Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan BHO.AA


  • Please log in to reply

#1
Nathan.K

Nathan.K

    New Member

  • Member
  • Pip
  • 3 posts
Hi,
My computer running slowly, i found out due to BHO.AA trojan... tried many ways to delete still not accomplished. Need favor to clean the trojan.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

9/3/2009 2:04:26 PM
mbam-log-2009-09-03 (14-04-21).txt

Scan type: Quick Scan
Objects scanned: 97000
Time elapsed: 11 minute(s), 8 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> No action taken.

OTL logfile created on: 9/3/2009 2:31:48 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = I:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

996.54 Mb Total Physical Memory | 261.02 Mb Available Physical Memory | 26.19% Memory free
2.33 Gb Paging File | 1.39 Gb Available in Paging File | 59.59% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.92 Gb Total Space | 127.45 Gb Free Space | 85.58% Space Free | Partition Type: NTFS
Drive D: | 297.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3.74 Gb Total Space | 2.05 Gb Free Space | 54.96% Space Free | Partition Type: FAT32

Computer Name: LABMW
Current User Name: AAnalyst 200
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/12/09 11:10:59 | 00,010,240 | ---- | M] () -- C:\Program Files\AGI\common\win32\PythonService.exe
PRC - [2007/01/23 03:58:04 | 00,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2009/08/17 08:36:10 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/03 15:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2009/02/18 14:40:36 | 00,587,216 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
PRC - [2009/08/17 08:36:17 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2008/04/14 20:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/09/25 10:12:48 | 01,036,288 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/06/29 06:21:28 | 00,162,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2007/06/29 06:21:32 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2007/06/29 06:21:36 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2007/10/03 15:44:58 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2008/05/23 14:06:08 | 00,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/09/25 16:10:50 | 02,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\FlashGet.exe
PRC - [2009/08/17 08:36:13 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/04/09 15:54:06 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/18 14:43:18 | 02,659,664 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
PRC - [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2009/05/06 14:39:31 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/04 14:31:32 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/18 14:41:06 | 00,139,264 | ---- | M] () -- C:\Program Files\Common Files\ParetoLogic\PLAVEngine\ScanningProcess.exe
PRC - [2009/02/18 14:41:06 | 00,139,264 | ---- | M] () -- C:\Program Files\Common Files\ParetoLogic\PLAVEngine\ScanningProcess.exe
PRC - [2008/04/14 20:00:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2009/09/03 13:22:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2009/07/15 13:07:18 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/12/09 11:10:59 | 00,010,240 | ---- | M] () -- C:\Program Files\AGI\common\win32\PythonService.exe -- (AGWinService [Auto | Running])
SRV - [2007/01/23 03:58:04 | 00,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 08:36:10 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/17 07:16:44 | 00,250,616 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/04/09 15:52:49 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9b8e83bac5826 [Auto | Stopped])
SRV - [2008/12/09 11:12:57 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 20:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/10/03 15:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/08/05 17:58:52 | 29,184,016 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [On_Demand | Stopped])
SRV - [2005/10/14 02:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/14 20:00:00 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation [Auto | Running])
SRV - [2008/04/14 20:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/02/10 05:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2007/07/11 09:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2009/02/18 14:40:36 | 00,587,216 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe -- (ZeppelinService [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...:en-US:official
IE - URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll (TODO: <Company name>)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.14907
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.3.7504
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://wstb.search.i...bf93043ede}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Webshots\firefox [2008/12/09 11:17:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/02 09:03:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/09 15:54:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:03:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/14 10:01:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 13:20:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/19 08:19:05 | 00,000,000 | ---D | M]

[2009/07/14 10:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\mozilla\Extensions
[2009/07/14 10:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/03 09:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\mozilla\Firefox\Profiles\egyiqpwx.default\extensions
[2009/09/03 09:44:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\mozilla\Firefox\Profiles\egyiqpwx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/14 11:01:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\mozilla\Firefox\Profiles\egyiqpwx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/03 12:23:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 14:31:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/01 13:51:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/08/14 10:01:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/03 09:37:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/03 14:14:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/08/04 14:31:31 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 14:31:32 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/04 14:31:32 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/24 19:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 19:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 19:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 19:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 19:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 19:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 19:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AGSearchHook Class) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll (TODO: <Company name>)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Playrix Toolbar) - {85add017-15da-45e3-9bfa-edbc71af9ca1} - C:\Program Files\Playrix\tbPla1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Playrix Toolbar) - {85add017-15da-45e3-9bfa-edbc71af9ca1} - C:\Program Files\Playrix\tbPla1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll (Webshots.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Playrix Toolbar) - {85ADD017-15DA-45E3-9BFA-EDBC71AF9CA1} - C:\Program Files\Playrix\tbPla1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ParetoLogic Anti-Virus PLUS] C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\WSToolbar4IE.dll (Webshots.com)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/26 05:29:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/12 17:03:05 | 00,000,049 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/09/02 08:26:36 | 00,000,452 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{15de4535-e1d4-11dd-9b2b-001d0fbcc115}\Shell\AutoRun\command - "" = E:\iqe68o.bat -- File not found
O33 - MountPoints2\{15de4535-e1d4-11dd-9b2b-001d0fbcc115}\Shell\explore\Command - "" = E:\iqe68o.bat -- File not found
O33 - MountPoints2\{15de4535-e1d4-11dd-9b2b-001d0fbcc115}\Shell\open\Command - "" = E:\iqe68o.bat -- File not found
O33 - MountPoints2\{2a02b56a-c59b-11dd-9b14-001d0fbcc115}\Shell\AutoRun\command - "" = E:\ecjzej.exe -- File not found
O33 - MountPoints2\{2a02b56a-c59b-11dd-9b14-001d0fbcc115}\Shell\explore\Command - "" = E:\ecjzej.exe -- File not found
O33 - MountPoints2\{2a02b56a-c59b-11dd-9b14-001d0fbcc115}\Shell\open\Command - "" = E:\ecjzej.exe -- File not found
O33 - MountPoints2\{3302e0c4-683e-11de-9bc9-001d0fbcc115}\Shell\AutoRun\command - "" = H:\kopmpp.exe -- File not found
O33 - MountPoints2\{3302e0c4-683e-11de-9bc9-001d0fbcc115}\Shell\explore\Command - "" = H:\kopmpp.exe -- File not found
O33 - MountPoints2\{3302e0c4-683e-11de-9bc9-001d0fbcc115}\Shell\open\Command - "" = H:\kopmpp.exe -- File not found
O33 - MountPoints2\{4a0a39b9-093e-11de-9b3b-00219b6ffced}\Shell\Auto\command - "" = E:\RavMonE.exe -- File not found
O33 - MountPoints2\{4a0a39b9-093e-11de-9b3b-00219b6ffced}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a0a39ba-093e-11de-9b3b-00219b6ffced}\Shell\AutoRun\command - "" = E:\iqe68o.bat -- File not found
O33 - MountPoints2\{4a0a39ba-093e-11de-9b3b-00219b6ffced}\Shell\explore\Command - "" = E:\iqe68o.bat -- File not found
O33 - MountPoints2\{4a0a39ba-093e-11de-9b3b-00219b6ffced}\Shell\open\Command - "" = E:\iqe68o.bat -- File not found
O33 - MountPoints2\{bbbb46dc-c043-11dd-9b0f-001d0fbcc115}\Shell\AutoRun\command - "" = abk.bat
O33 - MountPoints2\{bbbb46dc-c043-11dd-9b0f-001d0fbcc115}\Shell\explore\Command - "" = abk.bat
O33 - MountPoints2\{bbbb46dc-c043-11dd-9b0f-001d0fbcc115}\Shell\open\Command - "" = abk.bat
O33 - MountPoints2\{d4a21578-bce6-11dd-9b0b-001d0fbcc115}\Shell\AutoRun\command - "" = E:\iranbx.exe -- File not found
O33 - MountPoints2\{d4a21578-bce6-11dd-9b0b-001d0fbcc115}\Shell\explore\Command - "" = E:\iranbx.exe -- File not found
O33 - MountPoints2\{d4a21578-bce6-11dd-9b0b-001d0fbcc115}\Shell\open\Command - "" = E:\iranbx.exe -- File not found
O33 - MountPoints2\{d7119058-b6bb-11dd-9b0a-001d0fbcc0cb}\Shell\AutoRun\command - "" = E:\abk.bat -- File not found
O33 - MountPoints2\{d7119058-b6bb-11dd-9b0a-001d0fbcc0cb}\Shell\explore\Command - "" = E:\abk.bat -- File not found
O33 - MountPoints2\{d7119058-b6bb-11dd-9b0a-001d0fbcc0cb}\Shell\open\Command - "" = E:\abk.bat -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - C:\WINDOWS\System32\ipxsap.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/09/03 13:44:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AAnalyst 200\Application Data\Malwarebytes
[2009/09/03 13:43:59 | 00,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/03 13:43:55 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/03 13:43:53 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/03 13:43:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/03 13:43:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/03 13:26:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/03 13:26:13 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\Desktop\NTREGOPT.lnk
[2009/09/03 13:26:12 | 00,000,629 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\Desktop\ERUNT.lnk
[2009/09/03 13:26:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/03 11:31:03 | 00,000,456 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/09/03 11:26:20 | 03,840,288 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/09/03 11:26:20 | 00,050,540 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/09/03 11:26:20 | 00,020,256 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/09/03 11:26:20 | 00,002,780 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/09/03 11:25:53 | 00,001,175 | ---- | C] () -- C:\rollback.ini
[2009/09/03 11:24:06 | 00,000,456 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2009/09/03 11:24:05 | 00,000,480 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2009/09/03 11:24:05 | 00,000,430 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/09/03 11:24:03 | 00,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/09/03 11:23:14 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\Desktop\fil.reg
[2009/09/03 11:13:12 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/09/03 10:35:38 | 00,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
[2009/09/03 10:35:35 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2009/09/03 10:35:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/09/03 10:35:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2009/09/03 10:35:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/03 10:35:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AAnalyst 200\Local Settings\Application Data\Downloaded Installations
[2009/09/03 10:31:13 | 00,001,904 | ---- | C] () -- C:\rem.rtf
[2009/09/03 10:26:15 | 00,001,904 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Document.rtf
[2009/09/03 09:49:41 | 00,588,261 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\My Documents\BRO_aneasierwaytodoaa.pdf
[2009/09/02 08:28:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\windsv.exe
[2009/09/02 08:26:34 | 00,000,452 | RHS- | C] () -- C:\WINDOWS\System32\autorun.inf
[2009/09/01 16:26:38 | 00,000,000 | RHS- | C] () -- C:\Documents and Settings\AAnalyst 200\My Documents\khq
[2009/09/01 14:08:34 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/01 14:08:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AAnalyst 200\Application Data\skypePM
[2009/09/01 14:07:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AAnalyst 200\Application Data\Skype
[2009/09/01 13:50:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/09/01 13:50:23 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/09/01 13:50:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/09/01 12:04:39 | 00,000,000 | ---D | C] -- C:\New Folder
[2009/08/28 12:50:48 | 00,013,949 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Sri Lalita.docx
[2009/08/28 08:57:59 | 00,249,842 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Radhastami_16_W_iskcondesiretree.jpg
[2009/08/28 08:57:40 | 00,356,423 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Radhastami_08_W_iskcondesiretree.jpg
[2009/08/27 18:21:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AAnalyst 200\My Documents\Old
[2009/08/27 18:04:09 | 01,822,863 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Ah Muthal Akkuthaanada - 123musiq.com.wma
[2009/08/27 15:27:13 | 02,985,984 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Aasaiye Alaipole.mp3
[2009/08/26 18:02:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AAnalyst 200\My Documents\TMS
[2009/08/26 17:34:38 | 01,646,150 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\My Documents\SANGETHA MEGAM.wma
[2009/08/26 17:27:03 | 01,578,320 | ---- | C] () -- C:\Documents and Settings\AAnalyst 200\My Documents\SORGAM MADHUVILAE.wma
[2009/08/24 16:53:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AAnalyst 200\My Documents\HG Swarup Damodar Prabhu
[2009/08/21 10:20:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AAnalyst 200\My Documents\Kanden Kadhalai

========== Files - Modified Within 14 Days ==========

[2009/09/03 14:39:05 | 03,953,184 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/09/03 14:36:03 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/03 14:33:32 | 00,020,256 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/09/03 14:22:02 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/09/03 14:13:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/03 14:13:09 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/09/03 14:13:07 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/03 14:12:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/03 14:12:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/03 14:12:19 | 10,450,16576 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/03 14:11:22 | 00,050,540 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/09/03 14:11:22 | 00,002,780 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/09/03 13:54:08 | 00,001,175 | ---- | M] () -- C:\rollback.ini
[2009/09/03 13:43:59 | 00,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/03 13:26:13 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\Desktop\NTREGOPT.lnk
[2009/09/03 13:26:12 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\Desktop\ERUNT.lnk
[2009/09/03 11:31:04 | 00,000,456 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/09/03 11:24:07 | 00,000,480 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2009/09/03 11:24:07 | 00,000,456 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2009/09/03 11:24:07 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/09/03 11:23:14 | 00,000,187 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\Desktop\fil.reg
[2009/09/03 10:35:38 | 00,001,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
[2009/09/03 10:26:31 | 00,001,904 | ---- | M] () -- C:\rem.rtf
[2009/09/03 10:26:23 | 00,001,904 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Document.rtf
[2009/09/03 09:49:41 | 00,588,261 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\BRO_aneasierwaytodoaa.pdf
[2009/09/03 08:56:22 | 40,565,323 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/03 08:56:22 | 00,076,683 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/03 08:36:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2009/09/02 08:28:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\windsv.exe
[2009/09/02 08:26:34 | 00,000,452 | RHS- | M] () -- C:\WINDOWS\System32\autorun.inf
[2009/09/01 16:26:38 | 00,000,000 | RHS- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\khq
[2009/09/01 14:08:34 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/29 12:38:48 | 00,000,612 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\My Sharing Folders.lnk
[2009/08/29 08:37:10 | 00,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/08/28 12:50:49 | 00,013,949 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Sri Lalita.docx
[2009/08/28 08:57:59 | 00,249,842 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Radhastami_16_W_iskcondesiretree.jpg
[2009/08/28 08:57:40 | 00,356,423 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Radhastami_08_W_iskcondesiretree.jpg
[2009/08/27 18:07:03 | 01,822,863 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Ah Muthal Akkuthaanada - 123musiq.com.wma
[2009/08/27 16:09:44 | 02,985,984 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\Aasaiye Alaipole.mp3
[2009/08/26 19:02:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/26 17:34:38 | 01,646,150 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\SANGETHA MEGAM.wma
[2009/08/26 17:20:59 | 01,578,320 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\SORGAM MADHUVILAE.wma
[2009/08/26 12:06:16 | 00,008,192 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 11:13:35 | 00,009,940 | ---- | M] () -- C:\Documents and Settings\AAnalyst 200\My Documents\faridah.docx

========== LOP Check ==========

[2009/09/01 14:08:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data
[2008/12/09 11:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\agi
[2009/08/05 19:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\Anabel
[2009/05/06 19:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\BitTorrent
[2008/11/17 16:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\CyberLink
[2009/09/03 14:33:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\DNA
[2008/12/01 08:51:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\Roxio
[2008/12/09 11:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\Webshots
[2009/04/18 12:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AAnalyst 200\Application Data\WildTangent
[2009/09/03 10:35:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/09 11:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2009/06/26 11:29:40 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/11/27 12:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/10/22 18:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/08/11 13:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/09/03 10:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/03 10:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2009/07/29 17:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2009/04/18 12:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/08/18 09:31:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/31 17:32:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/07/30 13:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/12/23 17:20:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/09/03 14:22:02 | 00,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2008/04/14 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/03 14:13:07 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/03 14:36:03 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/09/03 08:36:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGADaily.job
[2009/09/03 14:13:09 | 00,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2009/09/03 11:24:07 | 00,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Anti-Virus PLUS.job
[2009/09/03 11:24:07 | 00,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2009/09/03 11:31:04 | 00,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2009/09/03 11:24:07 | 00,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2009/09/03 14:12:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 20:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 20:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49C6CDB0
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52AA05F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C69BB04
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237F3ABD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFC41B39
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2E567F
< End of report >

Edited by Nathan.K, 03 September 2009 - 03:17 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP