GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-14 00:24:05
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT pxfsf.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwDeleteFile
SSDT pxfsf.sys ZwDeleteKey
SSDT pxfsf.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT pxfsf.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwReplaceKey
SSDT pxfsf.sys ZwRestoreKey
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetValueKey
SSDT pxfsf.sys ZwSystemDebugControl
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwWriteFile
---- Kernel code sections - GMER 1.0.13 ----
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified.
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified.
---- User code sections - GMER 1.0.13 ----
.text C:\Program Files\AIM\aim.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 01522093 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01522A1B C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 015240EE C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 015224C7 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 01523EC5 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!ReleaseDC 77D4869D 5 Bytes JMP 0152330A C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!GetDC 77D486C7 5 Bytes JMP 015230E6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!PostMessageW 77D48CCB 5 Bytes JMP 01523653 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!GetWindowDC 77D49021 5 Bytes JMP 01522CEF C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SendMessageW 77D4B8BA 1 Byte [ E9 ]
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SendMessageW + 2 77D4B8BC 3 Bytes [ 7F, 7D, 89 ]
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!PostMessageA 77D4CB85 5 Bytes JMP 015235E0 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!GetWindowTextW 77D4CDB6 7 Bytes JMP 01523D53 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SetWindowLongA 77D4D60D 5 Bytes JMP 015235AB C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!GetAsyncKeyState 77D4E655 5 Bytes JMP 01523F34 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 01522788 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SendMessageA 77D5F39A 5 Bytes JMP 015236C6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SetWindowWord 77D603B3 5 Bytes JMP 01523576 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SetClipboardViewer 77D6044B 5 Bytes JMP 01523AB7 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 0152263E C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] USER32.dll!GetWindowTextA 77D6213C 7 Bytes JMP 01523BD6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] GDI32.dll!BitBlt 77F16FB2 5 Bytes JMP 015233A6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] GDI32.dll!StretchDIBits 77F1B06F 5 Bytes JMP 015234E0 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] GDI32.dll!CreateDCA 77F1B251 5 Bytes JMP 01522F10 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] GDI32.dll!StretchBlt 77F1BAF2 5 Bytes JMP 0152344C C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] GDI32.dll!CreateDCW 77F1BE91 5 Bytes JMP 01522FFB C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\AIM\aim.exe[1068] ADVAPI32.dll!StartServiceW 77DEBBAC 7 Bytes JMP 01522252 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[1600] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\iPod\bin\iPodService.exe[1764] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10002093 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 10002A1B C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 100040EE C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 100024C7 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 10003EC5 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!ReleaseDC 77D4869D 5 Bytes JMP 1000330A C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!GetDC 77D486C7 5 Bytes JMP 100030E6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!PostMessageW 77D48CCB 5 Bytes JMP 10003653 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!GetWindowDC 77D49021 5 Bytes JMP 10002CEF C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SendMessageW 77D4B8BA 1 Byte [ E9 ]
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SendMessageW + 2 77D4B8BC 3 Bytes [ 7F, 2B, 98 ]
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!PostMessageA 77D4CB85 5 Bytes JMP 100035E0 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!GetWindowTextW 77D4CDB6 7 Bytes JMP 10003D53 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SetWindowLongA 77D4D60D 5 Bytes JMP 100035AB C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!GetAsyncKeyState 77D4E655 5 Bytes JMP 10003F34 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 10002788 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SendMessageA 77D5F39A 5 Bytes JMP 100036C6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SetWindowWord 77D603B3 5 Bytes JMP 10003576 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SetClipboardViewer 77D6044B 5 Bytes JMP 10003AB7 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 1000263E C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] USER32.dll!GetWindowTextA 77D6213C 7 Bytes JMP 10003BD6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] GDI32.dll!BitBlt 77F16FB2 5 Bytes JMP 100033A6 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] GDI32.dll!StretchDIBits 77F1B06F 5 Bytes JMP 100034E0 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] GDI32.dll!CreateDCA 77F1B251 5 Bytes JMP 10002F10 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] GDI32.dll!StretchBlt 77F1BAF2 5 Bytes JMP 1000344C C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] GDI32.dll!CreateDCW 77F1BE91 5 Bytes JMP 10002FFB C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\WINDOWS\system32\wscntfy.exe[1832] ADVAPI32.dll!StartServiceW 77DEBBAC 7 Bytes JMP 10002252 C:\Program Files\Anti Keylogger Elite\ateap.DLL
.text C:\Program Files\GMER\gmer.exe[1960] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\wuauclt.exe[2424] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[2440] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\conime.exe[3240] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\explorer.exe[3648] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F748AC00] pxfsf.sys
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [B66D5E42] AKEProtect.sys
Device \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ [B66D5E42] AKEProtect.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F748AC00] pxfsf.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F748AC00] pxfsf.sys
---- EOF - GMER 1.0.13 ----
--------------------------------
for the totalscan should i click on " disinfect" ?
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-14 00:25:56
PROTECTIONS: 1
MALWARE: 56
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan 4.4 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\savenow
00032710 adware/transponder Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\abi-1
00032724 adware/portalscan Adware No 0 Yes No c:\windows\system32\winupdt.bin
00032724 adware/portalscan Adware No 0 Yes No c:\windows\system32\winupdt.008
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install.1
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install
00042191 adware/ist.yoursitebar Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\yoursitebar
00047993 adware/powerscan Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\power scan
00117113 adware/neededware Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{17B8B110-FD82-4A50-9A46-328BB50C6CA4}
00117113 adware/neededware Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{84564147-251A-4F06-8FC5-8AE36B3A55AB}
00117113 adware/neededware Adware No 1 Yes No hkey_classes_root\clsid\{84564147-251a-4f06-8fc5-8ae36b3a55ab}
00117113 adware/neededware Adware No 1 Yes No hkey_classes_root\clsid\{17b8b110-fd82-4a50-9a46-328bb50c6ca4}
00117113 adware/neededware Adware No 1 Yes No hkey_local_machine\software\ndwserv030105
00132447 adware program Adware No 0 Yes No c:\windows\system32\log.~
00132447 adware program Adware No 0 Yes No c:\windows\system32\key.~
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.atdmt.com/]
00144867 Adware/Exact.BargainBuddy Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007498.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.mediaplex.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@belnk[1].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@dist.belnk[2].txt
00164527 Adware/Neededware Adware No 1 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007501.dll
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Cookies\jason@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.bs.serving-sys.com/]
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@888[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Cookies\jason@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.zedo.com/]
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@888[1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@cassava[1].txt
00179624 Trj/Downloader.CZM Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007502.dll
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Cookies\jason@bravenet[2].txt
00193207 Adware/Look2Me Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Windows Media Player\wmplayer.exe.tmp.vir
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.go.com/]
00204758 Application/MyWay HackTools No 0 Yes No C:\WINDOWS\Downloaded Program Files\s4initialsetup1.0.0.7.inf
00219061 Adware/Adtomi Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007499.dll
00224718 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe[2search.dll]
00225945 adware/enhancemsearch Adware No 0 Yes No c:\windows\searchen.dat
00237571 Adware/Adtomi Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007500.dll
00256489 Adware/Adtomi Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007494.sys
00256489 Adware/Adtomi Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007493.sys
00261183 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe[uninstall.exe]
00261184 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe[main.exe]
00261185 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe[get.exe]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Cookies\jason@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt[.atwola.com/]
00267678 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007505.exe[the007guard.ocx]
00267679 Adware/2Search Adware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007505.exe[the007installer.exe]
00437692 Generic Adware Spyware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007503.dll
00437692 Generic Adware Spyware No 0 No No C:\QooBox\Quarantine\C\Documents and Settings\Jason\Desktop\Azureus_2.3.0.4_Win32.setup.exe.vir[DLP.dll]
00437692 Generic Adware Spyware No 0 No No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP20\A0007581.exe[DLP.dll]
00778774 Adware/DealHelper Adware No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007492.exe
00895678 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007497.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP17\A0007473.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007508.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP19\A0007543.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP19\A0007575.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Jason\Desktop\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Jason\Desktop\ComboFix.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP20\A0007600.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP21\A0007618.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP22\A0007659.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
01649856 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Jason\My Documents\Unzipped\aefdisk32v11\aefdisk32.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================