ikbol

Just to say again - many, many thanks. Will make donation.

Dr Web after a 20 hour scan came up with 0 - no viruses, nothing, (although it had found & perhaps removed one on first go). Below is the DDS file. Please correct me, but my impression is my computer is fairly clean now - all these tests have removed assorted stuff esp. what remained from recent attacks like the searchqu.com-related stuff. What I've been complaining of most recently - being blocked from many sites - isn't a virus, it's MALWAREBYTES. I just discovered yesterday that the prog. blocks a whole slew of P2P & similar sites, some a lot less malicious than others. So I disabled Website blocking & I can get back on all the sites. [if Mbam were more explicit about this, we'd both have saved time]. Seems like problems over. But a great many thanks for your help & persistence. It's v. much appreciated. [My last post BTW was based on misniformation - I switched to AVG needlessly because of it]. DDS (Ver_10-12-12.02) - NTFSx86 Run by Mike at 21:35:38.50 on 05/01/2011 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3071.1396 [GMT 0:00] AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\conhost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\system32\taskhost.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\Desktop\dds.com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\9uofxkrf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q= FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\mike\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} FF - Ext: CookieSafe: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} - %profile%\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} FF - Ext: AthensToolbar: {B22E157D-283C-498f-9554-C3A80E841E91} - %profile%\extensions\{B22E157D-283C-498f-9554-C3A80E841E91} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true ============= SERVICES / DRIVERS =============== R0 54468372;54468372 Boot Guard Driver;c:\windows\system32\drivers\54468372.sys [2011-1-2 37392] R0 99184672;99184672 Boot Guard Driver;c:\windows\system32\drivers\99184672.sys [2011-1-2 37392] R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 54468371;54468371;c:\windows\system32\drivers\54468371.sys [2011-1-2 128016] R1 99184671;99184671;c:\windows\system32\drivers\99184671.sys [2011-1-2 128016] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032] R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-5-21 90112] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-27 363344] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-27 20952] RUnknown DwProt;DwProt; [x] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 utk0mjc1;AVZ Kernel Driver;c:\windows\system32\drivers\utk0mjc1.sys [2011-1-3 7168] =============== Created Last 30 ================ 2011-01-05 14:38:03 -------- d-----w- c:\program files\The KMPlayer 2011-01-04 15:38:49 -------- d-----w- c:\users\mike\appdata\roaming\AVG10 2011-01-04 15:37:44 -------- d--h--w- c:\progra~2\Common Files 2011-01-04 15:36:48 -------- d-----w- c:\windows\system32\drivers\AVG 2011-01-04 15:36:48 -------- d-----w- c:\progra~2\AVG10 2011-01-04 15:36:08 -------- d-----w- c:\program files\AVG 2011-01-04 15:28:13 -------- d-----w- c:\progra~2\MFAData 2011-01-03 15:13:13 497664 ----a-w- c:\windows\system32\ac3filter.acm 2011-01-03 15:13:12 -------- d-----w- c:\program files\AC3Filter 2011-01-03 15:03:24 -------- d-----w- c:\users\mike\appdata\roaming\Local 2011-01-03 05:34:09 -------- d-----w- c:\users\mike\DoctorWeb 2011-01-03 03:37:39 7168 ----a-w- c:\windows\system32\drivers\utk0mjc1.sys 2011-01-02 23:05:38 37392 ----a-w- c:\windows\system32\drivers\99184672.sys 2011-01-02 23:05:38 311312 ----a-w- c:\windows\system32\drivers\9918467.sys 2011-01-02 23:05:38 128016 ----a-w- c:\windows\system32\drivers\99184671.sys 2011-01-02 21:23:41 -------- d-----w- c:\progra~2\Kaspersky Lab 2011-01-02 21:22:52 37392 ----a-w- c:\windows\system32\drivers\54468372.sys 2011-01-02 21:22:52 311312 ----a-w- c:\windows\system32\drivers\5446837.sys 2011-01-02 21:22:52 128016 ----a-w- c:\windows\system32\drivers\54468371.sys 2011-01-01 12:15:12 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{947a07e2-2b59-42e2-8214-d44340fb5b04}\mpengine.dll 2010-12-30 19:03:15 -------- d-----w- C:\_OTL 2010-12-30 00:22:45 -------- d-----w- c:\program files\ESET 2010-12-29 18:57:09 -------- d-----w- c:\users\mike\appdata\local\Apple Computer 2010-12-29 18:37:41 -------- d-sh--w- C:\$RECYCLE.BIN 2010-12-29 18:37:37 -------- d-----w- c:\users\mike\appdata\local\temp 2010-12-27 21:05:43 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-12-27 18:44:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-27 18:44:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-27 18:07:21 388096 ----a-r- c:\users\mike\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2010-12-27 18:07:21 -------- d-----w- c:\program files\Trend Micro 2010-12-27 16:37:15 -------- d--h--w- c:\windows\PIF 2010-12-27 03:00:18 -------- d-----w- c:\program files\YouTube Downloader 2010-12-25 15:07:43 -------- d-----w- c:\program files\Seagate 2010-12-25 15:05:51 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2010-12-08 04:12:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys ==================== Find3M ==================== 2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll 2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe 2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll 2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll 2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe 2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll ============= FINISH: 21:36:53.53 ===============

Temerec, I don't understand - I have Mbam 1.50 I think . (& have been having major problems with many major torrent/ p2p sites being blocked - e.g. irfree.com,kickasstorrents.com, avaxhome.ws & many more - although I thought it was malware). I don't see any IPs listed when I navigate to Mbam's tray options, after going to any of above sites, and getting "site is down" message. But maybe I'm misunderstanding you. HOWEVER, I simply unticked Website Blocking in options there - and presto! - all the above sites are back! (This has been killing me). I notice Mbam has option under Protection - to detick "Start malicious website blocking" - when Protection module starts. So perhaps that is the simplest option, rather than uninstalling whole Mbam prog? [Would be grateful still to know how you can unblock particular sites from Mbam]

I'll try - but I may have found main cause. I think it's a keygen wh. produced the same restricted downloading effects on another computer. Someone on a site identified it, apparently through AVG, as: "Trojan Horse Downloader.Banload.BDGN" I did System Restore on the other computer - and the effects were gone - although the fact that I had already shredded the keygen may have helped. I installed AVG on this computer & scanned - but it didn't come up with that Trojan, only FakeAlert.. I'll try a Dr Web scan, but I'll check back in case you have any other ideas. [The other thing BTW is that OTL on Dec 30 02.53 with your Custom Fixes paste DID cure the problem - even if only temporarily till the Combofix cleanup] P.S. Dr Web in Safe Mode was shaping to be 24 hour scan - I tried again last night & stopped after it had only made B folders after 3 hours. Thanks again. This is a tough one!

P.S. Can Dr Web or similar be run in normal mode?

Thanks. Kaspersky was long - nearly 6 hours. But below is file. [i notice all Win backups have same trojans incl. a Hostseditor file -is that important?] Dr Web Cureit was shaping up for similar length - but then it CRASHED after about 1 hour. Dunno why - just found computer rebooted into normal Windows. [i also ran Dr Web in Safe Mode] So should I rerun? {May take a while!) Autoscan: stopped 5 hours ago (events: 2, objects: 0, time: 00:00:09) 02/01/2011 23:35:59 Task stopped 02/01/2011 23:35:50 Task started Autoscan: completed 3 minutes ago (events: 339, objects: 2911615, time: 05:46:53) 02/01/2011 23:36:07 Task started 03/01/2011 00:04:31 Detected: Backdoor.Win32.SdBot.uwj C:\Documents and Settings\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 00:05:24 Detected: Backdoor.Win32.SdBot.qzd C:\Documents and Settings\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 00:05:25 Detected: Backdoor.Win32.SdBot.uwi C:\Documents and Settings\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 00:05:29 Deleted: Backdoor.Win32.SdBot.uwi C:\Documents and Settings\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe 03/01/2011 03:58:50 Detected: Backdoor.Win32.SdBot.uwj F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 03:58:52 Detected: Backdoor.Win32.SdBot.uwj F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 03:58:56 Detected: Backdoor.Win32.SdBot.uwj F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 04:00:00 Detected: Backdoor.Win32.SdBot.uwj F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 04:09:45 Detected: Backdoor.Win32.SdBot.qzd F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:09:45 Detected: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:09:46 Deleted: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe 03/01/2011 04:09:46 Detected: Backdoor.Win32.SdBot.qzd F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:09:47 Detected: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:09:48 Deleted: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe 03/01/2011 04:09:49 Detected: Backdoor.Win32.SdBot.uwj F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 04:09:49 Detected: Backdoor.Win32.SdBot.qzd F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:09:50 Detected: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:09:51 Deleted: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe 03/01/2011 04:10:00 Detected: Backdoor.Win32.SdBot.qzd F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:10:00 Detected: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:10:00 Detected: Backdoor.Win32.SdBot.qzd F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:10:01 Detected: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:10:02 Deleted: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe 03/01/2011 04:10:03 Deleted: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe 03/01/2011 04:15:40 Detected: Trojan.Win32.FraudPack.avhw F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\Local\qeehhrwhb\naqqwqutssd.exe 03/01/2011 04:16:00 Detected: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe 03/01/2011 04:17:57 Deleted: Trojan.Win32.FraudPack.avhw F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\Local\qeehhrwhb\naqqwqutssd.exe 03/01/2011 04:18:04 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class 03/01/2011 04:18:13 Deleted: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe 03/01/2011 04:18:21 Detected: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe 03/01/2011 04:18:23 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class 03/01/2011 04:18:29 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class 03/01/2011 04:18:52 Deleted: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe 03/01/2011 04:18:57 Detected: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe 03/01/2011 04:18:59 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class 03/01/2011 04:19:04 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class 03/01/2011 04:19:05 Deleted: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe 03/01/2011 04:19:09 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class 03/01/2011 04:19:10 Detected: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe/Armadillo 03/01/2011 04:19:15 Detected: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class 03/01/2011 04:19:16 Deleted: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe 03/01/2011 04:19:20 Deleted: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class 03/01/2011 04:19:26 Detected: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class 03/01/2011 04:19:28 Deleted: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class 03/01/2011 04:19:34 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class 03/01/2011 04:19:36 Deleted: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class 03/01/2011 04:19:42 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed By hash 03/01/2011 04:19:42 Overwritten with a copy disinfected earlier: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed 03/01/2011 04:19:42 Disinfected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed 03/01/2011 04:19:48 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class 03/01/2011 04:19:52 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class 03/01/2011 04:19:58 Detected: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class 03/01/2011 04:20:00 Deleted: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class 03/01/2011 04:20:05 Detected: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class 03/01/2011 04:20:09 Deleted: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class 03/01/2011 04:20:10 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 04:20:15 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class 03/01/2011 04:20:27 Deleted: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class 03/01/2011 04:20:29 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:20:32 Detected: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class 03/01/2011 04:20:34 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:20:35 Deleted: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class 03/01/2011 04:20:35 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe 03/01/2011 04:20:41 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class 03/01/2011 04:20:41 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe By hash 03/01/2011 04:20:44 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class 03/01/2011 04:20:50 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class 03/01/2011 04:20:54 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class 03/01/2011 04:20:56 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 04:21:00 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class 03/01/2011 04:21:02 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:21:04 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class 03/01/2011 04:21:07 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:21:08 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe 03/01/2011 04:21:10 Detected: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class 03/01/2011 04:21:11 Deleted: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class 03/01/2011 04:21:17 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class 03/01/2011 04:21:17 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe By hash 03/01/2011 04:21:26 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class 03/01/2011 04:21:31 Detected: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class 03/01/2011 04:21:37 Deleted: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class 03/01/2011 04:21:40 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 04:21:42 Detected: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class 03/01/2011 04:21:49 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:21:54 Deleted: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class 03/01/2011 04:21:54 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:21:55 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe 03/01/2011 04:21:59 Detected: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class 03/01/2011 04:22:01 Deleted: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class 03/01/2011 04:22:02 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe By hash 03/01/2011 04:22:09 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class 03/01/2011 04:22:11 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 04:22:12 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class 03/01/2011 04:22:17 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class 03/01/2011 04:22:21 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:22:23 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class 03/01/2011 04:22:28 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:22:28 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class 03/01/2011 04:22:30 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe 03/01/2011 04:22:31 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class 03/01/2011 04:22:37 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 By hash 03/01/2011 04:22:37 Overwritten with a copy disinfected earlier: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 03/01/2011 04:22:37 Disinfected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 03/01/2011 04:22:43 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e By hash 03/01/2011 04:22:43 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e 03/01/2011 04:22:43 Disinfected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e 03/01/2011 04:23:16 Detected: Trojan-PSW.Win32.LdPinch.aroh F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 37.zip/C\Users\Mike\Desktop\PROGS\Malwarebytes' Anti-Malware 1.45 + Keygen-Lz0\Keymaker.exe 03/01/2011 04:23:31 Deleted: Trojan-PSW.Win32.LdPinch.aroh F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 37.zip/C\Users\Mike\Desktop\PROGS\Malwarebytes' Anti-Malware 1.45 + Keygen-Lz0\Keymaker.exe 03/01/2011 04:24:47 Detected: Trojan-Spy.HTML.Fraud.gen F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 5.zip/C\Users\Mike\AppData\Local\Microsoft\Windows Live Mail\pop3.blueyo 6c8\Inbox\3F5C5702-0000216C.eml 03/01/2011 04:27:51 Detected: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class 03/01/2011 04:32:26 Deleted: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class 03/01/2011 04:32:31 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class 03/01/2011 04:32:36 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class 03/01/2011 04:32:41 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 By hash 03/01/2011 04:32:41 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 03/01/2011 04:32:41 Disinfected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 03/01/2011 04:36:33 Detected: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-12-12 194914\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class 03/01/2011 04:37:16 Deleted: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-12-12 194914\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class 03/01/2011 04:37:22 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-12-12 194914\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class 03/01/2011 04:37:24 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-12-12 194914\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class 03/01/2011 04:42:11 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class 03/01/2011 04:42:35 Detected: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe 03/01/2011 04:44:32 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class 03/01/2011 04:44:38 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class 03/01/2011 04:44:46 Deleted: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe 03/01/2011 04:44:48 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class 03/01/2011 04:44:53 Detected: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe 03/01/2011 04:44:54 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class 03/01/2011 04:44:54 Deleted: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe 03/01/2011 04:44:55 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class 03/01/2011 04:45:01 Detected: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class 03/01/2011 04:45:01 Detected: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe 03/01/2011 04:45:02 Deleted: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class 03/01/2011 04:45:04 Deleted: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe 03/01/2011 04:45:07 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class 03/01/2011 04:45:10 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class 03/01/2011 04:45:12 Detected: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe/Armadillo 03/01/2011 04:45:13 Deleted: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe 03/01/2011 04:45:17 Detected: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class 03/01/2011 04:45:18 Deleted: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class 03/01/2011 04:45:24 Detected: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class 03/01/2011 04:45:25 Deleted: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class 03/01/2011 04:45:31 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class 03/01/2011 04:45:32 Deleted: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class 03/01/2011 04:45:38 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed By hash 03/01/2011 04:45:38 Overwritten with a copy disinfected earlier: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed 03/01/2011 04:45:38 Disinfected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed 03/01/2011 04:45:43 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 04:45:44 Detected: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class 03/01/2011 04:45:57 Deleted: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class 03/01/2011 04:46:02 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:46:02 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class 03/01/2011 04:46:04 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class 03/01/2011 04:46:08 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:46:10 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe 03/01/2011 04:46:12 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class 03/01/2011 04:46:14 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class 03/01/2011 04:46:16 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe By hash 03/01/2011 04:46:19 Detected: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class 03/01/2011 04:46:21 Deleted: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class 03/01/2011 04:46:25 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 04:46:26 Detected: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class 03/01/2011 04:46:28 Deleted: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class 03/01/2011 04:46:32 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:46:34 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class 03/01/2011 04:46:35 Deleted: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class 03/01/2011 04:46:38 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:46:38 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe 03/01/2011 04:46:42 Detected: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class 03/01/2011 04:46:43 Deleted: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class 03/01/2011 04:46:45 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe By hash 03/01/2011 04:46:46 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe 03/01/2011 04:46:51 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class 03/01/2011 04:46:53 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class 03/01/2011 04:46:54 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe By hash 03/01/2011 04:46:59 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class 03/01/2011 04:47:00 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class 03/01/2011 04:47:03 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 04:47:05 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class 03/01/2011 04:47:06 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class 03/01/2011 04:47:11 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 04:47:12 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 By hash 03/01/2011 04:47:12 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 03/01/2011 04:47:12 Disinfected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 03/01/2011 04:47:18 Detected: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class 03/01/2011 04:47:18 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 04:47:19 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe 03/01/2011 04:47:19 Deleted: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class 03/01/2011 04:47:25 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class 03/01/2011 04:47:26 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class 03/01/2011 04:47:32 Detected: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class 03/01/2011 04:47:34 Deleted: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class 03/01/2011 04:47:40 Detected: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class 03/01/2011 04:47:41 Deleted: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class 03/01/2011 04:47:46 Detected: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class 03/01/2011 04:47:48 Deleted: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class 03/01/2011 04:47:56 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class 03/01/2011 04:47:57 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class 03/01/2011 04:48:03 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class 03/01/2011 04:48:04 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class 03/01/2011 04:48:10 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class 03/01/2011 04:48:12 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class 03/01/2011 04:48:17 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 By hash 03/01/2011 04:48:17 Overwritten with a copy disinfected earlier: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 03/01/2011 04:48:17 Disinfected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 03/01/2011 04:48:23 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e By hash 03/01/2011 04:48:23 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e 03/01/2011 04:48:23 Disinfected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e 03/01/2011 04:50:40 Detected: Trojan-Downloader.Win32.FraudLoad.hix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 1.zip/C\Users\Mike\AppData\Roaming\dwm.exe 03/01/2011 04:52:36 Deleted: Trojan-Downloader.Win32.FraudLoad.hix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 1.zip/C\Users\Mike\AppData\Roaming\dwm.exe 03/01/2011 04:52:42 Detected: Trojan-Downloader.Win32.FraudLoad.hix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 1.zip/C\Users\Mike\AppData\Roaming\Microsoft\conhost.exe 03/01/2011 04:52:51 Deleted: Trojan-Downloader.Win32.FraudLoad.hix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 1.zip/C\Users\Mike\AppData\Roaming\Microsoft\conhost.exe 03/01/2011 04:59:22 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class 03/01/2011 04:59:33 Detected: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe 03/01/2011 05:00:50 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class 03/01/2011 05:00:56 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class 03/01/2011 05:01:02 Deleted: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe 03/01/2011 05:01:04 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class 03/01/2011 05:01:09 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class 03/01/2011 05:01:11 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class 03/01/2011 05:01:11 Detected: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe 03/01/2011 05:01:13 Deleted: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe 03/01/2011 05:01:16 Detected: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class 03/01/2011 05:01:18 Deleted: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class 03/01/2011 05:01:21 Detected: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe 03/01/2011 05:01:22 Deleted: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe 03/01/2011 05:01:24 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class 03/01/2011 05:01:25 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class 03/01/2011 05:01:29 Detected: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe/Armadillo 03/01/2011 05:01:31 Deleted: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe 03/01/2011 05:01:32 Detected: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class 03/01/2011 05:01:34 Deleted: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class 03/01/2011 05:01:39 Detected: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class 03/01/2011 05:01:40 Deleted: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class 03/01/2011 05:01:46 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class 03/01/2011 05:01:47 Deleted: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class 03/01/2011 05:01:53 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed By hash 03/01/2011 05:01:53 Overwritten with a copy disinfected earlier: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed 03/01/2011 05:01:53 Disinfected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed 03/01/2011 05:01:59 Detected: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class 03/01/2011 05:02:00 Deleted: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class 03/01/2011 05:02:03 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 05:02:05 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class 03/01/2011 05:04:53 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class 03/01/2011 05:04:57 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 05:05:01 Detected: Trojan-Downloader.Java.OpenConnection.cp F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2172b79c-4e09b711/yandex/xmlparser.class 03/01/2011 05:05:02 Deleted: Trojan-Downloader.Java.OpenConnection.cp F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2172b79c-4e09b711/yandex/xmlparser.class 03/01/2011 05:05:03 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 05:05:03 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe 03/01/2011 05:05:08 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class 03/01/2011 05:05:09 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class 03/01/2011 05:05:10 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe By hash 03/01/2011 05:05:15 Detected: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class 03/01/2011 05:05:17 Deleted: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class 03/01/2011 05:05:19 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 05:05:22 Detected: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class 03/01/2011 05:05:23 Deleted: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class 03/01/2011 05:05:26 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 05:05:29 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class 03/01/2011 05:05:31 Deleted: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class 03/01/2011 05:05:32 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 05:05:33 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe 03/01/2011 05:05:38 Detected: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class 03/01/2011 05:05:40 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe By hash 03/01/2011 05:05:40 Deleted: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class 03/01/2011 05:05:46 Detected: Trojan-Downloader.Java.OpenConnection.cf F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\689c9629-2607a2b2/bpac/a.class 03/01/2011 05:05:47 Deleted: Trojan-Downloader.Java.OpenConnection.cf F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\689c9629-2607a2b2/bpac/a.class 03/01/2011 05:05:50 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 05:05:53 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\689c9629-2607a2b2/bpac/KAVS.class 03/01/2011 05:05:56 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\689c9629-2607a2b2/bpac/KAVS.class 03/01/2011 05:05:58 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 05:06:03 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 05:06:04 Detected: Packed.Win32.Krap.ao F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6b487a6b-41d422fa 03/01/2011 05:06:05 Deleted: Packed.Win32.Krap.ao F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6b487a6b-41d422fa 03/01/2011 05:06:07 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe 03/01/2011 05:06:12 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class 03/01/2011 05:06:13 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe By hash 03/01/2011 05:06:13 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class 03/01/2011 05:06:19 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class 03/01/2011 05:06:20 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class 03/01/2011 05:06:22 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 05:06:25 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class 03/01/2011 05:06:27 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class 03/01/2011 05:06:30 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 05:06:34 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3fccfb32-29d8a6f0 By hash 03/01/2011 05:06:34 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3fccfb32-29d8a6f0 03/01/2011 05:06:34 Disinfected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3fccfb32-29d8a6f0 03/01/2011 05:06:36 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 05:06:38 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe 03/01/2011 05:06:40 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 By hash 03/01/2011 05:06:40 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 03/01/2011 05:06:40 Disinfected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 03/01/2011 05:06:46 Detected: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class 03/01/2011 05:06:48 Deleted: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class 03/01/2011 05:06:53 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class 03/01/2011 05:06:54 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class 03/01/2011 05:07:01 Detected: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class 03/01/2011 05:07:03 Deleted: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class 03/01/2011 05:07:08 Detected: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class 03/01/2011 05:07:09 Deleted: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class 03/01/2011 05:07:15 Detected: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class 03/01/2011 05:07:17 Deleted: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class 03/01/2011 05:07:22 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class 03/01/2011 05:07:24 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class 03/01/2011 05:07:29 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class 03/01/2011 05:07:31 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class 03/01/2011 05:07:36 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class 03/01/2011 05:07:37 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class 03/01/2011 05:07:43 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 By hash 03/01/2011 05:07:43 Overwritten with a copy disinfected earlier: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 03/01/2011 05:07:43 Disinfected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 03/01/2011 05:07:48 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e By hash 03/01/2011 05:07:48 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e 03/01/2011 05:07:48 Disinfected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e 03/01/2011 05:15:27 Detected: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 18.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe 03/01/2011 05:15:29 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 05:17:45 Deleted: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 18.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe 03/01/2011 05:17:53 Detected: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 18.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe 03/01/2011 05:17:59 Deleted: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 18.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe 03/01/2011 05:18:04 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 05:18:10 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 05:18:13 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe 03/01/2011 05:18:19 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe By hash 03/01/2011 05:18:27 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 05:18:34 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 05:18:39 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 05:18:39 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe 03/01/2011 05:18:47 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe By hash 03/01/2011 05:20:01 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 05:20:08 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 05:20:14 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 05:20:15 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe 03/01/2011 05:20:21 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe By hash 03/01/2011 05:20:29 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/WRS32.DLL 03/01/2011 05:20:37 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/netpub.exe/Shrinker 03/01/2011 05:20:42 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/ClibPDF.dll 03/01/2011 05:20:43 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe 03/01/2011 05:23:00 Task completed

ps - just retried running OTL - because that worked last time - but it made no difference this time - browser still not connecting

Many thanks. Everything was finally back to normal after first stages of above - browser connecting to the sites at last - BUT then I ran OTC for the last stage - and after reboot the same sites are blocked. The v. first site I tried connected {same as this morning) but then everything else blocked and same site wouldn't connect again. Aargh! What can I do now?

Thanks. The two files: 1.OTL logfile created on: 30/12/2010 13:33:21 - Run 1 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Mike\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 124.83 Gb Free Space | 53.60% Space Free | Partition Type: NTFS Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 465.76 Gb Total Space | 103.26 Gb Free Space | 22.17% Space Free | Partition Type: NTFS Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/12/30 13:30:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/09/07 15:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/05/21 00:59:26 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe PRC - [2009/11/25 03:17:34 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/11/25 03:17:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (SafeList) ========== MOD - [2010/12/30 13:30:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/05/21 00:59:26 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/11/25 03:17:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/14 01:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV) SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mike\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\AsInsHelp32.sys -- (ASInsHelp) DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/09/07 14:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010/09/07 14:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010/09/07 14:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010/09/07 14:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010/09/07 14:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/05/21 01:18:29 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2010/05/21 00:59:26 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2010/05/21 00:59:26 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009/11/25 03:51:32 | 005,143,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009/07/13 22:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2007/01/16 12:16:28 | 000,318,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 1B EF 95 65 A7 CB 01 [binary data] IE - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: {B22E157D-283C-498f-9554-C3A80E841E91}:1.3 FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2 FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.15 FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en-GB&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/14 23:17:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 22:08:50 | 000,000,000 | ---D | M] [2010/12/27 03:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions [2010/12/29 14:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions [2010/04/27 13:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/08/07 00:20:46 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2010/09/11 14:19:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/08/30 21:12:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/03/01 21:56:58 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2010/03/01 21:56:58 | 000,000,000 | ---D | M] (CookieSafe) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} [2010/03/01 21:56:58 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010/03/01 21:56:58 | 000,000,000 | ---D | M] (AthensToolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{B22E157D-283C-498f-9554-C3A80E841E91} [2010/07/26 22:50:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/07/10 13:08:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/06/25 12:23:36 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010/03/01 21:56:57 | 000,000,000 | ---D | M] (Flash Video Downloader) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\artur.dubovoy@gmail(23).com [2010/10/24 14:30:35 | 000,000,000 | ---D | M] ("Flash Video Downloader - Youtube Downloader") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\artur.dubovoy@gmail.com [2010/03/01 21:56:57 | 000,000,000 | ---D | M] ("Magic's Video - Downloader") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\video-dowloader@magic-imv.ro [2010/03/01 21:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\temp\extensions [2010/03/01 21:56:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\temp\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/03/05 12:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009/07/31 12:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll [2010/03/24 12:49:43 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/03/24 12:49:43 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/03/24 12:49:43 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/03/24 12:49:43 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/12/30 00:09:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O24 - Desktop WallPaper: C:\Windows\web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\web\Wallpaper\img23.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: VIDC.ACDV - ACDV.dll File not found Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010/12/30 13:30:43 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2010/12/30 00:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/12/30 00:09:55 | 000,000,000 | ---D | C] -- C:\_OTM [2010/12/30 00:05:52 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTM.exe [2010/12/29 18:57:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Apple Computer [2010/12/29 18:57:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Apple Computer [2010/12/29 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2010/12/29 18:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/12/29 18:37:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/12/29 18:37:37 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\temp [2010/12/29 18:12:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/12/29 18:12:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/12/29 18:12:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/12/29 18:11:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/12/29 18:11:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/12/29 18:10:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/12/27 21:56:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\ANTIVIRUS FILES [2010/12/27 18:44:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/12/27 18:44:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/12/27 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/12/27 16:37:15 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2010/12/27 03:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader [2010/12/25 22:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\PDF to Kindle Tool [2010/12/25 15:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate [2010/12/25 15:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/12/06 01:15:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\vlc ========== Files - Modified Within 30 Days ========== [2010/12/30 13:30:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2010/12/30 13:02:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3338929866-3183339769-3982331239-1000UA.job [2010/12/30 11:36:35 | 000,000,105 | ---- | M] () -- C:\Users\Mike\Desktop\Play bluray files on computer-.url [2010/12/30 09:53:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/12/30 00:21:25 | 002,672,312 | ---- | M] () -- C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe [2010/12/30 00:17:26 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/12/30 00:17:25 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/12/30 00:12:00 | 2415,419,392 | -HS- | M] () -- C:\hiberfil.sys [2010/12/30 00:09:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010/12/30 00:06:14 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/12/30 00:06:14 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/12/30 00:05:54 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTM.exe [2010/12/29 18:57:23 | 000,188,968 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2010/12/29 18:56:52 | 000,002,503 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2010/12/29 18:56:52 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2010/12/29 18:11:26 | 003,999,260 | R--- | M] () -- C:\Users\Mike\Desktop\ComboFix.exe [2010/12/29 15:27:05 | 000,000,123 | ---- | M] () -- C:\Users\Mike\Desktop\Best Free Trojan Scanner-Trojan Remover.url [2010/12/29 14:48:29 | 000,000,091 | ---- | M] () -- C:\Users\Mike\Desktop\How to fix error 101 (net--ERR_CONNECTION_RESET)- Unknown error- - Yahoo! Answers.url [2010/12/29 12:03:32 | 000,006,396 | ---- | M] () -- C:\Users\Mike\Desktop\hijackthis29 [2010/12/29 11:47:14 | 000,000,051 | ---- | M] () -- C:\Users\Mike\Desktop\Security and Privacy - My ramblings on how to protect yourself online - Security & Privacy.url [2010/12/29 11:08:58 | 000,000,117 | ---- | M] () -- C:\Users\Mike\Desktop\Redirects Continue Despite Malwarebytes & McAfee - Malwarebytes Forum.url [2010/12/28 22:02:01 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3338929866-3183339769-3982331239-1000Core.job [2010/12/28 12:30:43 | 000,000,088 | ---- | M] () -- C:\Users\Mike\Desktop\MalWare Removal

Thanks again. 3 files of operations below. I'd already done 2 quick Malwarebyte scans in last 24 hours - all came up with zero. I left the Esetscan overnight & came back to find it only 80% completed - computer had gone to sleep - but it was well through the 2nd drive, where I presume not much could be. It seems to have found old keygens lying around. Meanwhile, all these websites plus some new ones are still being blocked as before all 3 browsers! With same This web page is not available.The web page at http://*********** might be temporarily down or it may have moved permanently to a new web address. And I still get: "For some reason your system denied Hijackthis write access to the Hosts file" Thanks **************** 1.0TMAll processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Mike\Desktop\cmd.bat deleted successfully. C:\Users\Mike\Desktop\cmd.txt deleted successfully. C:\program files\Fun4IM folder moved successfully. c:\program files\WhiteSmoke folder moved successfully. c:\program files\Quick Web Player folder moved successfully. C:\eBooks folder moved successfully. File/Folder c:\program files\PDF to Kindle Tool !!! not found. c:\users\Mike\AppData\Roaming\Temo folder moved successfully. c:\users\Mike\AppData\Roaming\Siut folder moved successfully. c:\users\Mike\AppData\Roaming\Latyme folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mike ->Temp folder emptied: 438366 bytes ->Temporary Internet Files folder emptied: 13781279 bytes ->Java cache emptied: 13402061 bytes ->FireFox cache emptied: 52604501 bytes ->Google Chrome cache emptied: 412751965 bytes ->Apple Safari cache emptied: 10807296 bytes ->Flash cache emptied: 135076 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 481.00 mb OTM by OldTimer - Version 3.1.17.2 log created on 12302010_000955 Files moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... ******************************* 2.malwarebytes Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5419 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 30/12/2010 00:19:35 mbam-log-2010-12-30 (00-19-35).txt Scan type: Quick scan Objects scanned: 136926 Time elapsed: 3 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ********************** 3. ESETSCANC:\PP\24\Adobe flash Keygen\total_crack\Key Generator.exe probably a variant of Win32/Agent.KMBRCHJ trojan cleaned by deleting - quarantined C:\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe probably a variant of Win32/TrojanDropper.Delf.NKEQRT trojan cleaned by deleting - quarantined C:\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe probably a variant of Win32/TrojanDropper.Delf.JBFNDPK trojan cleaned by deleting - quarantined C:\Users\Mike\Downloads\Windows 7 AIO\Activator\Activator.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined F:\AAAADDDDDDRIVE\PROGRAMS\Absolute.Video.Splitter.Joiner.v1.6.7.WinALL.Incl.Keygen-BRD\bravsj67\bravsj67.rar probably a variant of Win32/Agent.IAKWJME trojan deleted - quarantined F:\MIKE-PC\Backup Set 2010-10-31 190002\Backup Files 2010-10-31 190002\Backup files 58.zip multiple threats deleted - quarantined F:\MIKE-PC\Backup Set 2010-10-31 190002\Backup Files 2010-10-31 190002\Backup files 59.zip multiple threats deleted - quarantined F:\MIKE-PC\Backup Set 2010-10-31 190002\Backup Files 2010-10-31 190002\Backup files 61.zip a variant of Win32/HackKMS.A application deleted - quarantined

Many thanks for reply. Combof. file below. Separate comment: computer post 2nd system restore largely ok. Main problem that remains (incl. after Combofix), is that all browsers still can't connect to a whole set of sites, which were among my most used favourites (and do connect from other computers). I notice Combo deleted "searchqu*" files under Firefox, but not Chrome. "Searchqu.com" was the homepage on Chrome even after 2nd restore - I managed to remove it by switching search in Options from "Web search" to "Google search." Avast scan, before Combo, came up with a "JS: FakeWarn-C" Trojan & JS:Pdfka-gen - now moved to chest. Something seems to be still there, even if weak. Thanks again. ************************************************************************** ComboFix 10-12-28.03 - Mike 29/12/2010 18:14:57.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3071.1809 [GMT 0:00] Running from: c:\users\Mike\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\cookies.sqlite c:\users\Mike\AppData\Roaming\completescan c:\users\Mike\AppData\Roaming\install c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\searchplugins\SearchquWebSearch.xml . ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 ))))))))))))))))))))))))))))))) . 2010-12-29 18:21 . 2010-12-29 18:35 -------- d-----w- c:\users\Mike\AppData\Local\temp 2010-12-29 18:21 . 2010-12-29 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-27 21:11 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A8E5B38-611E-42C8-AA1A-59129CFC292A}\mpengine.dll 2010-12-27 21:05 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-12-27 18:44 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-27 18:44 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-27 18:07 . 2010-12-27 18:07 388096 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-27 18:07 . 2010-12-27 18:07 -------- d-----w- c:\program files\Trend Micro 2010-12-27 16:37 . 2010-12-27 16:37 -------- d--h--w- c:\windows\PIF 2010-12-27 03:02 . 2010-12-27 03:15 -------- d-----w- c:\program files\Fun4IM 2010-12-27 03:02 . 2010-12-27 03:05 -------- d-----w- c:\program files\WhiteSmoke 2010-12-27 03:02 . 2010-12-27 03:14 -------- d-----w- c:\program files\Quick Web Player 2010-12-27 03:00 . 2010-12-27 16:19 -------- d-----w- c:\program files\YouTube Downloader 2010-12-25 22:21 . 2010-12-25 22:21 -------- d-----w- C:\eBooks 2010-12-25 22:21 . 2010-12-27 16:19 -------- d-----w- c:\program files\PDF to Kindle Tool 2010-12-25 15:07 . 2010-12-25 15:07 -------- d-----w- c:\program files\Seagate 2010-12-25 15:05 . 2010-12-25 15:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-12-24 23:06 . 2010-12-25 14:43 -------- d-----w- c:\users\Mike\AppData\Roaming\Temo 2010-12-24 23:06 . 2010-12-24 23:22 -------- d-----w- c:\users\Mike\AppData\Roaming\Siut 2010-12-06 01:15 . 2010-12-27 16:19 -------- d-----w- c:\users\Mike\AppData\Roaming\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-19 10:41 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector] DevDetect.exe -autorun [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 23:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 04:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-06-16 16:48 136176 ----atw- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-12-20 18:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 17:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2006-12-19 05:34 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032] S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-05-21 90112] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952] . Contents of the 'Scheduled Tasks' folder 2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3338929866-3183339769-3982331239-1000Core.job - c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 16:48] 2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3338929866-3183339769-3982331239-1000UA.job - c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 16:48] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} FF - Ext: CookieSafe: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} - %profile%\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} FF - Ext: AthensToolbar: {B22E157D-283C-498f-9554-C3A80E841E91} - %profile%\extensions\{B22E157D-283C-498f-9554-C3A80E841E91} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-UIWatcher - c:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe MSConfigStartUp-{E96AEE2F-D918-D79B-D85B-7C9E5D734319} - c:\users\Mike\AppData\Roaming\Latyme\ovdia.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.032" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.abr" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ani" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.apd" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.arw" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bay" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bmp" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bw" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cr2" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.crw" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cs1" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cur" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcr" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcx" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dib" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djv" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (S-1-5-21-3338929866-3183339769-3982331239-1000) @Denied: (2) (LocalSystem) "Progid"="DjVuFile" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dng" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.emf" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.eps" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.erf" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fff" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fpx" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.gif" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.hdr" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icl" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icn" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iff" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ilbm" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.int" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.inta" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iw4" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2c" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2k" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jbr" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jfif" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jif" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jp2" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpc" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpe" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpeg" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpg" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpk" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpx" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.kdc" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.lbm" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mef" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mos" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mrw" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nef" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nrw" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.orf" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbm" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbr" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcd" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pct" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcx" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pef" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pgm" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pic" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pict" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pix" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.png" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ppm" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psd" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psp" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspbrush" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspimage" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raf" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ras" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raw" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgb" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgba" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rle" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rsb" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rw2" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rwl" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sgi" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sr2" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.srf" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tga" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.thm" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tif" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tiff" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttc" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttf" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30po" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30pp" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.v30ppf" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbm" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbmp" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wmf" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xbm" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xif" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xmp" [HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xpm" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-12-29 18:37:35 ComboFix-quarantined-files.txt 2010-12-29 18:37 Pre-Run: 133,696,262,144 bytes free Post-Run: 134,885,502,976 bytes free - - End Of File - - 4A99261F9309B25128DFB446ADBD854A

P.S. Managed to install Malwarebytes via msi file. Ran in Safe Mode - only came up with 1 file: "Files Infected: c:\Users\Mike\AppData\Roaming\adgs.bat (Malware.Trace) -> No action taken." which I removed. Edited Hijackthis out of 'hosts' file as instructed - and saved - but the two lines . Managed to save log though which is: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:18:30, on 27/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\wuauclt.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 5561 bytes

I've got an attack by what seems to be Antivirus Software Alert. [3 days ago I had an attack by the Hard Disk Drive related malware - which I temporarily cured by a System Restore]. This was preventing browser connection via a proxy server. I ran Malwarebytes - it seemed to identify all the programs, incl. strange ones I'd noticed running in procexp like conhost.exe, dwm.exe. - but when it restarted it hadn't worked. I was still getting browser interference. Here is the initial Mbam log: ***************** mbam-log-2010-12-27 (15-35-44).txt Scan type: Full scan (C:\|F:\|) Objects scanned: 492124 Time elapsed: 1 hour(s), 38 minute(s), 56 second(s) Memory Processes Infected: 3 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 3 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 8 Memory Processes Infected: c:\Users\Mike\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> 1684 -> Unloaded process successfully. c:\Users\Mike\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 1784 -> Unloaded process successfully. c:\Users\Mike\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 1952 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Spyware.Passwords.XGen) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Mike\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully. Folders Infected: c:\Users\Mike\AppData\Roaming\whitesmoke (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Files Infected: c:\Users\Mike\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\Mike\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Delete on reboot. c:\Users\Mike\AppData\Local\Temp\pdf-epub-to-kindle-tool-2.0_tmp.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Mike\AppData\Local\Temp\~nsu.tmp\mosquito.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\Mike\AppData\Roaming\adgs.bat (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\Mike\AppData\Local\Temp\0.6722448786175607.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\Mike\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Delete on reboot. c:\Users\Mike\AppData\Roaming\whitesmoke\stat.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully. ********************************* Afterwards I tried to run mbamsetup.exe [i'd read about this being good to ensure an uninfected version] - but it wouldn't run. I tried Safe Mode instead - the proxy server still interfered with networking, and in pure Safe Mode, mbamsetup still wouldn't run. So I tried another System Restore - this hasn't worked - I still can't install mbamsetup.exe - but it has left the computer in a less infected state- I can connect to the net at the mo. The homepage the malware had set BTW was: http://www.searchqu.com/402 I ran DDS [txts below & attached] ********************************************************* DDS (Ver_10-12-12.02) - NTFSx86 Run by Mike at 17:28:06.67 on 27/12/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3071.1885 [GMT 0:00] AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\notepad.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Mike\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\9uofxkrf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q= FF - plugin: c:\program files (x86)\microsoft silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\program files (x86)\microsoft silverlight\2.0.40115.0\npctrl.dll FF - plugin: c:\program files (x86)\microsoft silverlight\3.0.40723.0\npctrl.dll FF - plugin: c:\program files (x86)\microsoft silverlight\3.0.40818.0\npctrl.dll FF - plugin: c:\program files (x86)\microsoft silverlight\3.0.50106.0\npctrl.dll FF - plugin: c:\program files (x86)\microsoft silverlight\npctrl.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\mike\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} FF - Ext: CookieSafe: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} - %profile%\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} FF - Ext: AthensToolbar: {B22E157D-283C-498f-9554-C3A80E841E91} - %profile%\extensions\{B22E157D-283C-498f-9554-C3A80E841E91} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-28 165584] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032] R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-5-21 90112] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-28 17744] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-28 50768] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-28 1153368] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] =============== Created Last 30 ================ 2010-12-27 16:37:15 -------- d--h--w- c:\windows\PIF 2010-12-27 03:02:32 -------- d-----w- c:\program files\Fun4IM 2010-12-27 03:02:15 -------- d-----w- c:\program files\WhiteSmoke 2010-12-27 03:02:02 -------- d-----w- c:\program files\Quick Web Player 2010-12-27 03:00:18 -------- d-----w- c:\program files\YouTube Downloader 2010-12-25 22:21:35 -------- d-----w- C:\eBooks 2010-12-25 22:21:19 -------- d-----w- c:\program files\PDF to Kindle Tool 2010-12-25 15:07:43 -------- d-----w- c:\program files\Seagate 2010-12-25 15:05:51 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2010-12-24 23:06:12 -------- d-----w- c:\users\mike\appdata\roaming\Temo 2010-12-24 23:06:12 -------- d-----w- c:\users\mike\appdata\roaming\Siut 2010-12-15 09:58:39 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{6d425329-263b-4bf6-a275-1dc9e12ed77b}\mpengine.dll 2010-12-07 22:23:20 200 ----a-w- c:\users\mike\appdata\roaming\adgs.bat ==================== Find3M ==================== 2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe ============= FINISH: 17:28:35.98 =============== ************************************************* I ran GMER - it didn't report anything. I ran Rootrepeal - it gives me FOPS - device control error - and then when I try to Scan Files - it cannot "initiialize driver". So that's where I am at the moment - with my old copy of Malwarebytes uninstalled, and unable to install mbamsetup.exe. I'm not getting popups yet as I did, and programs appear to be opening [at the worst point, they wouldn't] but I presume this won't last long. What should I do? Many thanks for any help. P.S. If it's any help, I also include a Hijack log - from the middle of the process [after Mbam had failed to work] right now. However N.B. - I just tried to do another Hijack log - and it says it can't access the hosts file - I didn't edit this but here were the two hijack lines: 127.0.0.1 www.hijack-this.net 127.0.0.1 hijack-this.net And then !!! the Hijack log doesn't save - though it lists everything in its window [don't know how to copy that] I run it again and it says the Hosts file has redirected it - & only gives a few lines related to Internet Explorer! I tried an old version of Hijack this - and it gave an imperfect log - incl. at the bottom *************************************** Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:54:55, on 27/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Safe mode with network support Running processes: C:\Windows\system32\ctfmon.exe C:\Windows\explorer.exe C:\Windows\helppane.exe C:\Users\Mike\Desktop\HijackThis.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/402 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8074 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll (file missing) O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ucbkgjqd] C:\Users\Mike\AppData\Local\Temp\icruvngdo\tysqleglajb.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- ************************************** ****************************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:57, on 27/12/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe C:\totalcmd\TOTALCMD.EXE F:\AAAADDDDDDRIVE\PROGRAMS\HiJackThis.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 2193 bytes Attach.txt