Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Got a virus. Win32:Malware-gen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Got a virus. Win32:Malware-gen

Unread postby Lasthar » January 12th, 2010, 9:07 pm

Hello. I got a virus, it is called -> Win32:Malware-gen <- I use Avast! and it keeps telling me I have this malware, and suggests moving it to chest. It pops up, tells me to move it, and i do. Then it pops up again right afterwards and the file is in a different location, and i click move to chest. Then it stops for like 20-30 minutes, then it tells me again. and so on. I cant get rid of it. Here is a hijackthis log.



Help me. Please.


If you want, I dont know if this against the rules, but you can add me on msn. >e-mail address removed< Maybe it will go by faster to help me




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:45 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9172879359
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: 04dabc68f9e6f01a395e4af75c6ee32b (eaaacdaae) - Unknown owner - C:\WINDOWS\eaaacdaae.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8876 bytes
Last edited by NonSuch on January 14th, 2010, 2:39 am, edited 1 time in total.
Reason: Edited to remove e-mail address.
Lasthar
Regular Member
 
Posts: 20
Joined: January 12th, 2010, 9:04 pm
Location: Michigan
Advertisement
Register to Remove

Re: Got a virus. Win32:Malware-gen

Unread postby MWR 3 day Mod » January 16th, 2010, 9:13 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Got a virus. Win32:Malware-gen

Unread postby deltalima » January 18th, 2010, 4:45 pm

Hi Lasthar,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Got a virus. Win32:Malware-gen

Unread postby Lasthar » January 18th, 2010, 4:50 pm

Here you go. Btw, an update. It seems I got another virus called win32:adware-gen [adt] And now my anti virus program does not even warn me about the win32:malware-gen virus. :(
I think the win32:adware-gen [adt] virus came from the win32:malware-gen because since the win32:malware-gen virus I have not downloaded ANYTHING or gone to any websites other than this one, youtube, and a website called www.runescape.com I have also not accepted any files from anyone....so idk how else i could have gotten it

µTorrent
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 9.2
Adobe Shockwave Player 11.5
AIM 7
AMD Processor Driver
America's Army 3
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
Audacity 1.3.8 (Unicode)
avast! Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Browser Configuration Utility
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Cheat Engine 5.5
CIF USB Camera
DivX Web Player
Download Updater (AOL LLC)
Emoticon Maker
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HyperCam 2
Java(TM) 6 Update 14
Junk Mail filter update
Left 4 Dead
Lernout & Hauspie TruVoice American English TTS Engine
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
mIRC
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 6 Service Pack 2 (KB954459)
Mu
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
NVIDIA Drivers
NVIDIA PhysX
Pivot Stickfigure Animator
Project64 1.6
PunkBuster Services
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skype web features
Skype™ 4.1
Speed Gear v6.0
Steam
Stronghold Legends
Team Fortress 2
TeamViewer 5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Vegas Pro 9.0
Ventrilo Client
Voozie Maker
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.2 final uninstall
Yahoo! Messenger
Yahoo! Software Update
ZoneAlarm
Lasthar
Regular Member
 
Posts: 20
Joined: January 12th, 2010, 9:04 pm
Location: Michigan

Re: Got a virus. Win32:Malware-gen

Unread postby deltalima » January 19th, 2010, 1:21 pm

Hi Lasthar,

I notice that you have posted with this same issue at another forum, see
http://forums.majorgeeks.com/showthread.php?p=1439471

It is not possible for two helpers to work on the same problem at the same time so if you wish to continue here please close that thread. If you wish to continue with that thread then this one will be closed.
Please let me know your decision

You mentioned that Avast
Then it pops up again right afterwards and the file is in a different location


Could you please provide copies of the Avast log to give more information about the file names and locations of these detections.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    µTorrent

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Now please reboot your computer.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with the two logs from the OTL scans and if possible the Avast logs requested above.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Got a virus. Win32:Malware-gen

Unread postby Lasthar » January 19th, 2010, 6:07 pm

Dude, i want you to help not that site i will close it in a bit. But is there any possible way you can add me on an instant messaging service or something or call me on the phone? I keep getting more and more virus's and im not even doing ANYTHING. I am starting to freak out, pretty soon my pc will be severely crippled... I need help and not the post a post, wait 6 hours for a reply, not understand what you mean so ask a question, wait another 6 hours for a reply, and so on... i want a here and now thing not a here and every 6 hours type of thing...if not i am just going to take my computer to best buy and get it fixed...I'd really like it if you could add me on an instant messaging service...if so just send a message to the inbox thing on this website.... also Now I got a virus called Js:Pdfka-TW [expl] I dont know how I got it..

so that makes three virus

win32:malware-gen
win32:adware-gen [adt]
JS:Pdfka-TW [expl]

It started off with win32:malware-gen then i got win32:adware-gen [adt] then the last one. I dont know where the other 2 came from...also i cant even move the JS:pdfka-TW [expl] virus to the chest because it says it is being used by another program, so i know it is active.... ffs i am panicking...





[EDIT] BTW if you cant help me that way, i am in the process of doing what you said... I appreciate your help btw... otl is scanning i will put them and the other thing in my next post... so yea... just one second
Lasthar
Regular Member
 
Posts: 20
Joined: January 12th, 2010, 9:04 pm
Location: Michigan

Re: Got a virus. Win32:Malware-gen

Unread postby Lasthar » January 19th, 2010, 11:16 pm

Okay... I did the one scan thing and got the OTL and Extras log. Then I ran the GMER thing, but the dang thing kept freezing my pc... i attempted the GMER scan 5 times and gave up. I sure hope you dont NEED it...

Here is the OTL and EXTRA log... OTL first, then EXTRA




OTL:


OTL logfile created on: 1/19/2010 5:15:59 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 848.35 Gb Free Space | 91.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPER-ABE66CE06
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msvs.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Pixart\Pac207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (eaaacdaae) -- File not found
SRV - (adebdecebaeeefcbf) -- C:\WINDOWS\adebdecebaeeefcbf.exe ()
SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (NETGEAR, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-73586283-1547161642-839522115-1003\S-1-5-21-73586283-1547161642-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.4.0.4
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 15:36:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/28 20:49:27 | 00,000,000 | ---D | M]

[2008/01/04 16:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/27 16:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3cdw19y9.default\extensions
[2009/10/25 06:21:09 | 00,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3cdw19y9.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2008/01/04 15:59:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/15 15:36:51 | 00,119,312 | ---- | M] (none) -- C:\Program Files\Mozilla Firefox\components\efcfdcaedbbcbd.dll

O1 HOSTS File: ([2009/08/09 11:47:17 | 00,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ALO) - {506CD401-5203-4B27-BB5A-03C97758FD02} - C:\WINDOWS\system32\lastmon.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\Pixart\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-73586283-1547161642-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-73586283-1547161642-839522115-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-73586283-1547161642-839522115-1003..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-73586283-1547161642-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-73586283-1547161642-839522115-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage =
O7 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage =
O7 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage =
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 9172879359 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/A ... tPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/17 10:25:25 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:4627d14617) - C:\WINDOWS\System32\aswBoot.exe (ALWIL Software)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/19 17:15:03 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/19 05:23:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help
[2010/01/14 16:57:49 | 00,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/01/14 16:57:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\update
[2010/01/13 15:11:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/01/12 15:53:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/01/12 15:53:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Multi File Downloader
[2010/01/12 15:17:38 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/29 04:03:16 | 00,000,000 | ---D | C] -- C:\Program Files\Project64 1.6
[2009/12/28 20:48:08 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/12/28 20:47:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/12/28 20:46:06 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/12/28 20:46:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/12/23 10:40:04 | 00,000,000 | ---D | C] -- C:\Program Files\Activision
[2009/12/23 10:37:51 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/12/23 10:21:06 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/12/23 10:20:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009/12/23 10:20:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/16 19:36:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/16 14:23:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/08/16 10:52:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/16 10:52:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/01/19 17:15:04 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/19 15:53:32 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
[2010/01/19 15:52:56 | 00,000,039 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
[2010/01/19 12:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
[2010/01/19 05:25:31 | 00,000,110 | ---- | M] () -- C:\WINDOWS\GMouse.ini
[2010/01/19 05:23:54 | 08,388,608 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/01/19 04:21:26 | 00,462,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/19 04:21:26 | 00,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/19 04:21:25 | 00,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/19 04:16:41 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/19 04:16:34 | 00,095,263 | ---- | M] () -- C:\WINDOWS\System32\adebdecebaeeefcbf.dll
[2010/01/19 04:16:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/19 04:16:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/19 04:13:21 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/19 03:39:36 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/19 01:34:58 | 07,847,758 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\sexy.mp3
[2010/01/19 01:24:57 | 05,552,462 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\DJ Khaled - We taking over (feat. Akon, Baby, Lil Wayne, Rick Ross & T.I.).mp3
[2010/01/17 03:13:54 | 00,014,518 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\blue.jpg
[2010/01/16 18:47:29 | 00,142,336 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 03:01:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/15 15:37:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/15 15:34:47 | 00,201,744 | ---- | M] () -- C:\WINDOWS\System32\lastmon.dll
[2010/01/15 15:29:33 | 00,223,264 | ---- | M] () -- C:\WINDOWS\adebdecebaeeefcbf.exe
[2010/01/15 13:46:56 | 00,209,952 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\22a758d8a92e471fb0c10f2212bfad73.exe
[2010/01/15 10:50:46 | 00,246,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ghost-mouse-2-0.exe
[2010/01/14 16:57:57 | 00,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/01/12 22:54:39 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/01/06 23:08:36 | 00,508,094 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lolololol.html
[2010/01/06 22:18:53 | 00,043,153 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\15537_189248574525_630169525_2823811_4622253_n.jpg
[2010/01/06 22:17:31 | 00,034,049 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\18656_220506344525_630169525_2965504_1334872_n.jpg
[2010/01/05 23:34:33 | 42,318,649 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\katieeee.wmv
[2010/01/05 21:34:23 | 48,580,654 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\clip0163.avi
[2010/01/02 20:16:48 | 00,000,585 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mombot_CoD_4.cfg
[2010/01/02 20:06:30 | 00,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/01/02 20:06:21 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/01/02 20:06:21 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/12/30 16:43:57 | 00,000,072 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CoD 4.ini
[2009/12/29 08:52:40 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hi.lnk
[2009/12/29 08:48:53 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/12/23 12:19:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/12/23 12:12:59 | 00,001,881 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2009/12/23 10:45:36 | 00,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2009/12/23 10:45:13 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2009/12/23 10:44:42 | 00,000,319 | ---- | M] () -- C:\WINDOWS\game.ini
[2009/12/23 10:21:12 | 00,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/23 10:21:12 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk

========== Files Created - No Company Name ==========

[2010/01/19 05:15:07 | 00,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2010/01/17 03:13:51 | 00,014,518 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\blue.jpg
[2010/01/17 02:06:52 | 07,847,758 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\sexy.mp3
[2010/01/15 15:34:47 | 00,201,744 | ---- | C] () -- C:\WINDOWS\System32\lastmon.dll
[2010/01/15 15:29:41 | 00,095,263 | ---- | C] () -- C:\WINDOWS\System32\adebdecebaeeefcbf.dll
[2010/01/15 15:29:35 | 00,223,264 | ---- | C] () -- C:\WINDOWS\adebdecebaeeefcbf.exe
[2010/01/15 13:46:56 | 00,209,952 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\22a758d8a92e471fb0c10f2212bfad73.exe
[2010/01/15 10:50:38 | 00,246,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ghost-mouse-2-0.exe
[2010/01/14 16:57:57 | 00,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/01/06 23:08:36 | 00,508,094 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lolololol.html
[2010/01/06 22:18:29 | 00,043,153 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\15537_189248574525_630169525_2823811_4622253_n.jpg
[2010/01/06 22:17:49 | 00,034,049 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\18656_220506344525_630169525_2965504_1334872_n.jpg
[2010/01/05 23:27:28 | 42,318,649 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\katieeee.wmv
[2010/01/05 21:33:26 | 48,580,654 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\clip0163.avi
[2009/12/30 16:43:57 | 00,000,072 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CoD 4.ini
[2009/12/30 16:42:01 | 01,339,392 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CoD 4.dll
[2009/12/30 16:42:01 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CoD 4.exe
[2009/12/30 16:42:01 | 00,000,585 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Mombot_CoD_4.cfg
[2009/12/29 13:01:18 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ArtificialAiming-Radar-v2.6.exe
[2009/12/29 08:52:18 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hi.lnk
[2009/12/23 10:45:36 | 00,001,881 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2009/12/23 10:45:36 | 00,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2009/12/23 10:44:42 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/12/23 10:21:12 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/23 10:21:12 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2009/12/01 02:42:39 | 00,000,051 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2009/11/14 17:58:28 | 00,000,172 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\RSBot Accounts.ini
[2009/11/14 01:44:08 | 00,000,067 | ---- | C] () -- C:\WINDOWS\SpeedGear.INI
[2009/11/06 17:54:23 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/10/06 18:15:42 | 00,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/06 18:15:42 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2009/09/08 16:17:50 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/09 16:44:31 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2009/07/04 19:37:35 | 00,142,336 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/17 13:29:01 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/06/17 13:29:01 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/12/26 00:08:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/26 00:08:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/26 00:08:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/26 00:08:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 11:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 11:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/01 08:54:37 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/01 08:54:37 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
< End of report >





EXTRAS



OTL Extras logfile created on: 1/19/2010 5:15:59 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 848.35 Gb Free Space | 91.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPER-ABE66CE06
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe" = C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\Owner\My Documents\TeamViewer.exe" = C:\Documents and Settings\Owner\My Documents\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe" = C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3 -- ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\post.exe" = C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\post.exe:*:Enabled:Windows Firevall Control C -- File not found
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}" = CIF USB Camera
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAB2A3A6-6789-4260-9966-517498589AB5}" = ArcSoft PhotoImpression 5
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}" = Mu
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"avast!" = avast! Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Emoticon Maker" = Emoticon Maker
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"ie8" = Windows Internet Explorer 8
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Speed Gear_is1" = Speed Gear v6.0
"Steam App 13140" = America's Army 3
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"TeamViewer 5" = TeamViewer 5
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Voozie Maker" = Voozie Maker
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SwiftKit" = SwiftKit
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/12/2009 10:55:30 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ller/index failed, 0000A413.


Error - 11/13/2009 7:54:07 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ller/index failed, 0000A413.


Error - 11/14/2009 12:42:00 AM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ler/create failed,
0000A413.

Error - 11/14/2009 1:50:57 AM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ller/index failed, 0000A413.


Error - 11/14/2009 3:36:23 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ller/index failed, 0000A413.


Error - 11/14/2009 4:39:50 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ller/index failed, 0000A413.


Error - 11/14/2009 8:48:16 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ler/search failed,
0000A413.

Error - 11/18/2009 5:41:24 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://users.conduit.com/iis2ebs.asp failed, 0000A413.

Error - 11/20/2009 5:59:06 AM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.youtube.com/get_video_info?& ... dtype=dclk
failed, 0000A413.

Error - 11/21/2009 9:54:23 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.youtube.com/get_video_info?& ... s&hl=en_US
failed, 0000A413.

[ Application Events ]
Error - 1/17/2010 8:23:50 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/17/2010 8:25:00 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/17/2010 8:25:00 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/17/2010 8:25:00 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/17/2010 8:25:00 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/17/2010 9:41:39 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/19/2010 4:40:59 AM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/19/2010 4:40:59 AM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/19/2010 5:19:00 AM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/19/2010 5:19:00 AM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 1/19/2010 8:16:59 AM | Computer Name = SUPER-ABE66CE06 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
LEIGHSEARS that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{EA700ABE-D55E-446. The master browser is stopping or an election is
being forced.

Error - 1/19/2010 8:17:34 AM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/19/2010 8:33:55 AM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/19/2010 9:20:15 AM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/19/2010 9:33:58 AM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/19/2010 11:03:46 AM | Computer Name = SUPER-ABE66CE06 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
LEIGHSEARS that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{EA700ABE-D55E-446. The master browser is stopping or an election is
being forced.

Error - 1/19/2010 4:18:42 PM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/19/2010 4:22:15 PM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/19/2010 6:01:59 PM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/19/2010 6:02:20 PM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}


< End of report >
Lasthar
Regular Member
 
Posts: 20
Joined: January 12th, 2010, 9:04 pm
Location: Michigan

Re: Got a virus. Win32:Malware-gen

Unread postby deltalima » January 20th, 2010, 3:01 pm

Hi Lasthar,

Scan with Rooter:

Please download Rooter.exe to your desktop.

  • Double click on Rooter.exe to start the application.
  • Now click on the Scan button.
  • When the scan is completed a text file called Rooter.txt will appear on your desktop, post the contents in your next reply.
  • Now click on Close button to exit Rooter.

Note: The logfile can also be located within this folder Rooter$ at the root of your installed Hard-Drive. EG: C:\Rooter$

Please post Rooter.txt in your next reply.

Please also post logs from Avast showing details of the viruses already detected.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Got a virus. Win32:Malware-gen

Unread postby Lasthar » January 20th, 2010, 4:20 pm

k i got them both, idk if the anti virus log is wat u needed cuz i dont really know how to do it but its there...hope it helps >_<



ROOTER





Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 16 Model 2 Stepping 3, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.5.2 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:931 Go - Free:848 Go )
D:\ [CD_Rom]
F:\ [CD_Rom]
.
Scan : 15:14.15
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (704)
______ \??\C:\WINDOWS\system32\csrss.exe (916)
______ \??\C:\WINDOWS\system32\winlogon.exe (948)
______ C:\WINDOWS\system32\services.exe (1032)
______ C:\WINDOWS\system32\lsass.exe (1044)
______ C:\WINDOWS\system32\svchost.exe (1208)
______ C:\WINDOWS\system32\svchost.exe (1252)
______ C:\WINDOWS\System32\svchost.exe (1604)
______ C:\WINDOWS\system32\svchost.exe (1692)
______ C:\WINDOWS\system32\svchost.exe (1944)
Locked vsmon.exe (2016)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (884)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (924)
______ C:\WINDOWS\Explorer.EXE (568)
______ C:\Program Files\Java\jre6\bin\jusched.exe (852)
______ C:\WINDOWS\PixArt\PAC207\Monitor.exe (860)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (1164)
Locked zlclient.exe (1904)
______ C:\WINDOWS\RTHDCPL.EXE (1300)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (1332)
______ C:\WINDOWS\system32\ctfmon.exe (1416)
______ C:\Program Files\Skype\Phone\Skype.exe (1456)
______ C:\Program Files\DAEMON Tools Lite\DTLite.exe (1488)
______ C:\WINDOWS\system32\spoolsv.exe (196)
______ C:\Program Files\NETGEAR\WPN111\wpn111.exe (660)
______ C:\Program Files\Windows Desktop Search\WindowsSearch.exe (1768)
______ C:\WINDOWS\system32\svchost.exe (2088)
______ C:\Program Files\Java\jre6\bin\jqs.exe (3124)
______ C:\WINDOWS\system32\PnkBstrA.exe (3208)
______ C:\WINDOWS\system32\svchost.exe (3428)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (3500)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (1092)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (2672)
______ C:\WINDOWS\System32\alg.exe (1428)
______ C:\WINDOWS\System32\svchost.exe (2900)
______ C:\Program Files\Skype\Plugin Manager\skypePM.exe (3880)
______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (2860)
______ C:\Program Files\Internet Explorer\iexplore.exe (800)
______ C:\Program Files\Internet Explorer\iexplore.exe (2704)
______ C:\Program Files\Windows Live\Toolbar\wltuser.exe (2244)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (3488)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:1000194015744)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\PerfectOptimizer_home.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 15:14.21
.
C:\Rooter$\Rooter_1.txt - (20/01/2010 | 15:14.21)




anti virus thing



8/17/2009 1:12:55 AM Owner 6128 Sign of "JS:FakeWarn-A [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85CH2Z4X\info[1].htm" file.
8/17/2009 3:55:50 AM Owner 6128 Sign of "JS:FakeWarn-A [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85CH2Z4X\info[2].htm" file.
8/17/2009 3:55:58 AM Owner 6128 Sign of "JS:FakeWarn-A [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85CH2Z4X\info[3].htm" file.
8/17/2009 3:56:00 AM Owner 6128 Sign of "JS:FakeWarn-A [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85CH2Z4X\info[4].htm" file.
8/17/2009 3:56:02 AM Owner 6128 Sign of "JS:FakeWarn-A [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85CH2Z4X\info[5].htm" file.
8/17/2009 3:56:05 AM Owner 6128 Sign of "JS:FakeWarn-A [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85CH2Z4X\info[6].htm" file.
8/17/2009 3:56:30 AM Owner 6128 Sign of "HTML:Script-inf" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85CH2Z4X\laura-vandervoort-nude-pictures[1].htm" file.
8/17/2009 3:59:12 AM Owner 6128 Sign of "HTML:Script-inf" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85CH2Z4X\laura-vandervoort-nude-pictures[2].htm" file.
8/17/2009 4:38:43 AM SYSTEM 1480 Sign of "HTML:Iframe-inf" has been found in "http://d1.openx.org/afr.php?campaignid=53665&what=728x90&cb=0.6601110340080651" file.
8/22/2009 5:52:31 AM SYSTEM 1532 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://ftp.belnet.be/mirror/ubuntu.com/ ... p-i386.iso (C:\WINDOWS\TEMP\_avast4_\unp143158833.tmp) returning error, 00000084.
8/25/2009 5:34:32 AM SYSTEM 1520 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006.
8/25/2009 9:37:24 AM SYSTEM 1520 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006.
12/31/2007 11:03:13 PM SYSTEM 864 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
9/11/2009 9:00:50 AM SYSTEM 872 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://mirrors.xmission.com/fedora/rele ... 64-DVD.iso (C:\WINDOWS\TEMP\_avast4_\unp27141986.tmp) returning error, 00000084.
9/15/2009 2:40:27 AM SYSTEM 1544 Sign of "WMA:Wimad [Drp]" has been found in "C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\lyaz replay.wma" file.
9/15/2009 4:33:17 AM SYSTEM 1544 Sign of "VBS:Malware-gen" has been found in "http://videos.on.nimp.org/video/funny/search=offended-reaction/result/1892021\{gzip}" file.
9/15/2009 4:33:53 AM SYSTEM 1544 Sign of "VBS:Malware-gen" has been found in "http://videos.on.nimp.org/video/funny/search=offended-reaction/result/1892021\{gzip}" file.
9/16/2009 7:53:49 PM SYSTEM 1544 Sign of "VBS:Malware-gen" has been found in "http://videos.on.nimp.org/video/funny/search=offended-reaction/result/1892021\{gzip}" file.
9/25/2009 11:07:34 PM SYSTEM 1836 Sign of "JS:FakeAV-BI [Trj]" has been found in "http://mytotalscan16.com/scan1/?pid=207&engine=pHT10jTuMzIuNDAuNDMmdGltZT0xMjU2OMgNPANN" file.
9/25/2009 11:07:57 PM SYSTEM 1836 Sign of "JS:FakeAV-BI [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\27N0NRSB\scan1[1].htm" file.
12/31/2007 11:03:09 PM SYSTEM 852 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
9/29/2009 7:51:38 AM SYSTEM 852 Sign of "VBS:Malware-gen" has been found in "http://vote.on.nimp.org/\{gzip}" file.
9/29/2009 6:45:08 PM SYSTEM 852 Sign of "JS:FakeCodec-G [Trj]" has been found in "http://173.20.41.88/d=www.gecahe.com/0x3E8/f=fb2/view/" file.
9/29/2009 6:45:12 PM SYSTEM 852 Sign of "JS:FakeCodec-G [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\P60O7RX6\view[1].htm" file.
12/31/2007 11:02:02 PM SYSTEM 204 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
12/31/2007 10:05:56 PM SYSTEM 868 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
12/31/2007 9:16:06 PM SYSTEM 1820 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
12/31/2007 9:41:07 PM SYSTEM 884 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
10/20/2009 11:42:30 AM SYSTEM 892 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006.
10/27/2009 2:33:05 PM SYSTEM 816 Sign of "HTML:Iframe-inf" has been found in "http://autoonline-advisor.us/" file.
10/31/2009 4:25:45 AM SYSTEM 816 Sign of "HTML:RedirME-inf [Trj]" has been found in "http://advtunix.com/s/in.cgi?30&ab_iframe=1&ab_badtraffic=1&antibot_hash=1932330960&ur=1&HTTP_REFERER=http://d1.openx.org/afr.php?zoneid=81559&cb=46576869605" file.
1/1/2008 12:03:32 AM SYSTEM 208 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
11/5/2009 4:16:52 PM SYSTEM 1848 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://ad-g.doubleclick.net/imp;v7;x;21 ... lg=en;kpu= (C:\WINDOWS\TEMP\_avast4_\unp145103654.tmp) returning error, 0000A413.
11/8/2009 11:02:13 PM SYSTEM 856 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://weather.services.conduit.com/wea ... d=USMI0013 (C:\WINDOWS\TEMP\_avast4_\unp260374074.tmp) returning error, 0000A413.
11/12/2009 1:59:31 AM SYSTEM 1676 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://api.omgpop.com/api/pool?commands ... ller/index (C:\WINDOWS\TEMP\_avast4_\unp89642270.tmp) returning error, 0000A413.
11/12/2009 9:55:30 PM SYSTEM 1676 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://api.omgpop.com/api/pool?commands ... ller/index (C:\WINDOWS\TEMP\_avast4_\unp238357398.tmp) returning error, 0000A413.
11/13/2009 6:54:07 PM SYSTEM 1676 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://api.omgpop.com/api/pool?commands ... ller/index (C:\WINDOWS\TEMP\_avast4_\unp143410484.tmp) returning error, 0000A413.
11/13/2009 11:42:00 PM SYSTEM 1676 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://api.omgpop.com/api/pool?commands ... ler/create (C:\WINDOWS\TEMP\_avast4_\unp49273692.tmp) returning error, 0000A413.
11/14/2009 12:50:57 AM SYSTEM 1676 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://api.omgpop.com/api/pool?commands ... ller/index (C:\WINDOWS\TEMP\_avast4_\unp70908086.tmp) returning error, 0000A413.
11/14/2009 2:36:24 PM SYSTEM 1676 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://api.omgpop.com/api/pool?commands ... ller/index (C:\WINDOWS\TEMP\_avast4_\unp98352774.tmp) returning error, 0000A413.
11/14/2009 3:39:50 PM SYSTEM 1676 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://api.omgpop.com/api/pool?commands ... ller/index (C:\WINDOWS\TEMP\_avast4_\unp14136695.tmp) returning error, 0000A413.
11/14/2009 7:48:16 PM SYSTEM 1676 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://api.omgpop.com/api/pool?commands ... ler/search (C:\WINDOWS\TEMP\_avast4_\unp6017468.tmp) returning error, 0000A413.
11/18/2009 4:41:24 PM SYSTEM 1844 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://users.conduit.com/iis2ebs.asp (C:\WINDOWS\TEMP\_avast4_\unp91051343.tmp) returning error, 0000A413.
11/20/2009 2:40:26 AM SYSTEM 1844 Sign of "JS:FakeAV-O [Trj]" has been found in "http://mediaresearch.ws/?tid=28&aid=28&engine=NDk0MWMzNmUyNGZiOTU3YmRiY2JjYzQ2NTY4ODY3ZmY=" file.
11/20/2009 2:40:27 AM SYSTEM 1844 Sign of "JS:FakeAV-AB [Trj]" has been found in "http://mediaresearch.ws/img/flist.js" file.
11/20/2009 2:40:35 AM SYSTEM 1844 Sign of "JS:FakeAV-AB [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZA6ZHZXU\flist[1].js" file.
11/20/2009 2:40:48 AM SYSTEM 1844 Sign of "JS:FakeAV-AB [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZA6ZHZXU\flist[1].js" file.
11/20/2009 4:59:06 AM SYSTEM 1844 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://www.youtube.com/get_video_info?& ... dtype=dclk (C:\WINDOWS\TEMP\_avast4_\unp55403933.tmp) returning error, 0000A413.
11/21/2009 8:54:23 PM SYSTEM 1272 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://www.youtube.com/get_video_info?& ... s&hl=en_US (C:\WINDOWS\TEMP\_avast4_\unp212520995.tmp) returning error, 0000A413.
1/1/2008 12:03:37 AM SYSTEM 884 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
1/1/2008 12:07:01 AM SYSTEM 188 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
12/13/2009 5:11:28 PM SYSTEM 832 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
12/15/2009 7:18:23 AM SYSTEM 1840 Sign of "JS:Downloader-GW [Trj]" has been found in "http://rightdecisionhere2.cn/index.php" file.
12/21/2009 8:19:43 AM SYSTEM 1824 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
12/21/2009 12:22:17 PM SYSTEM 1824 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
12/23/2009 11:38:24 AM SYSTEM 908 Sign of "HTML:Iframe-inf" has been found in "http://ads2.sleepdisorderconnect.us/espotdigital_120x600.html?clickTag=http://network.alliancehealth.com/z/1043/CD972/" file.
12/23/2009 11:38:31 AM SYSTEM 908 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5IV4WCN5\espotdigital_120x600[1].htm" file.
12/23/2009 11:34:53 PM SYSTEM 908 Sign of "JS:Pdfka-UD [Expl]" has been found in "http://dryclet.com/food/pr37.php\{gzip}" file.
12/24/2009 6:57:46 PM SYSTEM 908 Sign of "HTML:RedirME-inf [Trj]" has been found in "http://bandurina.info/images/wait.html\{gzip}" file.
12/27/2009 3:47:43 AM SYSTEM 908 Sign of "JS:Redirector-AQ [Trj]" has been found in "http://pastyono.info/cgi-bin/gjj/jHffe2d4bbV0100f080006R00000000102Tb4d5cba4201L656e2d75730000000000" file.
12/30/2009 2:17:22 PM SYSTEM 908 Sign of "HTML:Iframe-inf" has been found in "http://creative.lexington-credit.com/adonion_728x90.html?clickTag=http://lexington-credit.com" file.
12/30/2009 2:17:26 PM SYSTEM 908 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M36P01BL\adonion_728x90[1].htm" file.
12/31/2009 2:00:22 PM SYSTEM 908 Sign of "Win32:Ardamax-GR [Trj]" has been found in "C:\DOCUME~1\Owner\LOCALS~1\Temp\@A06.tmp" file.
1/1/2010 2:29:05 PM SYSTEM 908 Sign of "JS:Downloader-FT [Trj]" has been found in "http://statcntr.com/news/go.php?sign=ca6dac68bf45f2d85effc7afd66808e4&s=5712" file.
1/1/2008 12:03:02 AM SYSTEM 1940 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
1/12/2010 4:03:30 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\4d1d823839186e24bf0e809ceddab6e5.exe" file.
1/12/2010 4:03:44 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\1188e3ba8df725d2a3c8de806912dc41.exe" file.
1/12/2010 4:13:50 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\36deee80ea457e597042b67d0d918a1a.exe" file.
1/12/2010 4:13:56 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\ba9e1a03fcca1fa2b03bd1d0fc7aeef1.exe" file.
1/12/2010 4:24:28 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\6e710f1288f76134a8b76457e3d860af.exe" file.
1/12/2010 4:25:41 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\fc1dc845acbbbd9927d948d35b5dfaa9.exe" file.
1/12/2010 4:35:51 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\16c84611ceef80daecc03a0b0ece1051.exe" file.
1/12/2010 5:25:23 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\07c7d713e394f679cfd3a4eccf79688b.exe" file.
1/12/2010 5:35:37 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\7ce22229ae2001e289297d03ebbb4a72.exe" file.
1/12/2010 5:45:33 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\8caaf35281233aa0b9f08e4e2c1a2560.exe" file.
1/12/2010 5:46:31 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\RECYCLER\S-1-5-21-73586283-1547161642-839522115-1003\Dc36.exe" file.
1/12/2010 5:56:32 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\3012a641678d10b8c5c768d8decb96bd.exe" file.
1/12/2010 6:24:57 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\ab5f5c72ecb4e2eb1c56a631578663ef.exe" file.
1/12/2010 6:35:42 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\cea493a5e1238ea075e38f854ffe709b.exe" file.
1/12/2010 6:35:47 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\b5e78cb7c7323ea33ae93fdb40ee44f0.exe" file.
1/12/2010 6:45:54 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\c14717b0beb54245b2ddd77ae22eb689.exe" file.
1/12/2010 6:49:07 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\410c133f8ad641c8bfa533191712487a.exe" file.
1/12/2010 7:02:19 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ee342e2b07981626711c2490fc92adb3.exe" file.
1/12/2010 7:04:55 PM SYSTEM 1940 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\Temp\ee342e2b07981626711c2490fc92adb3.exe" file.
1/12/2010 7:12:56 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\b988475813f65186fcda468ef7f08514.exe" file.
1/12/2010 7:18:54 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\f8a7080e7db29ba45db58f7e48b02b85.exe" file.
1/12/2010 7:21:46 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\RECYCLER\S-1-5-21-73586283-1547161642-839522115-1003\Dc1.exe" file.
1/12/2010 7:22:06 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\21b23bb25b6b0f9805a6aad24ae310c2.exe" file.
1/12/2010 7:32:15 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\1649140ab09f31648e0e72a5dbe2b6c8.exe" file.
1/12/2010 7:32:24 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\002b5aa9d29ea5cac6b2e5194758eb33.exe" file.
1/12/2010 7:42:28 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\c7b16300d69e93c1ce22101ba458cd79.exe" file.
1/12/2010 7:42:33 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\f2a8f600e8f29f997a2bdbbbb0339b05.exe" file.
1/12/2010 7:52:38 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\226fa2d99df824123c1ae0367fba2994.exe" file.
1/12/2010 8:08:31 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\34c3cc9b89f3607310dbd07671f2927b.exe" file.
1/12/2010 8:18:37 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\102d29a998aa4bab583da227bf07f36e.exe" file.
1/12/2010 9:16:40 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\41546671658ca554f8e15605b4a8a475.exe" file.
1/12/2010 9:26:43 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\a9277ab0a8f92b059f589c5ff8ea35d5.exe" file.
1/12/2010 9:26:47 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\787dc1d1a51d2edb5ee5a8840cf6bf68.exe" file.
1/12/2010 9:36:49 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\b8736ac656f8244c63218fcef28194d5.exe" file.
1/12/2010 9:36:52 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\c1abec97394a281fa6d13acf3de8a7be.exe" file.
1/12/2010 9:46:55 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\a973b358be8e64b3d283084e836e6c5c.exe" file.
1/12/2010 9:46:59 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\8c2990b826a5d619aa1e35f07a13e1db.exe" file.
1/12/2010 9:57:02 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\0a16e25f9a52219effa9daf486daef3d.exe" file.
1/12/2010 9:57:05 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\5c3ef97eb106aa2a02e2e42fc81ff2d2.exe" file.
1/12/2010 10:07:08 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\44bfb393a177c193c6908f8c7309d0ea.exe" file.
1/12/2010 10:07:10 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\148620835599e1298701c19b496f38b8.exe" file.
1/12/2010 10:17:13 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ddc72fa12e71226aa08cbf5353b849e4.exe" file.
1/12/2010 10:17:14 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ddc72fa12e71226aa08cbf5353b849e4.exe" file.
1/12/2010 10:17:20 PM SYSTEM 184 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\24be556eca4f780a5791a543c61d9c9f.exe" file.
1/12/2010 10:29:14 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\e00ee17e7f0173a627b4228f95bded01.exe" file.
1/12/2010 10:39:35 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\63a0096efe84cbb165c0712817139ecb.exe" file.
1/12/2010 10:39:46 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\e32693ef28cc148f878d80a9c7d4b51d.exe" file.
1/12/2010 10:50:01 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\fd33b56b6542f38cee09b1375e39b0fc.exe" file.
1/12/2010 10:50:04 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\88762b52045f27ae8bd9d8411c6de072.exe" file.
1/12/2010 11:00:07 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\1cab33f76cf446f5894b4c12c22efe04.exe" file.
1/12/2010 11:00:10 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\7fb5ea32c459e9d2bb2435f5bc8bc4d6.exe" file.
1/12/2010 11:10:14 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\a401e45472a631a7a193c59446cbe824.exe" file.
1/12/2010 11:10:17 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\d2746866917c05860785a422b7593df4.exe" file.
1/12/2010 11:20:20 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\1468d0fff97adcb15be64ccf9afc0991.exe" file.
1/12/2010 11:20:25 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\223094cdf4707fe63482b82e592b8026.exe" file.
1/12/2010 11:30:28 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\e5d40fa50bf3c762bf4cbad21f8b8ec8.exe" file.
1/12/2010 11:30:31 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\00365c11c6c7716a378925e68fe5b922.exe" file.
1/12/2010 11:40:33 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\7b7e915018e123d47f71ec75a78e9869.exe" file.
1/12/2010 11:40:36 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\ca9054c85c710aae08e3d04819aae952.exe" file.
1/12/2010 11:50:42 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\f552b4b92cf29db202a011ad8f69f57d.exe" file.
1/13/2010 12:13:34 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\021af0c40d6d81dbc4e4fc9c5df6b7e5.exe" file.
1/13/2010 12:23:38 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\bd1b59f369c250f5d405419643c8e9f3.exe" file.
1/13/2010 12:23:41 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\c3d310c4f507bbe38e01941c5267421b.exe" file.
1/13/2010 12:33:48 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\e8980d05d8c9427a9ab8fe158a57caec.exe" file.
1/13/2010 12:33:51 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\2ffa9e1e15e518c2bbc627fa7d2f3dc2.exe" file.
1/13/2010 12:43:57 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\13c71ce31182f06415286eea538fb248.exe" file.
1/13/2010 12:44:01 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\c89cd79e6cf207ee8161ca8f9d82e442.exe" file.
1/13/2010 12:54:08 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\5e716c558da383014bcb0c76934d1fe1.exe" file.
1/13/2010 12:54:11 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\ff504bd28fbc9041c6a20fba34eec539.exe" file.
1/13/2010 1:04:15 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ffa62aae749692903dc660ad45a7f030.exe" file.
1/13/2010 1:04:18 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\c9817537721c63f6123aed61849e82bf.exe" file.
1/13/2010 1:14:22 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\cc7f065b2acab1ffa48716688ee8e02f.exe" file.
1/13/2010 1:56:57 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\7c588f512a92b4b47d2c8ac16133f3c1.exe" file.
1/13/2010 2:07:01 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\f889715aa53dbdd5c63ee260d29d5b24.exe" file.
1/13/2010 2:07:04 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\0f582bd671fa69b69edbcd547cd1ab46.exe" file.
1/13/2010 2:17:10 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\c5ad42f7f96fd27e69dd8fe6bd380536.exe" file.
1/13/2010 2:17:15 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\f65a47e3e4f374773069e176d908d1fc.exe" file.
1/13/2010 2:27:20 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\4cb9ddd0c25458c5e5ee9c802b2a59c4.exe" file.
1/13/2010 11:27:44 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\ace7194f40da9b3f2f0cbce3eb6667e6.exe" file.
1/13/2010 11:37:49 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\c185d272a9aed38bcd204caea79c0ec0.exe" file.
1/13/2010 11:38:18 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\e4fc6f2f5501a775fcc9f67747057688.exe" file.
1/13/2010 11:43:18 AM Owner 2584 Sign of "Win32:Ardamax-KB [Spy]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temp\@A07.tmp" file.
1/13/2010 11:48:40 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\3e5e811d528a4a3e47ebe5b97e5b048c.exe" file.
1/13/2010 12:10:57 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\2e19eeda7ea89adb164c30f962e08458.exe" file.
1/13/2010 12:20:33 PM Owner 2584 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temp\IXP000.TMP\post.exe" file.
1/13/2010 12:21:06 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\784cb2bf1e6a1a3778dffd9a2d48dddb.exe" file.
1/13/2010 12:21:32 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\9cc1c5a1ee4ffc05e89be87f272f75b8.exe" file.
1/13/2010 12:31:36 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\3ea645801a6d7479f81106795d575851.exe" file.
1/13/2010 12:36:19 PM Owner 2584 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\T604ON41\espotdigital_160x600[1].htm" file.
1/13/2010 12:37:58 PM Owner 2584 Sign of "JS:Pdfka-UU [Expl]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UCF8QLM1\pdffile[1].pdf" file.
1/13/2010 1:32:28 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\fcdfb5732db27c2f736497ac1312b085.exe" file.
1/13/2010 1:42:32 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\e7ac7a520120df04e38ed7234f998a4f.exe" file.
1/13/2010 1:42:37 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\f5bfc4a017fbe53140e302aabeecb944.exe" file.
1/13/2010 1:52:40 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\a016b66f5cc599ac005d1cf320fa602a.exe" file.
1/13/2010 1:52:41 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\a016b66f5cc599ac005d1cf320fa602a.exe" file.
1/13/2010 1:52:44 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\65930cc8cefd5f9646e43f2ea74e9849.exe" file.
1/13/2010 2:02:47 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\8717ff51fca911afc815550e9c2f013a.exe" file.
1/13/2010 2:10:10 PM Owner 2584 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\rundll.exe" file.
1/13/2010 2:13:33 PM Owner 2584 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\Temp\8717ff51fca911afc815550e9c2f013a.exe" file.
1/13/2010 2:19:51 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\2e54f831e73090d499f67fe829a976b8.exe" file.
1/13/2010 2:19:53 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\2e54f831e73090d499f67fe829a976b8.exe" file.
1/13/2010 2:29:57 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\0473d62b13d5a5f47a891d5dab3517e8.exe" file.
1/13/2010 2:56:33 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\3b30b57fbb7c074c06ed58fd31f22ea2.exe" file.
1/13/2010 3:06:42 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\e08f12682eaffe3a7e29ab1e358edffe.exe" file.
1/13/2010 3:06:45 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\cd8661814fa6b469dfd235a4e6ea2a3a.exe" file.
1/13/2010 3:11:44 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\2e54f831e73090d499f67fe829a976b8.exe" file.
1/13/2010 3:16:49 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\004212a5f2739e19427dc7e30d677db1.exe" file.
1/13/2010 3:16:49 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\004212a5f2739e19427dc7e30d677db1.exe" file.
1/13/2010 3:16:52 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\56788772b0555550ad98278c69bc3bf9.exe" file.
1/13/2010 3:26:55 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\b7180da38acb0ba6848881d582834bbf.exe" file.
1/13/2010 4:14:50 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\8a64c8443faf7e70f6648d444e500b28.exe" file.
1/13/2010 4:24:55 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\9efa5f8e6aa233a82dc220e8f8ed278e.exe" file.
1/13/2010 4:24:58 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\08f67d69b9c8b5a39e2576c28cf27562.exe" file.
1/13/2010 4:35:02 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\d2c932aba96418b6f4f06cc7ed8deb5d.exe" file.
1/13/2010 4:35:18 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\1620276d0f22dd638e189f441369a8d8.exe" file.
1/13/2010 4:45:27 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\d259ea6a935dabf583deef9f8809b0e1.exe" file.
1/13/2010 4:45:42 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\80f327238d278d71bf3466175151be72.exe" file.
1/13/2010 4:56:00 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\e920a9964c54ec745394f1f16e9ef395.exe" file.
1/13/2010 4:56:04 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\5ea83f61086bf6ba042fee510fa4c0d2.exe" file.
1/13/2010 5:06:07 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\e35417b7218da25f88525ecff21926f5.exe" file.
1/13/2010 5:06:10 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\a42f4608484dd737b5cd22888faea9a5.exe" file.
1/13/2010 5:16:15 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\fe7a9d1f037c6929885465131d2afbb6.exe" file.
1/13/2010 6:55:00 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\9eeb467ab1707eaa22bfb62c10d51815.exe" file.
1/13/2010 7:05:05 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\dd8f61487d4c5207445098b827a69479.exe" file.
1/13/2010 7:05:07 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\050160411522fbf80294c60775fff33d.exe" file.
1/13/2010 7:15:11 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\16885a20e31f1ee360b0fe3e99b2865c.exe" file.
1/13/2010 7:15:14 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\b1a0ddef12cd6649887064d697479bda.exe" file.
1/13/2010 7:25:18 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\10b6a9599481274c823e49cdfc6e09e5.exe" file.
1/13/2010 8:44:05 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\2be226ad34b97c2b45bad9e6d161a2d8.exe" file.
1/13/2010 8:54:11 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\b78e21a5da6d07a864771038ffff215a.exe" file.
1/13/2010 8:54:13 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\f52d0b8d80e778c10dc07d9850be424c.exe" file.
1/13/2010 9:04:17 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\13079976980d05a513f9f79e07c1356b.exe" file.
1/13/2010 9:04:25 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\8d66723b1dfe169e3ea6a0445afdf25f.exe" file.
1/13/2010 9:17:42 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\5ed1feea5e07295d4427c78e506cf8bb.exe" file.
1/13/2010 9:17:45 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\ca575b4c8a4bd8b25abb799f3de84cd9.exe" file.
1/13/2010 9:27:49 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\5ae67d41b3e36830018a68689221f859.exe" file.
1/13/2010 9:27:51 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\01d4085a7644da28d3a72e50a52abe53.exe" file.
1/13/2010 9:37:54 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\138b4709b200d20ce851ab1cbbecd70b.exe" file.
1/13/2010 9:37:57 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\23fecd54cc63814a7384f264fd87b083.exe" file.
1/13/2010 9:47:59 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\b9ebd7591dd09b3070e1a6eb94498f4c.exe" file.
1/13/2010 9:48:02 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\3ffd5ecf73ab9cd88d91a62c930c83c9.exe" file.
1/13/2010 9:58:06 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\31a974084936edd4a001c4b77e9b018a.exe" file.
1/13/2010 9:58:10 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\4ba3773cfbfc7640374d30d077e68465.exe" file.
1/13/2010 10:08:14 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\8ffa164230dc2ea47c719ff91e020e1e.exe" file.
1/13/2010 10:08:16 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\1cf473f39629d00afd91e042a2c9d243.exe" file.
1/13/2010 10:18:19 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\f00d78d50aa0f484ec4af9bdd638b6dc.exe" file.
1/13/2010 10:18:24 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\a38c4e43c4de13924defa9683066c381.exe" file.
1/13/2010 10:28:27 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ab33d94bab0979ea995c86e1440ea081.exe" file.
1/13/2010 10:28:29 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\8c1e42cac257e70f284d65fa9a32a4cd.exe" file.
1/13/2010 10:38:32 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\02540ff73e7014e1673c81cd9945cc26.exe" file.
1/13/2010 10:38:35 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\29ddc910c4d4b8938b84658e5796dd6d.exe" file.
1/13/2010 10:48:39 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\414743b400ca64be0d7a9ec4385bb65b.exe" file.
1/13/2010 10:48:42 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\e782e3af32e8059557936db57765c5df.exe" file.
1/13/2010 10:58:45 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\bbe86861a30ab48febfb29dc78c610a1.exe" file.
1/13/2010 10:59:24 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\4561c7e784333ef88bfe1fc97beb4fce.exe" file.
1/13/2010 11:09:27 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\33052f465563b373de6ab7d8ac2dacf0.exe" file.
1/13/2010 11:09:30 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\f38ad4366dc05982164cc76094150314.exe" file.
1/13/2010 11:19:33 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\8cb4a3e45ff22ab245a7933357a37616.exe" file.
1/13/2010 11:19:36 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\333c8fe45d567410d0b60a71f41cb629.exe" file.
1/13/2010 11:29:39 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\bc162fdfa6c3072c11af22cc93af845a.exe" file.
1/13/2010 11:29:43 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\4df730138622b61916b5d61f225f6cd4.exe" file.
1/13/2010 11:39:45 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\7f8c99839c8095c90203934a95757be7.exe" file.
1/13/2010 11:39:52 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\f71acce353537f2e29d7185bf69a07ce.exe" file.
1/13/2010 11:49:55 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\bc10d90518ad6c6abfa6b66398297dc4.exe" file.
1/13/2010 11:49:58 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\0cac933f0bdc6b1109cf30e895f84f43.exe" file.
1/14/2010 12:00:00 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ddf05e7fecbf24bae6af904b0dd5ff4e.exe" file.
1/14/2010 12:00:03 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\c1f6b0bb8e6f4a2d709ec439e97def1d.exe" file.
1/14/2010 12:10:06 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\97eebd763c1d8fea09a76809cb0df9a5.exe" file.
1/14/2010 12:10:10 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\b8f66c4b7e46ea3bd69e954abca009aa.exe" file.
1/14/2010 12:20:15 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\cb8caaad72caa6b781cbc07ae797f471.exe" file.
1/14/2010 12:20:17 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\0a1cbbc6e01b82d0353e79a30c674da5.exe" file.
1/14/2010 12:30:20 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\2ff8ebc58b78ec420ddf55b6656dc47a.exe" file.
1/14/2010 12:30:24 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\68b3a61f82bb1cb11d556931f4eae709.exe" file.
1/14/2010 12:40:27 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\6727111cb8448e55bdae7ff374b4da6f.exe" file.
1/14/2010 12:40:30 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\acdb552aa8065a865deefe526c886d44.exe" file.
1/14/2010 12:50:33 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ba88b12e0e8934b97e22f05580d94eef.exe" file.
1/14/2010 12:50:37 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\e7abbb2f771fa808203b14129415f9ed.exe" file.
1/14/2010 1:00:40 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\df193c1cc994d1ef98d6156346a512fb.exe" file.
1/14/2010 1:00:43 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\97ee1f9547e7e082aaa021076908b7c1.exe" file.
1/14/2010 1:10:45 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\6546616cc70fbe97ff8d3a222c53f366.exe" file.
1/14/2010 2:36:31 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\65b3432e4ed8c8ae0b82c4d1c8588274.exe" file.
1/14/2010 2:46:40 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\051ef51af6ef6dba83e1bfb96588b770.exe" file.
1/14/2010 10:46:42 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\685ff1f2c1edad2a7ad933d99ba45eed.exe" file.
1/14/2010 10:56:47 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\b971053bf017a7ce4841dd8e92952146.exe" file.
1/14/2010 10:56:51 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\3362347297020ab2f738050185a50daf.exe" file.
1/14/2010 11:06:55 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\cb9c4e1aca599a0909c35963857c883e.exe" file.
1/14/2010 11:07:01 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\f13533005792ac59d1ed524fdd9170c6.exe" file.
1/14/2010 11:17:05 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\be1c3af3ca7f2a7b90b803c0e0802177.exe" file.
1/14/2010 11:17:12 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\87469872e2d60bfcb050cbb268e5a9a6.exe" file.
1/14/2010 11:27:15 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\bc4a32184e60f5c9cc2858a0303358a1.exe" file.
1/14/2010 11:27:19 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\9b25f2814096be2fff7dae6e67c0d38c.exe" file.
1/14/2010 11:37:23 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ef73f4421be0ba9bcdb9c2af6f2e32de.exe" file.
1/14/2010 11:37:27 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\0fb9b732b1620f862e050043d1a0e280.exe" file.
1/14/2010 11:47:32 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\35dde6ebcc5aa82ef4e8bb93df82154f.exe" file.
1/14/2010 11:47:35 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\a26472515bfa1ed21132dc443a3b0d27.exe" file.
1/14/2010 11:57:39 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\9dc8a35f977bc365ca3ec0d4942d95b7.exe" file.
1/14/2010 11:57:43 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\315d221d53b4f909a44df8008f81ad0b.exe" file.
1/14/2010 12:07:47 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\0b0ccec7a7354116d97eb97cf9ec27c1.exe" file.
1/14/2010 2:01:14 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\2f0b39789327b6f376eb864f1c85e5a5.exe" file.
1/14/2010 2:11:20 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\96775d63230b74100f51b5198f4582bd.exe" file.
1/14/2010 2:11:33 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\298975c4b64112d667e7a64af7559831.exe" file.
1/14/2010 2:21:36 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\d20d632481a16c99cb3a817f26e5de09.exe" file.
1/14/2010 2:21:41 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\35ce080217d2397d0dffaa4870d99aa4.exe" file.
1/14/2010 2:31:44 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\e3fb58cbf7146a3b5a62fc965b88123c.exe" file.
1/14/2010 3:45:10 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\5a40716751b474c326045657aef963ba.exe" file.
1/14/2010 3:55:14 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\3a5c95430627869fcce38ffb952ae8e6.exe" file.
1/14/2010 3:55:16 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\2040e903e27e05b3e8cfbb8fea24842d.exe" file.
1/14/2010 4:05:19 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\625ca592162f85aad466c2fc3eebb086.exe" file.
1/14/2010 4:05:28 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\5bbb893c290cfb4485ac397b33d82b13.exe" file.
1/14/2010 4:15:35 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\8f6d30a1943392d0c89b9d260846bafa.exe" file.
1/14/2010 4:15:36 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\5d367e5380ded1bf5a613d93a956334e.exe" file.
1/14/2010 5:13:24 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\97e0d3773bc18104d71c8d167247916d.exe" file.
1/14/2010 5:13:51 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\d07d4d61ddcdab689e73e0ef34e0b4ec.exe" file.
1/14/2010 5:23:54 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\35f563c0222fe644e64bba377bf0bf53.exe" file.
1/14/2010 5:23:58 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\5e946a14de9dd4207ce5571abd0e8413.exe" file.
1/14/2010 5:34:01 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\1e8ae93509f78970ab18bb32dafd9b48.exe" file.
1/14/2010 5:34:06 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\bf29635e3b1fcdd327f73ce377f0a284.exe" file.
1/14/2010 5:44:09 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\371fcbe635181ffcceabd8691d4bb786.exe" file.
1/14/2010 5:44:17 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\6a665d20f1ee1b20aa6214f28298e76e.exe" file.
1/14/2010 5:54:20 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\28ee1ad4cb0f91351f11ecefdd401026.exe" file.
1/14/2010 6:55:59 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\21665d3a0786e3cd1e59d0f3758fbccb.exe" file.
1/14/2010 7:06:02 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\4cddd3143b0227ae97e27d4eccbb2f2f.exe" file.
1/14/2010 7:06:04 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\def2120e60f1d7eac4ded716ed7616af.exe" file.
1/14/2010 7:16:07 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\b9597109cdd02b4ecf1979dda27ccf78.exe" file.
1/14/2010 7:16:10 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\fbff8d8bfdf05b26ff81671373222140.exe" file.
1/14/2010 7:26:14 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\9c1f7993178ba9ae0e4368a410e9b816.exe" file.
1/14/2010 7:26:17 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\2ce4bd22bc16bc616a5ebb0e43584e23.exe" file.
1/14/2010 7:36:20 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ab2b180961d12780712c2408a896c6cf.exe" file.
1/14/2010 7:36:21 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ab2b180961d12780712c2408a896c6cf.exe" file.
1/14/2010 7:36:23 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\b8a9391b6de2f7db0794068f960ad7a4.exe" file.
1/14/2010 7:46:26 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\8585b4bb5db5767e7c5227635b2ea5be.exe" file.
1/14/2010 7:46:27 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\8585b4bb5db5767e7c5227635b2ea5be.exe" file.
1/14/2010 7:46:31 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\e33d5e4a72210fdbe06da1609ce4977e.exe" file.
1/14/2010 7:56:38 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\7bd6de86f8c2ecb2236b452579caa6a5.exe" file.
1/14/2010 10:01:22 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\a7f706ec1f79c5956289019ed33ef632.exe" file.
1/14/2010 10:11:27 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\452980cf076963f22e687fe9abc1b7d4.exe" file.
1/14/2010 10:11:31 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\2377eedf2f04129c7d88c8eced9665f8.exe" file.
1/14/2010 10:21:35 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\7acb9e32487e16df5ea4e9bfde546bc9.exe" file.
1/14/2010 10:21:35 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\7acb9e32487e16df5ea4e9bfde546bc9.exe" file.
1/14/2010 10:21:38 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\2827e1b13491ee6cb1975a6fcce594be.exe" file.
1/14/2010 10:31:41 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\7d404303dca1e9ebe6d945da56f08b7d.exe" file.
1/14/2010 10:31:46 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\218c1e848c408cbdb6ffd3186ec54db7.exe" file.
1/14/2010 10:41:52 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\6fce0c7b8f4bef66509cfc5e7dbbecbf.exe" file.
1/14/2010 10:41:55 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\5422646ef87a46c8612edc77f1619847.exe" file.
1/14/2010 10:51:59 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\dd678e29b0b01502e8f3efe7f8eacf36.exe" file.
1/14/2010 10:52:02 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\39b575b2a4ef63323a64ad9fdbeee364.exe" file.
1/14/2010 11:02:08 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\5774a2413ad21252b36305211f9a5df6.exe" file.
1/14/2010 11:30:38 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\32bc484e739333594546b96c6d84bd44.exe" file.
1/14/2010 11:40:41 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\ceedf6342524f024880eb275d2c16ce3.exe" file.
1/14/2010 11:40:43 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\6bc7e966bbbfdfc40d57320b8f5d39cf.exe" file.
1/14/2010 11:50:47 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\fa02a752226370419d565c1cd50568b3.exe" file.
1/14/2010 11:50:49 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\8c617c2e9f3025664d8d6998f1829fc2.exe" file.
1/15/2010 12:00:52 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\bcd8e721d6c5abf5e5249ba272428930.exe" file.
1/15/2010 12:00:55 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\b998027c1a996bf5a3547323b29d9c62.exe" file.
1/15/2010 12:10:58 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\b025c6d9c8438f352cad928f6bd2c7d1.exe" file.
1/15/2010 12:11:02 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\ad3f6c21cba2a0adb2d159e095b2050c.exe" file.
1/15/2010 12:21:05 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\e0e0490a0908a9603636c533008555a3.exe" file.
1/15/2010 12:21:09 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\0f35460ebb2ac6773031f5019aba1fd3.exe" file.
1/15/2010 12:21:10 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\0f35460ebb2ac6773031f5019aba1fd3.exe" file.
1/15/2010 12:21:59 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\RECYCLER\S-1-5-21-73586283-1547161642-839522115-1003\Dc7.exe" file.
1/15/2010 12:31:14 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\fe8c2fa7242a5b883b39ac3b453318f5.exe" file.
1/15/2010 1:13:22 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\4e528f59fc248cc466fd75e6e6250ccf.exe" file.
1/15/2010 1:23:25 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\43d75109c52fcc9c0f4e767c66fdd336.exe" file.
1/15/2010 1:23:32 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\4d8e3cb6a83beb32ca5fd0b3953448c4.exe" file.
1/15/2010 10:36:01 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\079c16e2ea949ca439beb4c44b6c0f0b.exe" file.
1/15/2010 10:36:01 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\079c16e2ea949ca439beb4c44b6c0f0b.exe" file.
1/15/2010 10:36:06 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\7469eb233943fddcf1b2c99e75ef6d6a.exe" file.
1/15/2010 10:46:09 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\17d5a5e6101da5c8d8be6859a022c209.exe" file.
1/15/2010 10:46:12 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\665bef9080fab38a7f6c7d5732ebb9e7.exe" file.
1/15/2010 10:56:15 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\82a1c9c7ad7c97bdc551b54cc515f672.exe" file.
1/15/2010 10:56:19 AM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\8c106f7037b4793bda5e5499e88dcea4.exe" file.
1/15/2010 1:46:52 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\TEMP\9986b6dc77889191a3204c9325caddb8.exe" file.
1/15/2010 1:46:56 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\22a758d8a92e471fb0c10f2212bfad73.exe" file.
1/15/2010 3:16:09 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\Temp\004212a5f2739e19427dc7e30d677db1.exe" file.
1/15/2010 3:16:09 PM SYSTEM 928 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\22a758d8a92e471fb0c10f2212bfad73.exe" file.
1/15/2010 3:34:43 PM SYSTEM 480 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\TEMP\a9e8e63b450a319476ee736dc30d2646.exe" file.
1/17/2010 1:32:59 AM SYSTEM 960 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\22a758d8a92e471fb0c10f2212bfad73.exe" file.
1/17/2010 1:33:13 AM SYSTEM 960 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\22a758d8a92e471fb0c10f2212bfad73.exe" file.
1/19/2010 4:47:28 PM SYSTEM 1596 Sign of "JS:Pdfka-TW [Expl]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3QN1588L\oHffe2d4bbV0100f070006R0c4218b9102Tb4b4fca8201l0409K1d0eff1f317[1].pdf" file.
1/19/2010 5:17:52 PM SYSTEM 1596 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\22a758d8a92e471fb0c10f2212bfad73.exe" file.
1/19/2010 5:18:06 PM SYSTEM 1596 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\22a758d8a92e471fb0c10f2212bfad73.exe" file.
1/19/2010 5:18:09 PM SYSTEM 1596 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\22a758d8a92e471fb0c10f2212bfad73.exe" file.
1/19/2010 5:18:12 PM SYSTEM 1596 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\22a758d8a92e471fb0c10f2212bfad73.exe" file.
1/19/2010 5:18:33 PM SYSTEM 1596 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\My Documents\22a758d8a92e471fb0c10f2212bfad73.exe" file.
Lasthar
Regular Member
 
Posts: 20
Joined: January 12th, 2010, 9:04 pm
Location: Michigan

Re: Got a virus. Win32:Malware-gen

Unread postby deltalima » January 21st, 2010, 7:22 am

Hi Lasthar,

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Malwarebytes Anti-Malware:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Got a virus. Win32:Malware-gen

Unread postby Lasthar » January 21st, 2010, 7:53 am

HERE YOU GO MY LOVE






Malwarebytes' Anti-Malware 1.44
Database version: 3607
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/21/2010 6:48:28 AM
mbam-log-2010-01-21 (06-48-28).txt

Scan type: Quick Scan
Objects scanned: 114201
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lastmon.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\apar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ae17dd77-e0f3-44dd-8cba-1ebce6b5ed55} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4cbcc4e2-073c-4109-a719-458d8cf9900e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{506cd401-5203-4b27-bb5a-03c97758fd02} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{506cd401-5203-4b27-bb5a-03c97758fd02} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{506cd401-5203-4b27-bb5a-03c97758fd02} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\parttimeb (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows firevall control c (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Perfect Optimizer (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Application (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FullBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Temp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\lastmon.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Perfect Optimizer\PerfectOptimizer.ini (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
Lasthar
Regular Member
 
Posts: 20
Joined: January 12th, 2010, 9:04 pm
Location: Michigan

Re: Got a virus. Win32:Malware-gen

Unread postby deltalima » January 21st, 2010, 3:11 pm

Hi Lasthar,

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply

Please reboot your computer.

Please now run another OTL scan and post both logs in your next reply along with the log from the Kaspersky scan.

Please also let me know if the AVAST virus warning have stopped since running the Malwarebytes scan.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Got a virus. Win32:Malware-gen

Unread postby Lasthar » January 21st, 2010, 8:47 pm

Hello my friend. Here are the logs you asked for.

And about the Avast! warnings. They have stopped and I noticed that in My Documents the .exe file is gone, as well as the one in the Temp folder.


Kaspersky


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, January 21, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, January 21, 2010 21:45:36
Records in database: 3355350
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no

Scan area - My Computer:
A:\
C:\
D:\
F:\

Scan statistics:
Objects scanned: 107631
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:19:18


File name / Threat / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\WINDOWS\127.0.0.1 activate.adobe.com Infected: Trojan.Win32.Qhost.cm 1

Selected area has been scanned.



OTL



OTL logfile created on: 1/21/2010 7:34:00 PM - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Owner\Desktop\Anti Virus Shit
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 852.59 Gb Free Space | 91.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPER-ABE66CE06
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Local Settings\Temp\jkos-Owner\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Documents and Settings\Owner\Desktop\Anti Virus Shit\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Pixart\Pac207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\Anti Virus Shit\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)


========== Win32 Services (SafeList) ==========

SRV - (eaaacdaae) -- File not found
SRV - (adebdecebaeeefcbf) -- C:\WINDOWS\adebdecebaeeefcbf.exe ()
SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (NETGEAR, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-73586283-1547161642-839522115-1003\S-1-5-21-73586283-1547161642-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.4.0.4
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 15:36:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/28 20:49:27 | 00,000,000 | ---D | M]

[2008/01/04 16:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/27 16:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3cdw19y9.default\extensions
[2009/10/25 06:21:09 | 00,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3cdw19y9.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2008/01/04 15:59:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/15 15:36:51 | 00,119,312 | ---- | M] (none) -- C:\Program Files\Mozilla Firefox\components\efcfdcaedbbcbd.dll

O1 HOSTS File: ([2009/08/09 11:47:17 | 00,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\Pixart\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-73586283-1547161642-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-73586283-1547161642-839522115-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-73586283-1547161642-839522115-1003..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-73586283-1547161642-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage =
O7 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage =
O7 - HKU\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage =
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 9172879359 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/A ... tPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\1263074561902.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/17 10:25:25 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/21 06:43:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/01/21 06:43:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/21 06:43:20 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/21 06:43:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/21 06:43:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/20 15:14:21 | 00,000,000 | ---D | C] -- C:\Rooter$
[2010/01/20 14:42:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/19 05:23:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help
[2010/01/14 16:57:49 | 00,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/01/13 15:11:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/01/12 15:53:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/01/12 15:53:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Multi File Downloader
[2010/01/12 15:17:38 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/29 04:03:16 | 00,000,000 | ---D | C] -- C:\Program Files\Project64 1.6
[2009/12/28 20:48:08 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/12/28 20:47:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/12/28 20:46:06 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/12/28 20:46:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/12/23 10:40:04 | 00,000,000 | ---D | C] -- C:\Program Files\Activision
[2009/12/23 10:37:51 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/12/23 10:21:06 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/12/23 10:20:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009/12/23 10:20:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/16 19:36:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/16 10:52:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/16 10:52:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/01/21 19:31:15 | 00,000,039 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
[2010/01/21 19:30:08 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
[2010/01/21 12:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
[2010/01/21 06:55:55 | 00,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/21 06:55:55 | 00,462,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/21 06:55:55 | 00,078,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/21 06:51:23 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/21 06:51:09 | 00,095,263 | ---- | M] () -- C:\WINDOWS\System32\adebdecebaeeefcbf.dll
[2010/01/21 06:50:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/21 06:50:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/21 06:49:23 | 08,388,608 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/01/21 06:49:23 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/21 04:54:38 | 00,143,360 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 03:51:16 | 87,700,1032 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\clip0164.avi
[2010/01/20 00:17:52 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/01/19 05:25:31 | 00,000,110 | ---- | M] () -- C:\WINDOWS\GMouse.ini
[2010/01/19 03:39:36 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/19 01:34:58 | 07,847,758 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\sexy.mp3
[2010/01/19 01:24:57 | 05,552,462 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\DJ Khaled - We taking over (feat. Akon, Baby, Lil Wayne, Rick Ross & T.I.).mp3
[2010/01/17 03:13:54 | 00,014,518 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\blue.jpg
[2010/01/16 03:01:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/15 15:37:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/15 15:29:33 | 00,223,264 | ---- | M] () -- C:\WINDOWS\adebdecebaeeefcbf.exe
[2010/01/15 10:50:46 | 00,246,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ghost-mouse-2-0.exe
[2010/01/14 16:57:57 | 00,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 23:08:36 | 00,508,094 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lolololol.html
[2010/01/05 23:34:33 | 42,318,649 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\katieeee.wmv
[2010/01/05 21:34:23 | 48,580,654 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\clip0163.avi
[2010/01/02 20:16:48 | 00,000,585 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mombot_CoD_4.cfg
[2010/01/02 20:06:30 | 00,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/01/02 20:06:21 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/01/02 20:06:21 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/12/30 16:43:57 | 00,000,072 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CoD 4.ini
[2009/12/29 08:52:40 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hi.lnk
[2009/12/29 08:48:53 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/12/23 12:19:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/12/23 12:12:59 | 00,001,881 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2009/12/23 10:45:36 | 00,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2009/12/23 10:45:13 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2009/12/23 10:44:42 | 00,000,319 | ---- | M] () -- C:\WINDOWS\game.ini
[2009/12/23 10:21:12 | 00,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/23 10:21:12 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk

========== Files Created - No Company Name ==========

[2010/01/21 03:33:46 | 87,700,1032 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\clip0164.avi
[2010/01/19 05:15:07 | 00,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2010/01/17 03:13:51 | 00,014,518 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\blue.jpg
[2010/01/17 02:06:52 | 07,847,758 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\sexy.mp3
[2010/01/15 15:29:41 | 00,095,263 | ---- | C] () -- C:\WINDOWS\System32\adebdecebaeeefcbf.dll
[2010/01/15 15:29:35 | 00,223,264 | ---- | C] () -- C:\WINDOWS\adebdecebaeeefcbf.exe
[2010/01/15 10:50:38 | 00,246,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ghost-mouse-2-0.exe
[2010/01/14 16:57:57 | 00,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/01/06 23:08:36 | 00,508,094 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lolololol.html
[2010/01/05 23:27:28 | 42,318,649 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\katieeee.wmv
[2010/01/05 21:33:26 | 48,580,654 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\clip0163.avi
[2009/12/30 16:43:57 | 00,000,072 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CoD 4.ini
[2009/12/30 16:42:01 | 01,339,392 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CoD 4.dll
[2009/12/30 16:42:01 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CoD 4.exe
[2009/12/30 16:42:01 | 00,000,585 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Mombot_CoD_4.cfg
[2009/12/29 13:01:18 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ArtificialAiming-Radar-v2.6.exe
[2009/12/29 08:52:18 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hi.lnk
[2009/12/23 10:45:36 | 00,001,881 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2009/12/23 10:45:36 | 00,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2009/12/23 10:44:42 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/12/23 10:21:12 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/23 10:21:12 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2009/12/01 02:42:39 | 00,000,051 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2009/11/14 17:58:28 | 00,000,172 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\RSBot Accounts.ini
[2009/11/14 01:44:08 | 00,000,067 | ---- | C] () -- C:\WINDOWS\SpeedGear.INI
[2009/11/06 17:54:23 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/10/06 18:15:42 | 00,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/06 18:15:42 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2009/09/08 16:17:50 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/09 16:44:31 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2009/07/04 19:37:35 | 00,143,360 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/17 13:29:01 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/06/17 13:29:01 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/12/26 00:08:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/26 00:08:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/26 00:08:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/26 00:08:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 11:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 11:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/01 08:54:37 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/01 08:54:37 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
< End of report >




Extras




OTL Extras logfile created on: 1/21/2010 7:34:00 PM - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Owner\Desktop\Anti Virus Shit
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 852.59 Gb Free Space | 91.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPER-ABE66CE06
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe" = C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\Owner\My Documents\TeamViewer.exe" = C:\Documents and Settings\Owner\My Documents\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe" = C:\Program Files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3 -- ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\post.exe" = C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\post.exe:*:Enabled:Windows Firevall Control C -- File not found
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}" = CIF USB Camera
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAB2A3A6-6789-4260-9966-517498589AB5}" = ArcSoft PhotoImpression 5
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}" = Mu
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"avast!" = avast! Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Emoticon Maker" = Emoticon Maker
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"ie8" = Windows Internet Explorer 8
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Speed Gear_is1" = Speed Gear v6.0
"Steam App 13140" = America's Army 3
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"TeamViewer 5" = TeamViewer 5
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Voozie Maker" = Voozie Maker
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-73586283-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SwiftKit" = SwiftKit
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/12/2009 10:55:30 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ller/index failed, 0000A413.


Error - 11/13/2009 7:54:07 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ller/index failed, 0000A413.


Error - 11/14/2009 12:42:00 AM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ler/create failed,
0000A413.

Error - 11/14/2009 1:50:57 AM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ller/index failed, 0000A413.


Error - 11/14/2009 3:36:23 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ller/index failed, 0000A413.


Error - 11/14/2009 4:39:50 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ller/index failed, 0000A413.


Error - 11/14/2009 8:48:16 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.omgpop.com/api/pool?commands ... ler/search failed,
0000A413.

Error - 11/18/2009 5:41:24 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://users.conduit.com/iis2ebs.asp failed, 0000A413.

Error - 11/20/2009 5:59:06 AM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.youtube.com/get_video_info?& ... dtype=dclk
failed, 0000A413.

Error - 11/21/2009 9:54:23 PM | Computer Name = SUPER-ABE66CE06 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.youtube.com/get_video_info?& ... s&hl=en_US
failed, 0000A413.

[ Application Events ]
Error - 1/21/2010 8:33:11 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/21/2010 8:33:11 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/21/2010 8:33:11 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/21/2010 8:33:11 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/21/2010 8:33:11 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/21/2010 8:33:11 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/21/2010 8:33:11 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/21/2010 8:33:11 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/21/2010 8:33:11 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

Error - 1/21/2010 8:33:11 PM | Computer Name = SUPER-ABE66CE06 | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 1/21/2010 7:53:08 AM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/21/2010 7:56:32 AM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 1/21/2010 8:17:19 AM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/21/2010 6:50:27 PM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/21/2010 6:51:22 PM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/21/2010 7:51:30 PM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/21/2010 7:51:30 PM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/21/2010 7:57:20 PM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/21/2010 8:05:43 PM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 1/21/2010 8:31:28 PM | Computer Name = SUPER-ABE66CE06 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}


< End of report >
Lasthar
Regular Member
 
Posts: 20
Joined: January 12th, 2010, 9:04 pm
Location: Michigan

Re: Got a virus. Win32:Malware-gen

Unread postby deltalima » January 23rd, 2010, 1:45 pm

Hi Lasthar,

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\WINDOWS\adebdecebaeeefcbf.exe

Press Submit - this will submit the file for testing.

Please wait for all the scanners to finish then copy and paste the results from this scan into your next response.

Now please repeat this process and copy/paste
C:\WINDOWS\System32\adebdecebaeeefcbf.dll
and press Submit.

Please wait for all the scanners to finish then copy and paste the results from this scan into your next response.

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTLI
    SRV - (eaaacdaae) -- File not found
    SRV - (adebdecebaeeefcbf) -- C:\WINDOWS\adebdecebaeeefcbf.exe ()
    FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.4.0.4
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313
    [2010/01/15 15:36:51 | 00,119,312 | ---- | M] (none) -- C:\Program Files\Mozilla Firefox\components\efcfdcaedbbcbd.dll
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    [2010/01/21 12:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
    [2010/01/21 06:51:09 | 00,095,263 | ---- | M] () -- C:\WINDOWS\System32\adebdecebaeeefcbf.dll
    [2010/01/15 15:29:41 | 00,095,263 | ---- | C] () -- C:\WINDOWS\System32\adebdecebaeeefcbf.dll
    [2010/01/15 15:29:35 | 00,223,264 | ---- | C] () -- C:\WINDOWS\adebdecebaeeefcbf.exe
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Malwarebytes Anti-Malware:

  • Please run Malwarebytea Antimalware click on the Update Tab and then update
  • Click on the first tab and select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please post the OTL log and the Malwarebytes log along with the two scan results from Virustotal in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Got a virus. Win32:Malware-gen

Unread postby Lasthar » January 24th, 2010, 12:29 am

Here is the stuff you asked for in order


virus total

0 bytes size received / Se ha recibido un archivo vacio



virus total again
File adebdecebaeeefcbf.dll received on 2010.01.23 18:52:55 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 70 and 100 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:


Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.23 -
AhnLab-V3 5.0.0.2 2010.01.23 -
AntiVir 7.9.1.146 2010.01.22 -
Antiy-AVL 2.0.3.7 2010.01.22 -
Authentium 5.2.0.5 2010.01.23 -
Avast 4.8.1351.0 2010.01.23 -
AVG 9.0.0.730 2010.01.23 -
BitDefender 7.2 2010.01.23 -
CAT-QuickHeal 10.00 2010.01.22 -
ClamAV 0.94.1 2010.01.22 -
Comodo 3683 2010.01.23 -
DrWeb 5.0.1.12222 2010.01.23 -
eSafe 7.0.17.0 2010.01.21 -
eTrust-Vet 35.2.7255 2010.01.22 -
F-Prot 4.5.1.85 2010.01.23 -
F-Secure 9.0.15370.0 2010.01.23 -
Fortinet 4.0.14.0 2010.01.23 -
GData 19 2010.01.23 -
Ikarus T3.1.1.80.0 2010.01.23 -
Jiangmin 13.0.900 2010.01.23 -
K7AntiVirus 7.10.952 2010.01.22 -
Kaspersky 7.0.0.125 2010.01.23 -
McAfee 5870 2010.01.23 -
McAfee+Artemis 5870 2010.01.23 -
McAfee-GW-Edition 6.8.5 2010.01.23 -
Microsoft 1.5405 2010.01.23 -
NOD32 4800 2010.01.23 -
Norman 6.04.03 2010.01.23 -
nProtect 2009.1.8.0 2010.01.23 -
Panda 10.0.2.2 2010.01.23 -
PCTools 7.0.3.5 2010.01.23 -
Prevx 3.0 2010.01.23 -
Rising 22.31.04.04 2010.01.22 -
Sophos 4.50.0 2010.01.23 -
Sunbelt 3.2.1858.2 2010.01.23 -
Symantec 20091.2.0.41 2010.01.23 -
TheHacker 6.5.0.9.160 2010.01.23 -
TrendMicro 9.120.0.1004 2010.01.23 -
VBA32 3.12.12.1 2010.01.23 -
ViRobot 2010.1.23.2152 2010.01.23 -
VirusBuster 5.0.21.0 2010.01.23 -
Additional information
File size: 95263 bytes
MD5...: a98583d55ab818a74bdaa045b120e448
SHA1..: 76c298d6624cd8d45aa91ca343815395e9120254
SHA256: cdaac742ab6e60e360820c8fdb8690ba54872c984b648431f8256ba55ac4d959
ssdeep: 1536:leZRSiY9pvOHYPMMeOJEM6FM/eYfT1CMU9GeNCps9S4AIlMPxmvANeVj:8H
TPU/9VfhCMSG+8o8xmvANeVj

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xf36a
timedatestamp.....: 0x4b50cf61 (Fri Jan 15 20:26:09 2010)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xfcac 0xfe00 6.00 df429565a143b989f40b7d53314cd569
.rdata 0x11000 0x5103 0x5200 6.33 9981b61344708f3556a26a3c0589e11f
.data 0x17000 0x79c 0x800 4.13 3f4b245dfabb8c1c762f7376dcae4527
.rsrc 0x18000 0x368 0x400 2.83 ff48bd1d86e9568c4864e21fbdc9ff1b
.reloc 0x19000 0x13e2 0x1400 5.75 d8af67e4d7a8964dc48f7ff28f67e42c

( 7 imports )
> KERNEL32.dll: ResetEvent, lstrcmpW, lstrlenW, GetLocalTime, GetModuleFileNameW, GetWindowsDirectoryW, WideCharToMultiByte, MultiByteToWideChar, GetTempPathW, GetSystemInfo, GetVersionExW, CreateProcessW, DisableThreadLibraryCalls, lstrcpynW, DeleteFileW, MoveFileExW, SetFileAttributesW, GetFileSize, WriteFile, ReadFile, CreateFileW, FormatMessageW, LocalAlloc, lstrcpyW, LocalFree, GetLastError, SetEvent, lstrlenA, CreateThread, CreateEventW, WaitForSingleObject, Sleep, CancelWaitableTimer, CloseHandle, CreateWaitableTimerW, SetWaitableTimer, GetComputerNameW
> USER32.dll: wsprintfW, GetSystemMetrics, wsprintfA
> ADVAPI32.dll: RegEnumKeyExW, RegQueryInfoKeyW, RegCloseKey, RegSetValueExA, RegSetValueExW, RegQueryValueExA, RegQueryValueExW, RegCreateKeyExW, LogonUserW, ImpersonateLoggedOnUser
> WININET.dll: InternetCloseHandle, InternetOpenW, InternetReadFile, HttpQueryInfoW, HttpSendRequestW, InternetCrackUrlW, InternetConnectW, HttpOpenRequestW
> SHLWAPI.dll: StrChrW, StrToIntW, StrRChrW, StrStrW
> MSVCRT.dll: _adjust_fdiv, malloc, _initterm, free, __1type_info@@UAE@XZ, _onexit, __dllonexit, _CxxThrowException, strlen, strchr, memset, memcpy, _lrotr, _lrotl, __3@YAXPAX@Z, __CxxFrameHandler, __2@YAPAXI@Z
> MSVCP60.dll: _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __0_Lockit@std@@QAE@XZ, __1_Lockit@std@@QAE@XZ, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ

( 1 exports )
ss

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....:
copyright....: Copyright ExTeam (c) 2009
product......:
description..: MyFile ext
original name: mext.dll
internal name:
file version.: 4, 1, 6, 1787
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned

OTL




Error: Unable to interpret <:OTLI> in the current context!
Error: Unable to interpret <SRV - (eaaacdaae) -- File not found> in the current context!
Error: Unable to interpret <SRV - (adebdecebaeeefcbf) -- C:\WINDOWS\adebdecebaeeefcbf.exe ()> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.4.0.4> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.1.313> in the current context!
Error: Unable to interpret <[2010/01/15 15:36:51 | 00,119,312 | ---- | M] (none) -- C:\Program Files\Mozilla Firefox\components\efcfdcaedbbcbd.dll> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1 activate.adobe.com> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <[2010/01/21 12:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job> in the current context!
Error: Unable to interpret <[2010/01/21 06:51:09 | 00,095,263 | ---- | M] () -- C:\WINDOWS\System32\adebdecebaeeefcbf.dll> in the current context!
Error: Unable to interpret <[2010/01/15 15:29:41 | 00,095,263 | ---- | C] () -- C:\WINDOWS\System32\adebdecebaeeefcbf.dll> in the current context!
Error: Unable to interpret <[2010/01/15 15:29:35 | 00,223,264 | ---- | C] () -- C:\WINDOWS\adebdecebaeeefcbf.exe> in the current context!

OTL by OldTimer - Version 3.1.25.2 log created on 01232010_202821





MALWARE BYES



Malwarebytes' Anti-Malware 1.44
Database version: 3622
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/23/2010 11:26:46 PM
mbam-log-2010-01-23 (23-26-46).txt

Scan type: Quick Scan
Objects scanned: 123611
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Lasthar
Regular Member
 
Posts: 20
Joined: January 12th, 2010, 9:04 pm
Location: Michigan
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 355 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware