Jump to content

china423

Honorary Members
  • Posts

    33
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ComboFix 12-02-13.01 - Bob 02/16/2012 8:52.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.488 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 ))))))))))))))))))))))))))))))) . . 2012-01-28 18:46 . 2012-01-28 18:46 -------- d-----w- c:\program files\MapsGalaxy_39 2012-01-27 03:04 . 2012-02-01 15:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-27 03:04 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-26 03:31 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-26 03:31 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-26 03:31 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-26 03:31 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-16 14:39 . 2011-05-30 13:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-28 18:01 . 2010-07-18 16:21 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-02-14 14:40 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-05-21 02:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-02-14 14:40 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2010-02-14 14:40 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-02-14 14:40 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-02-14 14:40 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2010-02-14 14:40 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2010-02-14 14:40 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2010-02-14 14:40 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-25 21:57 . 2007-01-15 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2007-01-15 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2007-10-15 02:20 . 2007-10-15 02:18 827024 -c--a-w- c:\program files\PhotoGreetingCards.exe 2007-10-13 16:42 . 2007-10-13 16:41 1394568 -c--a-w- c:\program files\install_easyshare.exe 2007-08-14 15:38 . 2008-08-05 14:00 1075536 -c--a-w- c:\program files\Common Files\RegCure 1.5.0.0 Trial.exe 2011-12-21 07:24 . 2011-09-28 05:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 -csha-r- c:\windows\system32\flvDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^SocialButterfly.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\SocialButterfly.lnk backup=c:\windows\pss\SocialButterfly.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 00:43 69632 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 18:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 18:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-18 19:24 136176 ----atw- c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 -c--a-w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe] 2005-01-18 14:35 196608 ----a-w- c:\program files\Lexmark 6200 Series\lxbumon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 23:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-16 19:01 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-16 19:01 1630208 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib] 2011-03-11 21:17 93360 ----a-w- c:\program files\Olympus\ib\olycamdetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] 2005-05-09 23:16 192512 -c--a-w- c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-28 01:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-22 19:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd] 2003-09-19 15:09 36864 ----a-w- c:\windows\ShowWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] 2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\lxbucoms.exe"= "c:\windows\system32\bepinceu.exe"= c:\windows\system32\bep "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20286:TCP"= 20286:TCP:20286 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2007 1:48 PM 639224] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/20/2011 8:10 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2010 8:40 AM 314456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2010 8:40 AM 20568] R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/27/2010 9:36 AM 176408] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S3 IPOD2CAR;ipod2car.sys driver;c:\windows\system32\drivers\ipod2car.sys [9/18/2010 7:28 AM 49408] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/25/2010 1:55 AM 11520] . Contents of the 'Scheduled Tasks' folder . 2012-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . 2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job - c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-22 19:24] . 2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Translate with &Babylon TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-16 09:03 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\0\win32] @DACL=(02 0000) @="c:\\Program Files\\Gamevance\\gvtl.dll" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:bb,3c,96,44,5a,b7,f4,b9,2c,3c,c2,e2,00,34,a6,ea,d3,84,97,35,0f, 47,9b,c3,05,b3,60,5b,99,d8,4c,a8,22,bd,9f,f7,21,94,3d,11,84,ad,af,be,ed,d5,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2712) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-02-16 09:08:41 ComboFix-quarantined-files.txt 2012-02-16 15:08 . Pre-Run: 158,213,779,456 bytes free Post-Run: 159,402,364,928 bytes free . - - End Of File - - F189AFA2A42FEA83E4C09066A79C273B
  2. I tried but it said I'm not permitted to upload this kind of file here...
  3. I can't get rid of that browser hijacker.deskbar. It keeps coming back after scanning, removing, then rebooting. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/08/2012 at 09:19 PM Application Version : 5.0.1144 Core Rules Database Version : 8203 Trace Rules Database Version: 6015 Scan type : Quick Scan Total Scan Time : 00:10:13 Operating System Information Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 486 Memory threats detected : 0 Registry items scanned : 30179 Registry threats detected : 4 File items scanned : 8389 File threats detected : 1 Browser Hijacker.Deskbar HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10} HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32 Adware.Tracking Cookie C:\Documents and Settings\Bob\Cookies\4AEAOK08.txt [ /accounts.google.com ]
  4. Sorry for the delay: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/08/2012 at 12:49 PM Application Version : 5.0.1144 Core Rules Database Version : 8203 Trace Rules Database Version: 6015 Scan type : Complete Scan Total Scan Time : 01:08:02 Operating System Information Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 475 Memory threats detected : 0 Registry items scanned : 36940 Registry threats detected : 4 File items scanned : 47577 File threats detected : 28 Browser Hijacker.Deskbar HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10} HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32 Adware.Tracking Cookie C:\Documents and Settings\Bob\Cookies\QZ9BJKU5.txt [ /revsci.net ] C:\Documents and Settings\Bob\Cookies\YIJV38CA.txt [ /accounts.google.com ] C:\Documents and Settings\Bob\Cookies\F4BTWEFR.txt [ /adinterax.com ] C:\Documents and Settings\Bob\Cookies\5VFPKBYP.txt [ /liveperson.net ] C:\Documents and Settings\Bob\Cookies\G3RQKJ3D.txt [ /liveperson.net ] C:\Documents and Settings\Bob\Cookies\VJ1NPC5N.txt [ /collective-media.net ] C:\Documents and Settings\Bob\Cookies\5HPVYLNQ.txt [ /invitemedia.com ] C:\Documents and Settings\Bob\Cookies\1C2YNZ44.txt [ /gostats.com ] C:\Documents and Settings\Bob\Cookies\FA5S6LCM.txt [ /liveperson.net ] C:\Documents and Settings\Bob\Cookies\6N5H79BY.txt [ /accounts.google.com ] C:\Documents and Settings\Bob\Cookies\VQF2JHQV.txt [ /ad.wsod.com ] C:\Documents and Settings\Bob\Cookies\IDZTG6NV.txt [ /partners.fireclickmedia.com ] C:\Documents and Settings\Bob\Cookies\ZV2POVPV.txt [ /tacoda.at.atwola.com ] C:\Documents and Settings\Bob\Cookies\YFGKO3OO.txt [ /a1.interclick.com ] C:\Documents and Settings\Bob\Cookies\NUCB6BLO.txt [ /adserver.adtechus.com ] C:\Documents and Settings\Bob\Cookies\8VE213BE.txt [ /yieldmanager.net ] C:\Documents and Settings\Bob\Cookies\2W1ZBBCJ.txt [ /server.iad.liveperson.net ] C:\Documents and Settings\Bob\Cookies\BLCBEY9H.txt [ /ad.yieldmanager.com ] C:\Documents and Settings\Bob\Cookies\57U8PI9Z.txt [ /sales.liveperson.net ] C:\Documents and Settings\Bob\Cookies\P450U2FZ.txt [ /media6degrees.com ] C:\Documents and Settings\Bob\Cookies\AQIRFBRZ.txt [ /liveperson.net ] C:\Documents and Settings\Bob\Cookies\JIGV5TCZ.txt [ /questionmarket.com ] C:\Documents and Settings\Bob\Cookies\7C568JPA.txt [ /adbrite.com ] C:\Documents and Settings\Bob\Cookies\DXQGZ9DX.txt [ /interclick.com ] C:\Documents and Settings\Bob\Cookies\9FADQ7UQ.txt [ /sales.liveperson.net ] C:\Documents and Settings\Bob\Cookies\G7W4EJ7M.txt [ /akamai.interclickproxy.com ] C:\Documents and Settings\Bob\Cookies\7TB2W97B.txt [ /at.atwola.com ] Trojan.Agent/Gen-FunWeb C:\SYSTEM VOLUME INFORMATION\_RESTORE{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1228\A0297502.DLL
  5. And I just started scanning again with superantispyware and already its detected browserhijacker.deskbar again ;(
  6. It's running better, but it's still slow. I think it's just because it's an older computer. Thanks for all your help. I greatly appreciate it!!!
  7. All processes killed ========== COMMANDS ========== Restore points cleared and new OTL Restore Point set! [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users ->Flash cache emptied: 0 bytes User: Bob ->Temp folder emptied: 427008 bytes ->Temporary Internet Files folder emptied: 24388526 bytes ->Java cache emptied: 19774 bytes ->FireFox cache emptied: 76294966 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 1517 bytes User: Darlene ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Owner User: OWNER~1~YOU %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 664 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 97.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 02012012_184217 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Bob\Local Settings\Temp\~DF5649.tmp not found! File\Folder C:\Documents and Settings\Bob\Local Settings\Temp\~DF566A.tmp not found! File\Folder C:\Documents and Settings\Bob\Local Settings\Temp\~DF57DB.tmp not found! File\Folder C:\Documents and Settings\Bob\Local Settings\Temp\~DF57F0.tmp not found! C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\FP2TYULB\fastbutton[2].htm moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\FP2TYULB\index[4].php moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\4A3T2TEN\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
  8. OTL logfile created on: 2/1/2012 AM 11:42:02 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bob\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 895.36 Mb Total Physical Memory | 376.59 Mb Available Physical Memory | 42.06% Memory free 2.11 Gb Paging File | 1.76 Gb Available in Paging File | 83.17% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 181.89 Gb Total Space | 142.87 Gb Free Space | 78.55% Space Free | Partition Type: NTFS Drive D: | 4.40 Gb Total Space | 1.45 Gb Free Space | 32.95% Space Free | Partition Type: FAT32 Computer Name: YOUR-C8A2EC5BC2 | User Name: Bob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/27 14:56:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2010/09/27 09:36:24 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/01/15 17:29:44 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS PRC - [2006/02/17 09:35:42 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2006/02/17 09:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe PRC - [2004/05/17 18:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe ========== Modules (No Company Name) ========== MOD - [2012/02/01 02:10:15 | 001,697,280 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12020100\algo.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2006/02/17 09:17:08 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll MOD - [2006/02/17 09:17:08 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll MOD - [2006/02/17 09:17:08 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so MOD - [2004/09/14 07:42:04 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbuPP5C.DLL MOD - [2004/08/24 14:22:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL MOD - [2004/07/29 11:36:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 6200 Series\lxbucnv4.dll MOD - [2004/05/17 18:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe MOD - [2001/07/02 20:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2010/09/27 09:36:24 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted) SRV - [2010/04/02 20:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/01/15 17:29:44 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL) SRV - [2006/02/17 09:35:42 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2006/02/17 09:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface) SRV - [2004/09/23 11:58:02 | 000,450,560 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbucoms.exe -- (lxbu_device) ========== Driver Services (SafeList) ========== DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/07/12 12:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010/03/02 12:44:28 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/02/13 13:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2007/03/23 13:48:49 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2007/01/17 20:59:14 | 000,049,408 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipod2car.sys -- (IPOD2CAR) DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2006/04/24 16:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2006/02/17 10:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006/02/17 10:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/01/07 19:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt) DRV - [2004/06/17 16:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2004/06/17 16:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/06/17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2002/04/25 08:44:40 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - [2001/08/17 07:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@olympus-imaging.jp/npIbInst: C:\Program Files\OLYMPUS\ib Utilities\Firefox Plugin\npIbInst.dll (OLYMPUS IMAGING CORP.) FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/11/21 14:53:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin [2012/02/01 10:14:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/25 21:31:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/28 08:56:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/09/28 08:38:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2011/11/30 18:05:54 | 000,000,000 | ---D | M] [2010/10/16 10:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions [2010/10/16 10:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2012/01/28 12:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\extensions [2010/10/28 18:50:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/01/28 12:46:22 | 000,000,000 | ---D | M] (MapsGalaxy) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\extensions\39ffxtbr@MapsGalaxy_39.com [2010/10/16 10:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Sunbird\Profiles\cjuebd86.default\extensions [2012/01/25 21:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007/10/24 20:16:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/11/11 14:55:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash [2007/11/29 23:23:37 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2010/11/19 17:43:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2009/11/16 10:07:41 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png [2009/11/16 10:07:41 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml [2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\ O1 HOSTS File: ([2012/01/31 18:27:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {669C4C34-7457-4490-A642-A2ED3BF3BBBE} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe () O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O8 - Extra context menu item: Translate with &Babylon - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/OneClickFix/tgctlsr.cab (SupportSoft Script Runner Class) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Reg Error: Key error.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217949355452 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by120fd.bay120.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05BB7396-D8BA-4D52-BAF8-8A97A6D6B493}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/10/27 19:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [CLEARALLRESTOREPOINTS] Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/02/01 09:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/01/28 12:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\MapsGalaxy_39 [2012/01/28 12:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\MapsGalaxy_39EI [2012/01/28 12:07:58 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/01/28 12:05:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/01/28 12:05:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/01/28 12:05:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/01/28 12:05:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/01/28 12:05:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/01/28 11:58:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/01/28 11:55:29 | 004,393,886 | R--- | C] (Swearware) -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe [2012/01/28 08:56:33 | 000,000,000 | ---D | C] -- C:\_OTL [2012/01/27 14:56:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe [2012/01/27 14:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\tdsskiller [2012/01/26 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/26 21:04:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/01/26 21:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/01/26 20:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy [2012/01/26 18:50:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bob\Recent [2008/08/05 08:00:41 | 001,075,536 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\Common Files\RegCure 1.5.0.0 Trial.exe ========== Files - Modified Within 30 Days ========== [2012/02/01 11:45:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job [2012/02/01 11:44:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job [2012/02/01 09:35:50 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/02/01 09:34:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/01 09:34:37 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys [2012/01/31 18:27:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/01/31 18:05:03 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job [2012/01/31 16:57:15 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\SystemLook.exe [2012/01/31 08:08:37 | 004,393,886 | R--- | M] (Swearware) -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe [2012/01/28 16:33:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job [2012/01/28 12:08:03 | 000,000,312 | RHS- | M] () -- C:\boot.ini [2012/01/27 14:56:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe [2012/01/27 09:47:19 | 000,000,195 | ---- | M] () -- C:\Boot.bak [2012/01/26 18:39:46 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/01/26 18:13:28 | 000,183,958 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/01/26 18:04:29 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/26 18:04:29 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/25 21:31:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012/01/31 16:57:14 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\SystemLook.exe [2012/01/28 12:25:13 | 000,001,413 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Conference.lnk [2012/01/28 12:25:13 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Windows Media Player.lnk [2012/01/28 12:25:13 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\NoAdware.lnk [2012/01/28 12:08:03 | 000,000,195 | ---- | C] () -- C:\Boot.bak [2012/01/28 12:08:02 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/01/28 12:05:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/01/28 12:05:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/01/28 12:05:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/01/28 12:05:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/01/28 12:05:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/04/19 09:58:43 | 000,174,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/04/24 17:24:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat [2010/04/24 17:24:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2010/03/11 17:15:56 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe [2010/03/11 17:15:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe [2010/03/11 17:15:55 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll [2010/02/20 17:32:35 | 000,074,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/09/19 09:00:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/03/10 13:15:05 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/07 22:30:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/03/07 10:43:31 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI [2008/02/09 14:17:59 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2008/01/23 22:34:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini [2007/11/29 20:36:43 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2007/10/24 20:15:33 | 000,004,564 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007/10/14 20:18:06 | 000,827,024 | ---- | C] () -- C:\Program Files\PhotoGreetingCards.exe [2007/10/13 10:41:51 | 001,394,568 | ---- | C] () -- C:\Program Files\install_easyshare.exe [2007/04/23 02:09:35 | 000,001,948 | ---- | C] () -- C:\WINDOWS\tabled32.ini [2007/04/06 19:56:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2007/04/06 19:56:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2007/04/06 19:56:39 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2007/04/06 19:56:39 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2007/03/23 02:17:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2007/03/22 18:38:28 | 000,007,172 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007/02/21 11:01:31 | 000,000,121 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2007/02/21 11:01:05 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll [2007/02/21 11:01:05 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2007/02/18 23:13:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini [2007/01/22 01:29:09 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\keyreader.ini [2007/01/21 23:24:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/01/21 23:05:05 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe [2007/01/21 23:05:05 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe [2007/01/21 23:05:05 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe [2007/01/21 23:05:04 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe [2007/01/21 23:05:04 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2007/01/21 23:05:03 | 000,845,312 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll [2007/01/19 20:55:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL [2007/01/19 20:55:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL [2007/01/15 20:44:00 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/01/15 19:41:18 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007/01/15 19:22:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll [2007/01/15 19:08:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe [2007/01/15 17:45:07 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2007/01/15 17:45:07 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe [2007/01/15 17:42:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007/01/15 17:39:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat [2007/01/15 17:37:55 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe [2007/01/15 17:36:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/01/15 17:00:22 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007/01/15 17:00:06 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2007/01/15 17:00:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2007/01/15 17:00:01 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2007/01/15 16:59:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2007/01/15 16:59:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2007/01/15 16:59:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2007/01/15 16:59:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2007/01/15 16:58:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2007/01/15 16:57:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/03 20:23:20 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll [2006/02/03 20:23:04 | 000,272,384 | ---- | C] () -- C:\WINDOWS\System32\oecom.dll [2006/02/03 20:22:40 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\oeapiinitcom.dll [2005/12/05 08:58:18 | 000,251,392 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll [2005/10/29 23:41:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2005/10/29 23:40:59 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005/10/29 23:40:59 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2005/10/29 23:40:58 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005/10/29 23:40:57 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2005/10/29 23:40:57 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/10/29 23:40:56 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2005/10/29 23:40:56 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005/10/29 23:40:54 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2005/10/29 23:40:54 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2004/10/28 11:47:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/10/27 20:43:40 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe [2004/10/27 19:24:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/10/27 19:14:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/10/27 18:53:07 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/10/27 18:53:07 | 000,000,502 | ---- | C] () -- C:\WINDOWS\System32\emver.ini [2004/10/27 18:52:06 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/10/27 18:52:06 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/10/27 12:07:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/10/27 12:06:55 | 000,356,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2002/05/15 11:13:20 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\SipCal.dll [1999/09/17 19:12:54 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\Seqcal.sys ========== Custom Scans ========== < Commands > < [EMPTYTEMP] > < > < End of report >
  9. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b89a892e30eb8b42b445d40f4c06b0c0 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-01 05:02:37 # local_time=2012-02-01 11:02:37 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=770 16774141 100 100 0 263470698 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=159372 # found=315 # cleaned=315 # scan_time=4611 C:\Program Files\MapsGalaxy_39\bar\1.bin\39datact.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\MapsGalaxy_39\bar\1.bin\39html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\MapsGalaxy_39\bar\1.bin\39htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\MapsGalaxy_39\bar\1.bin\39ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\MapsGalaxy_39\bar\1.bin\39Plugin.dll probably a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\MapsGalaxy_39\bar\1.bin\39skin.dll a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system\ntp2.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system\ntp2.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system\ntp2.tmp.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\dccdd.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\dfhjl.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\fehkj.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\fghhk.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\ghhjl.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\ghhjl.bak2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\noqss.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\oopoq.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\oopoq.bak2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\opppo.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\prsru.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\qqpoq.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\stwvw.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\stwvw.bak2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\tvvut.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\uxabc.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\vxxbc.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\xyxyb.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1221\A0295871.exe Win32/Etap virus (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1222\A0296285.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1222\A0296393.exe a variant of Win32/Toolbar.MyWebSearch.O application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1222\A0296395.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1222\A0296396.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1222\A0296397.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297130.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297131.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297132.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297133.dll probably a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297134.dll probably a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{348DB8EC-73A3-48FB-ADE8-4BD3BBE539B1}\RP1224\A0297135.dll a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\abhumqem.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\agnrxfgk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\agwstcoa.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\aqfagfom.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\aqqkrlon.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\arjbuhvy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\asvaauqv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\auctwkrc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\aysdqvet.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bceuuier.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bdovsjff.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bhekxgeb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bhiipcoq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bjyacrcx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\blobvstm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bpytumii.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\bttjooum.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cbfyqmvq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cbhqktqh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ccfrlqoq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cgbabjku.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\chhwcswr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ciwwjuay.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cjytiyyr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\clhjjiir.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\coaxteif.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cyflbiij.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\cylcstxl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dakisohx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dbgdyspw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dccdd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ddbejrcb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dekxdrxq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dfhjl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dictpoxw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\djhotuvm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dlublssg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dnyrywnn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\drbghhwv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dtsedqrt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\dvpfdovd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\eetdcwmp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\efagiakr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\efaynysf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ehlcbmog.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\epiolhxc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\eqswqxba.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\escntqxg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\etbmupjm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\etclhtwx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\etljfcwi.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\etmunuct.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fbobmptg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fcbmjcpk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fckpoflj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fehkj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ffjlbyjj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ffroetlg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fghhk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fiyfsxie.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fkhunsif.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fmgotqkp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fnrbbtto.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fpvoaplh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fsibombc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fsqvnbjc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ftxdigup.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fugublls.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fxeyvikp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\fxxbbmdq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gealctxg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ggfshbsj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ghfbusqk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ghhjl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\glfehdps.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gmegrqhg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gngmdrea.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gpgpprpt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gqgwshcr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\gtfbbmer.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hbmxttyd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hbrtcdor.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hewyhins.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hfiestak.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hiqffqeg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hjyqibat.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hnntvwgw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hnttwycd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hpignqkl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hvfueppi.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hwbjevgo.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\hxigdtbp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\iafxfkby.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ibonrdyq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ibtcjktg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ijtirbsr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\inilieph.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\iqbinlad.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\irvdtpjg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\iskgqeji.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\isurofeb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ixdlwccs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jaexijto.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jccgotdd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jdlsgmye.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jfwobajo.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jlusxwbs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jnggxgdk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\joahhvrl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jovfhcrv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jrldeiwi.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\juneanyt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jxaadcwm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jxfxauww.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jxnnteof.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\jyjbgtkw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kacdtnap.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kkdiewvb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\klrydxvl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\klshxrpt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kmhqsefj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kolccutg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kolclyjj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kuhxwlfu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kvubvqwk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\kyjrsmuj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lcdlkhmy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lemigngq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lgbksqsh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lgufdcid.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\libnklbm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ljvcrgja.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lmsrgpiv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lpbdbueq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lpmimuqs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lqehrxuo.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lsttemtt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ltegjehu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ltxfdhtt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\luscbdqu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\lwjbaanc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\macvbjjv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mahglqqs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mcghdoog.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mdgauptm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mgbllhvq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mhjnxlny.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mjpgbdvj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mkcsmljp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mlmwglmv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mrjushko.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mtdjjrny.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mvkppmhj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mwjsrbgp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\mxooidhm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ndewsjmy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nijpwtra.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\niumimje.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nkalfacv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nkoyendf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nopolenl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\noqss.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nsbtketd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nwlmswbv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nwxjeqkq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nxuhakke.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\nyuxhkkt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\obkjvjnm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\oelbbuyt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\oiafodfk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\oihgopgu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\oopoq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\opnbxbpn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\opppo.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ouijlcjn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pbrrjfes.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pfmxrkkb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pkjteruk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\plqaodde.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pmdhteke.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\prlemekp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\prsru.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\psrqoilh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pwlmefhh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pxfxjvcu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pxkcsbrt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\pyevfpqx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qemirxln.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qesxrwmn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qffbewfw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qfgcsvjs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qgaojipm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qiyepocd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qjntcgtx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qjovxhud.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qkfsodql.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qkgjodgp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qlpcrtuk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qluvutch.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qnmlabqy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qpmikaec.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qqpoq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qudmeqxk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\qvdrfcyy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ravpncsc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rbqhhxdv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rddeqhov.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rewjvsyn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rfwcqjqw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rgqeuajl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rkhpthbq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rpelupxy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rucbofmb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ruqgromk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\rwvxstfl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\sbwaeyhf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\sdjpyhsp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\sexuluuf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\shpxewma.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\sijkcqef.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\sjfjyawr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\snotlgtw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\solbkmxw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\taskrqow.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\tecfromm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\tnewgsuh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\tpghulyj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\trkrefiu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\tvpgmrsb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\tvvut.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\twccraut.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uapnxsed.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ubiohlad.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ubyhlger.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ucbaugxj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ucdbufpn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\udktagvj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uhailqpb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uhytoduf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\umsoumye.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ururptpq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uwwmlfey.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uxabc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\uxrlxohp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vaicmmnj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vaowwaxm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vckjoqxk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vgvkajdk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vlvbafyn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vmgumdeq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vsdoqkll.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vstyiykq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vuchxwlq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vushymjv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vviyoncn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\vxxbc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\wdoutjlq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\webfsxhy.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\wmfkmjul.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\wpbhondm.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\wvutv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\wyusxgxq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xgcfaiic.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xidddspu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xikupkjx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xlingowx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xprbagbl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xqtyfnrl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xtnjhlun.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\xyxyb.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\yablcnaq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ymribagd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\yoklcbla.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ypsnssqr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ywbmbbyc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\01282012_085633\C_WINDOWS\system32\ywsmmhfu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  10. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.01.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Bob :: YOUR-C8A2EC5BC2 [administrator] 2/1/2012 9:16 mbam-log-2012-02-01 (09-16-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226901 Time elapsed: 6 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Services\MapsGalaxy_39Service (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy Search Scope Monitor (Adware.MyWebSearch) -> Data: "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy_39 Browser Plugin Loader (Adware.MyWebSearch) -> Data: C:\PROGRA~1\MAPSGA~2\bar\1.bin\39brmon.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. (end)
  11. Also I have my antivirus program disabled but it just popped up saying rootkit found. File Name: SVC: catchme > C:\DOCUME~1\Bob\LOCALS~1\Temp\catchme.sys What Action should I take with this? Thanks
  12. ComboFix 12-01-30.02 - Bob 01/31/2012 18:07:04.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.323 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\progra~1\MAPSGA~2\bar\1.bin\39brstub.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall\data\HwLocal.xdb c:\progra~1\MAPSGA~2\bar\1.bin\39brstub.dll . . ((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 ))))))))))))))))))))))))))))))) . . 2012-01-28 18:46 . 2012-01-28 18:46 -------- d-----w- c:\program files\MapsGalaxy_39 2012-01-28 14:56 . 2012-01-28 14:56 -------- dc----w- C:\_OTL 2012-01-27 03:04 . 2012-01-27 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-27 03:04 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-26 03:31 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-26 03:31 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-26 03:31 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-26 03:31 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 18:01 . 2010-07-18 16:21 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-02-14 14:40 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-05-21 02:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-02-14 14:40 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2010-02-14 14:40 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-02-14 14:40 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-02-14 14:40 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2010-02-14 14:40 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2010-02-14 14:40 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2010-02-14 14:40 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-25 21:57 . 2007-01-15 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2007-01-15 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2007-01-15 23:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-17 03:09 . 2011-05-30 13:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-16 14:21 . 2007-01-15 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2007-01-15 23:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-04 19:20 . 2007-01-15 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2007-01-15 22:59 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2007-01-15 22:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2007-01-15 22:58 385024 ------w- c:\windows\system32\html.iec 2011-11-03 15:28 . 2007-01-15 23:00 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28 . 2007-01-15 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2007-10-15 02:20 . 2007-10-15 02:18 827024 -c--a-w- c:\program files\PhotoGreetingCards.exe 2007-10-13 16:42 . 2007-10-13 16:41 1394568 -c--a-w- c:\program files\install_easyshare.exe 2007-08-14 15:38 . 2008-08-05 14:00 1075536 -c--a-w- c:\program files\Common Files\RegCure 1.5.0.0 Trial.exe 2011-12-21 07:24 . 2011-09-28 05:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 -csha-r- c:\windows\system32\flvDX.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-28_18.25.14 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-01 00:21 . 2012-02-01 00:21 16384 c:\windows\Temp\Perflib_Perfdata_534.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552] "MapsGalaxy Search Scope Monitor"="c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe" [2012-01-28 38440] "MapsGalaxy_39 Browser Plugin Loader"="c:\progra~1\MAPSGA~2\bar\1.bin\39brmon.exe" [2012-01-28 30096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^SocialButterfly.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\SocialButterfly.lnk backup=c:\windows\pss\SocialButterfly.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 00:43 69632 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 18:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 18:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-18 19:24 136176 ----atw- c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 -c--a-w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe] 2005-01-18 14:35 196608 ----a-w- c:\program files\Lexmark 6200 Series\lxbumon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 23:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-16 19:01 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-16 19:01 1630208 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib] 2011-03-11 21:17 93360 ----a-w- c:\program files\Olympus\ib\olycamdetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] 2005-05-09 23:16 192512 -c--a-w- c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-28 01:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-22 19:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd] 2003-09-19 15:09 36864 ----a-w- c:\windows\ShowWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] 2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\lxbucoms.exe"= "c:\windows\system32\bepinceu.exe"= c:\windows\system32\bep "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20286:TCP"= 20286:TCP:20286 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2007 1:48 PM 639224] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/20/2011 8:10 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2010 8:40 AM 314456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2010 8:40 AM 20568] R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/27/2010 9:36 AM 176408] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe [1/28/2012 12:46 PM 42504] S3 IPOD2CAR;ipod2car.sys driver;c:\windows\system32\drivers\ipod2car.sys [9/18/2010 7:28 AM 49408] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/25/2010 1:55 AM 11520] . Contents of the 'Scheduled Tasks' folder . 2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . 2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job - c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-22 19:24] . 2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Translate with &Babylon TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-31 18:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\0\win32] @DACL=(02 0000) @="c:\\Program Files\\Gamevance\\gvtl.dll" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32] @DACL=(02 0000) @="c:\\Program Files\\Fast Browser Search\\IE\\FBStoolbar.dll" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:bb,3c,96,44,5a,b7,f4,b9,2c,3c,c2,e2,00,34,a6,ea,d3,84,97,35,0f, 47,9b,c3,05,b3,60,5b,99,d8,4c,a8,22,bd,9f,f7,21,94,3d,11,84,ad,af,be,ed,d5,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(728) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3864) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wscntfy.exe c:\windows\zHotkey.exe . ************************************************************************** . Completion time: 2012-01-31 18:32:31 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-01 00:32 ComboFix2.txt 2012-01-31 23:32 ComboFix3.txt 2012-01-31 14:29 ComboFix4.txt 2012-01-29 16:13 ComboFix5.txt 2012-02-01 00:05 . Pre-Run: 153,812,926,464 bytes free Post-Run: 153,901,228,032 bytes free . - - End Of File - - 59D908E6A192C0C40C31C88A3655B05D
  13. ComboFix 12-01-30.02 - Bob 01/31/2012 17:15:07.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.462 [GMT -6:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 ))))))))))))))))))))))))))))))) . . 2012-01-31 15:16 . 2012-01-31 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall 2012-01-28 18:46 . 2012-01-28 18:46 -------- d-----w- c:\program files\MapsGalaxy_39 2012-01-28 14:56 . 2012-01-28 14:56 -------- dc----w- C:\_OTL 2012-01-27 03:04 . 2012-01-27 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-27 03:04 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-26 03:31 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-26 03:31 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-01-26 03:31 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-01-26 03:31 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 18:01 . 2010-07-18 16:21 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-02-14 14:40 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-05-21 02:10 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-02-14 14:40 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2010-02-14 14:40 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-02-14 14:40 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-02-14 14:40 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2010-02-14 14:40 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2010-02-14 14:40 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2010-02-14 14:40 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-25 21:57 . 2007-01-15 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2007-01-15 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2007-01-15 23:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-17 03:09 . 2011-05-30 13:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-16 14:21 . 2007-01-15 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2007-01-15 23:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-04 19:20 . 2007-01-15 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2007-01-15 22:59 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2007-01-15 22:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2007-01-15 22:58 385024 ------w- c:\windows\system32\html.iec 2011-11-03 15:28 . 2007-01-15 23:00 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28 . 2007-01-15 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2007-10-15 02:20 . 2007-10-15 02:18 827024 -c--a-w- c:\program files\PhotoGreetingCards.exe 2007-10-13 16:42 . 2007-10-13 16:41 1394568 -c--a-w- c:\program files\install_easyshare.exe 2007-08-14 15:38 . 2008-08-05 14:00 1075536 -c--a-w- c:\program files\Common Files\RegCure 1.5.0.0 Trial.exe 2011-12-21 07:24 . 2011-09-28 05:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 10:06 163328 -csha-r- c:\windows\system32\flvDX.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-28_18.25.14 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-31 14:04 . 2012-01-31 14:04 16384 c:\windows\Temp\Perflib_Perfdata_128.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CHotkey"="zHotkey.exe" [2004-05-18 543232] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552] "MapsGalaxy Search Scope Monitor"="c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe" [2012-01-28 38440] "MapsGalaxy_39 Browser Plugin Loader"="c:\progra~1\MAPSGA~2\bar\1.bin\39brmon.exe" [2012-01-28 30096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Darlene^Start Menu^Programs^Startup^SocialButterfly.lnk] path=c:\documents and settings\Darlene\Start Menu\Programs\Startup\SocialButterfly.lnk backup=c:\windows\pss\SocialButterfly.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-04 00:43 69632 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 18:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 18:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-18 19:24 136176 ----atw- c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 -c--a-w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe] 2005-01-18 14:35 196608 ----a-w- c:\program files\Lexmark 6200 Series\lxbumon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 23:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-16 19:01 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-16 19:01 1630208 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib] 2011-03-11 21:17 93360 ----a-w- c:\program files\Olympus\ib\olycamdetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] 2005-05-09 23:16 192512 -c--a-w- c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-28 01:17 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher] 2010-07-13 06:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-22 19:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd] 2003-09-19 15:09 36864 ----a-w- c:\windows\ShowWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] 2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\lxbucoms.exe"= "c:\windows\system32\bepinceu.exe"= c:\windows\system32\bep "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20286:TCP"= 20286:TCP:20286 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/23/2007 1:48 PM 639224] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/20/2011 8:10 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/14/2010 8:40 AM 314456] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/14/2010 8:40 AM 20568] R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/27/2010 9:36 AM 176408] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe [1/28/2012 12:46 PM 42504] S3 IPOD2CAR;ipod2car.sys driver;c:\windows\system32\drivers\ipod2car.sys [9/18/2010 7:28 AM 49408] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 12872] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/25/2010 1:55 AM 11520] . Contents of the 'Scheduled Tasks' folder . 2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . 2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1374101668-94510307-1338816319-1008Core1cc223528ea9d90.job - c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-22 19:24] . 2012-01-30 c:\windows\Tasks\User_Feed_Synchronization-{071C7AE6-FDD5-4996-A4E5-3030D6D0051D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-01-31 c:\windows\Tasks\User_Feed_Synchronization-{88D8D572-25CB-4355-B884-812F55EE82FB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2012-01-31 c:\windows\Tasks\User_Feed_Synchronization-{CFBA19FF-FBA1-4184-8F20-2E300624F2C8}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Translate with &Babylon TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\2f6phmxb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-31 17:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}\1.0\0\win32] @DACL=(02 0000) @="c:\\Program Files\\Gamevance\\gvtl.dll" . [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32] @DACL=(02 0000) @="c:\\Program Files\\Fast Browser Search\\IE\\FBStoolbar.dll" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:bb,3c,96,44,5a,b7,f4,b9,2c,3c,c2,e2,00,34,a6,ea,d3,84,97,35,0f, 47,9b,c3,05,b3,60,5b,99,d8,4c,a8,22,bd,9f,f7,21,94,3d,11,84,ad,af,be,ed,d5,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2892) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\progra~1\MAPSGA~2\bar\1.bin\39brstub.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-01-31 17:32:16 ComboFix-quarantined-files.txt 2012-01-31 23:32 ComboFix2.txt 2012-01-31 14:29 ComboFix3.txt 2012-01-29 16:13 ComboFix4.txt 2012-01-28 18:30 . Pre-Run: 153,814,904,832 bytes free Post-Run: 153,828,470,784 bytes free . - - End Of File - - 48A25D723EC9C1E799F23ABB56EF2217
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.