqns.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskuhl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskunzic.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskurc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskwu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskxuipy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msldotxv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msldzp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslel.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslgzfmi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslkzhuy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msltafks.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msltbz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msluwwen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslvltgu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslyvmj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmafv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmbghx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmbp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmea.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmfnhc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmgopt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmig.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmnn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmsxrkl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmtu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmvf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnat.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnbqllo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnluuak.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnmwnzr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnpu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msobg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msocw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoeyk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoisgq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msorhr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msorji.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspapbet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspcsmla.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspdif.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspwvh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspysyt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspytark.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqarebk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqnqpp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqqvnr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqws.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqxj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqymfzv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqzxcod.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrbyydc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrfbzs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrgbbw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrkyf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssahzr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssknl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msskxr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msslvkby.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssrfo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msswh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssymtk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msszjl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstbyc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstpvxr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstsdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstutlmf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstvzyib.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstwuug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstzqtm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mstzx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuanl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msueaayl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuia.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuxk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuyhf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msuzqxor.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvaxqa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvldai.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvsbzet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvstjid.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msvvda.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswbjb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswkdvjk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswladgt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswnoe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswnofu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswpvlk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswrsw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswuck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mswws.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxfp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxhudms.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msximk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxjob.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxno.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxtxagm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxwv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxxjf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyco.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyhzw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyjbr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyojub.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyoskyv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyow.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyrqkg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyydu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyylc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyyusb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msyzijy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszaj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszbqpc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszjesjb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszkjj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszlh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszlskk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszpcky.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszrcc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszriti.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszydt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mszynxyb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\svchost.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\winexec.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\winres.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\ccaikurg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\r56ujxftyrsdjsxrgf46i5sgheh46.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\~TM101.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\~TMF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv831243194785.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\Startup\fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\Startup\zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\Manson\liser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\Manson\liser.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\3361\services.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv521245692744.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv881243627542.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lich.dat (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\pcwr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP