Jump to content

Ken Doucet

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. My previous post makes no sense near the end since - for some unknown reason) it was posted while I was still in the middle of composing it. Anyway, I was trying to show the permissions for the registry key after I changed them in regedit and before I ran MBAM. Once again : Group or user name Full Control Read Special Permissions +++++++++++++++++++++++++++++++++++++++++++++++ Administrators Checked Checked Not checked CREATOR OWNER Not checked Not checked Checked Everyone Checked Checked Not checked Power Users Checked Checked Checked SYSTEM Checked Checked Not checked Users Checked Checked Not checked After I scan with MBAM and before I tell it to fix the registry key the permissions above still show up in the regedit permissions dialog. However, once I let MBAM try to fix the registry key the permissions seem to be reset back to only the one entry for Everyone : Group or user name Full Control Read Special Permissions +++++++++++++++++++++++++++++++++++++++++++++++ Everyone Checked Checked Not checked and MBAM reports that it can only delete the registry key after a reboot. However, the reboot doesn't fix the problem. Here is the MBAM log: Malwarebytes' Anti-Malware 1.31 Database version: 1550 Windows 5.1.2600 Service Pack 3 12/26/2008 11:29:47 AM mbam-log-2008-12-26 (11-29-47).txt Scan type: Quick Scan Objects scanned: 53277 Time elapsed: 1 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. No need to apologize for taking a couple of days to respond. Considering the time of year I think your response time is great. I followed your instructions and MBAM was able to delete 2 of the registry keys. However, the final registry is proving to be rather more difficult. MBAM is still reporting that it can only delete HKEY_CLASSES_ROOT\CLSID\{e43b6656-814b-4839-8ff8-affde0da9a3f} after a reboot but that never happens. I tried this in a normal windows session and in safe mode as well and no luck getting rid of that key. When I initially look at the permissions for this key in regedit there is only one entry, Everyone, with full control. I add Administrators with full control and then see something like this in the permissions dialog: Group or user names Full Control Administrators Full Control checked After following your instructions and making sure that Administrators and grant full control and then run MBAM after MBAM tries to delete the file I see that the Administrators entry is granted full control
  3. I have a home network which consists of 1 router (Dlink DIR-655) , 1 cable modem, 3 switches, 5 computers, 3 game consoles and the occasional guest device. The computer I am trying to clean isn't normally connected to my network and I am rather reluctant to reset my router and loose all the settings that it currently has. I have it set up so that only devices with known MAC addresses can connect and there are many other non-default settings. I think I can save the current configuration and then reload it but I have never tried that. Could you please give me an idea of the probability of a router reset fixing this problem? On a side note the power was out for several hours today so aside from a router reset my network was down and all devices powered off for much of the day. After the power was restored I re-scanned the infected computer with MBAM and the 3 infected registry keys were still there.
  4. I have been running all scans with Avast disabled and MBAM still never deletes the infected registry keys on re-boot. I am also somewhat puzzled by the MBAM dialog that reports that the keys could not be removed but will be removed on a re-boot. The last sentence of the dialog "Your computer needs to be restarted to complete the removal process. Would you like to continue?" followed by YES and NO buttons seems to imply that MBAM will automatically re-boot the computer but no matter which button is selected nothing special happens. MBAM doesn't shutdown nor is the computer automatically re-booted. Also, I don't see anything happening after a re-boot and a MBAM scan still indicates that the registry keys are infected. I completely uninstalled Avast to make sure it was not running something at startup that prevented MBAM from deleting the registry keys but it didn't make any difference. Here are the MBAM and HiJackThis log files after I did the following: 1) Uninstalled Avast 2) Reboot 3) Updated MBAM datbase from 1528 to 1531 4) Ran MBAM quick scan which found the 3 infected keys 5) Reboot 6) Ran MBAM quick scan which found the 3 infected keys Malwarebytes' Anti-Malware 1.31 Database version: 1531 Windows 5.1.2600 Service Pack 3 12/22/2008 5:56:30 AM mbam-log-2008-12-22 (05-56-30).txt Scan type: Quick Scan Objects scanned: 52449 Time elapsed: 1 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{096cba44-4a4c-49f7-8903-1e75550abcb7} (Trojan.Zlob) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:09:31 AM, on 12/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\OCZ Technology\Mouse\Amoumain.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.avast.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\OCZ Technology\Mouse\Amoumain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214303958468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214304017937 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 6659 bytes
  5. I uninstalled Windows Defender, updated the MBAM database from 1520 to 1528, re-ran MBAM and then re-ran HiJackThis. The log files are below: Malwarebytes' Anti-Malware 1.31 Database version: 1528 Windows 5.1.2600 Service Pack 3 12/21/2008 1:45:33 PM mbam-log-2008-12-21 (13-45-25).txt Scan type: Quick Scan Objects scanned: 52543 Time elapsed: 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{096cba44-4a4c-49f7-8903-1e75550abcb7} (Trojan.Zlob) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:45:58 PM, on 12/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\OCZ Technology\Mouse\Amoumain.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.avast.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\OCZ Technology\Mouse\Amoumain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214303958468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214304017937 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7216 bytes
  6. Hi Tom, That file is the installer for the latest version of the ATI Cataylist Control Center which is used to control the ATI video card and display. After I ran the previous scan I did some research on the bitTorrent client, LimeWire, that my friend had installed on his computer and made the unilateral decision to un-install it. I don't know it that was how he got this virus in the first place but I will advise him that such applications are a big security risk. If he chooses to re-install anything like that I will most likely not provide assistance the next time he gets a virus or my assistance will only be in the form of a re-format and re-install of the operating system. Thank your for your help so far! Ken
  7. I deleted the previous version of ComboFix and installed the latest version from your 1st link. Here is the ComboFix log file that I get when I run the latest version: ComboFix 08-12-18.03 - Josh Keith 2008-12-20 7:40:43.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1551 [GMT -4:00] Running from: c:\documents and settings\Josh Keith\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 ))))))))))))))))))))))))))))))) . 2008-12-18 11:48 . 2008-12-18 11:48 <DIR> d-------- C:\rsit 2008-12-18 08:32 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2008-12-18 08:31 . 2008-12-18 08:31 <DIR> d-------- c:\program files\Panda Security 2008-12-18 07:37 . 2008-12-18 07:37 268 --ah----- C:\sqmdata19.sqm 2008-12-18 07:37 . 2008-12-18 07:37 244 --ah----- C:\sqmnoopt19.sqm 2008-12-17 18:51 . 2008-12-17 18:51 268 --ah----- C:\sqmdata18.sqm 2008-12-17 18:51 . 2008-12-17 18:51 244 --ah----- C:\sqmnoopt18.sqm 2008-12-17 18:49 . 2008-12-18 07:06 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-17 18:49 . 2008-12-18 10:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-17 18:41 . 2008-12-18 12:20 7,662 --a------ c:\windows\system32\oodbs.lor 2008-12-17 18:37 . 2008-12-17 18:37 0 --a------ c:\windows\oodcnt.INI 2008-12-17 17:36 . 2008-12-17 17:36 <DIR> d-------- c:\windows\system32\oodag 2008-12-17 16:42 . 2008-12-17 16:42 268 --ah----- C:\sqmdata17.sqm 2008-12-17 16:42 . 2008-12-17 16:42 244 --ah----- C:\sqmnoopt17.sqm 2008-12-17 16:39 . 2008-12-17 16:39 268 --ah----- C:\sqmdata16.sqm 2008-12-17 16:39 . 2008-12-17 16:39 244 --ah----- C:\sqmnoopt16.sqm 2008-12-17 15:45 . 2008-12-17 15:45 268 --ah----- C:\sqmdata15.sqm 2008-12-17 15:45 . 2008-12-17 15:45 244 --ah----- C:\sqmnoopt15.sqm 2008-12-17 12:25 . 2008-12-17 12:25 <DIR> d-------- c:\program files\Trend Micro 2008-12-17 11:31 . 2008-12-17 11:31 <DIR> d-------- c:\documents and settings\Josh Keith\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-12-16 18:37 . 2008-12-16 18:37 268 --ah----- C:\sqmdata14.sqm 2008-12-16 18:37 . 2008-12-16 18:37 244 --ah----- C:\sqmnoopt14.sqm 2008-12-16 17:27 . 2008-12-16 17:27 <DIR> d-------- c:\program files\Windows Defender 2008-12-16 16:50 . 2008-12-16 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI 2008-12-16 16:47 . 2008-12-01 14:35 593,920 --------- c:\windows\system32\ati2sgag.exe 2008-12-16 16:43 . 2008-12-16 16:43 10 --a------ c:\windows\WININIT.INI 2008-12-16 16:42 . 2008-12-16 16:42 38,224,168 --a------ c:\temp\8-12_xp32_dd_ccc_wdm_enu_72271.exe 2008-12-16 16:11 . 2008-12-16 16:11 268 --ah----- C:\sqmdata13.sqm 2008-12-16 16:11 . 2008-12-16 16:11 244 --ah----- C:\sqmnoopt13.sqm 2008-12-16 15:03 . 2008-12-16 15:03 0 --a------ c:\windows\nsreg.dat 2008-12-16 15:01 . 2008-12-16 15:01 7,508,624 --a------ c:\temp\Firefox Setup 3.0.4.exe 2008-12-16 14:55 . 2008-12-16 14:55 <DIR> d-------- c:\program files\iTunes 2008-12-16 14:55 . 2008-12-16 14:55 <DIR> d-------- c:\program files\iPod 2008-12-16 14:55 . 2008-12-16 14:55 <DIR> d-------- c:\program files\Bonjour 2008-12-16 14:55 . 2008-12-16 14:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-16 14:54 . 2008-12-16 14:54 <DIR> d-------- c:\documents and settings\kendo\Application Data\Apple Computer 2008-12-16 14:53 . 2008-12-16 14:54 <DIR> d-------- c:\program files\QuickTime 2008-12-16 14:35 . 2008-12-16 14:35 <DIR> d-------- c:\documents and settings\Josh Keith\Application Data\SUPERAntiSpyware.com 2008-12-16 13:47 . 2008-12-16 13:47 268 --ah----- C:\sqmdata12.sqm 2008-12-16 13:47 . 2008-12-16 13:47 244 --ah----- C:\sqmnoopt12.sqm 2008-12-16 11:58 . 2008-12-16 11:58 <DIR> d-------- c:\documents and settings\Josh Keith\Application Data\Malwarebytes 2008-12-16 11:58 . 2008-12-16 11:58 268 --ah----- C:\sqmdata11.sqm 2008-12-16 11:58 . 2008-12-16 11:58 244 --ah----- C:\sqmnoopt11.sqm 2008-12-16 11:42 . 2008-12-16 16:10 <DIR> d-------- c:\documents and settings\Josh Keith\Application Data\Spyware Terminator 2008-12-16 10:48 . 2008-12-16 10:48 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-16 09:59 . 2008-12-16 09:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-16 09:59 . 2008-12-16 09:59 <DIR> d-------- c:\documents and settings\kendo\Application Data\Malwarebytes 2008-12-16 09:59 . 2008-12-16 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-16 09:59 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-16 09:59 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-16 09:57 . 2008-12-16 09:57 2,539,400 --a------ c:\temp\mbam-setup.exe 2008-12-16 08:59 . 2008-12-16 08:59 646,376 --a------ c:\temp\SpywareTerminatorSetup.exe 2008-12-16 07:06 . 2008-12-16 07:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-16 07:05 . 2008-12-16 16:31 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-12-16 07:02 . 2008-12-16 07:02 5,780,000 --a------ c:\temp\SUPERAntiSpyware.exe 2008-12-15 20:23 . 2008-12-15 20:23 <DIR> d-------- c:\documents and settings\kendo\Application Data\ATI 2008-12-15 20:23 . 2008-12-16 18:19 <DIR> d-------- c:\documents and settings\kendo 2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe 2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll 2008-12-01 16:52 . 2008-12-01 16:52 425,984 --a------ c:\windows\system32\ATIDEMGX.dll 2008-12-01 16:46 . 2008-12-01 16:46 11,304,960 --a------ c:\windows\system32\atioglxx.dll 2008-12-01 16:41 . 2008-12-01 16:41 188,416 --a------ c:\windows\system32\atipdlxx.dll 2008-12-01 16:40 . 2008-12-01 16:40 147,456 --a------ c:\windows\system32\Oemdspif.dll 2008-12-01 16:40 . 2008-12-01 16:40 143,360 --a------ c:\windows\system32\ati2evxx.dll 2008-12-01 16:40 . 2008-12-01 16:40 43,520 --a------ c:\windows\system32\ati2edxx.dll 2008-12-01 16:40 . 2008-12-01 16:40 26,112 --a------ c:\windows\system32\Ati2mdxx.exe 2008-12-01 16:38 . 2008-12-01 16:38 598,016 --a------ c:\windows\system32\ati2evxx.exe 2008-12-01 16:37 . 2008-12-01 16:37 53,248 --a------ c:\windows\system32\ATIDDC.DLL 2008-12-01 16:19 . 2008-12-01 16:19 307,200 --a------ c:\windows\system32\atiiiexx.dll 2008-12-01 16:11 . 2008-12-01 16:11 3,107,788 --a------ c:\windows\system32\ativvaxx.dat 2008-12-01 16:11 . 2008-12-01 16:11 3,107,788 --a------ c:\windows\system32\ativva5x.dat 2008-12-01 16:11 . 2008-12-01 16:11 887,724 --a------ c:\windows\system32\ativva6x.dat 2008-12-01 16:11 . 2008-12-01 16:11 69,112 --a------ c:\windows\system32\ativvaxx.cap 2008-12-01 15:57 . 2008-12-01 15:57 48,640 --a------ c:\windows\system32\amdpcom32.dll 2008-12-01 15:53 . 2008-12-01 15:53 401,408 --a------ c:\windows\system32\atikvmag.dll 2008-12-01 15:53 . 2008-12-01 15:53 45,056 --a------ c:\windows\system32\amdcalrt.dll 2008-12-01 15:53 . 2008-12-01 15:53 45,056 --a------ c:\windows\system32\amdcalcl.dll 2008-12-01 15:52 . 2008-12-01 15:52 86,016 --a------ c:\windows\system32\atiadlxx.dll 2008-12-01 15:52 . 2008-12-01 15:52 17,408 --a------ c:\windows\system32\atitvo32.dll 2008-12-01 15:51 . 2008-12-01 15:51 53,248 --a------ c:\windows\system32\drivers\ati2erec.dll 2008-12-01 15:50 . 2008-12-01 15:50 3,252,224 --a------ c:\windows\system32\Amdcaldd.dll 2008-12-01 15:50 . 2008-12-01 15:50 286,720 --a------ c:\windows\system32\atiok3x2.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-16 22:22 --------- d-----w c:\program files\LimeWire 2008-12-16 22:22 --------- d-----w c:\documents and settings\Josh Keith\Application Data\LimeWire 2008-12-16 20:48 --------- d-----w c:\program files\ATI Technologies 2008-12-16 20:44 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-16 18:55 --------- d-----w c:\program files\Common Files\Apple 2008-12-16 14:48 --------- d-----w c:\program files\Java 2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll 2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll 2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll 2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll 2008-11-13 11:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-12 19:25 --------- d-----w c:\program files\Google 2008-11-11 02:22 202,320 ----a-w c:\windows\system32\PnkBstrB.exe 2008-11-11 02:22 138,408 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-02 17:56 --------- d-----w c:\program files\Sony 2008-11-01 19:26 --------- d-----w c:\documents and settings\Josh Keith\Application Data\InstallShield 2008-11-01 19:21 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-21 22:14 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe 2008-10-21 17:40 81,920 ----a-w c:\windows\system32\ATIODE.exe 2008-10-21 17:40 45,056 ----a-w c:\windows\system32\ATIODCLI.exe 2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 18:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 18:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 18:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 18:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 18:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 18:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 18:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 18:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 18:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 18:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 20:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-08-18 18:53 22,328 ----a-w c:\documents and settings\Josh Keith\Application Data\PnkBstrK.sys 2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((( snapshot@2008-12-18_12.01.08.09 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-19 15:12:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_30c.dat + 2008-12-19 15:12:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7ac.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-22 1126400] "WheelMouse"="c:\program files\OCZ Technology\Mouse\Amoumain.exe" [2006-12-28 196608] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2008-06-24 987136] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-18 28544] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-24 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-24 20560] R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992] R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-24 332928] . Contents of the 'Scheduled Tasks' folder 2008-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] 2008-12-20 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . . ------- Supplementary Scan ------- . uStart Page = www.avast.com uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=127.0.0.1:9090 IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Josh Keith\Application Data\Mozilla\Firefox\Profiles\p0qi6nlh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.avast.com/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 9090 FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-20 07:41:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\Ati2evxx.dll . Completion time: 2008-12-20 7:41:43 ComboFix-quarantined-files.txt 2008-12-20 11:41:29 ComboFix2.txt 2008-12-20 11:38:55 ComboFix3.txt 2008-12-18 16:08:53 ComboFix4.txt 2008-12-18 16:01:32 Pre-Run: 465,934,299,136 bytes free Post-Run: 465,922,453,504 bytes free 227 --- E O F --- 2008-12-19 14:05:39
  8. Here is the contens of OTListIt.txt: ++++++++++++++++++++++ OTListIt logfile created on: 12/19/2008 5:28:50 PM - Run OTListIt by OldTimer - Version 1.0.12.1 Folder = C:\Documents and Settings\Josh Keith\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.31% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 433.94 Gb Free Space | 93.17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JK Current User Name: Josh Keith Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2008/12/01 16:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe [2008/12/01 16:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe [2008/11/26 13:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008/11/26 13:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [2008/12/16 10:48:29 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe [2008/08/27 12:06:08 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe [2006/12/18 09:34:36 | 00,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008/11/26 13:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2006/12/28 09:05:14 | 00,196,608 | ---- | M] () -- C:\Program Files\OCZ Technology\Mouse\Amoumain.exe [2008/12/16 10:48:29 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe [2008/09/02 11:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2008/09/02 11:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe [2008/12/19 17:28:08 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh Keith\Desktop\OTListIt.exe ========== (O23) Win32 Services ========== [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2008/11/26 13:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) [2008/12/01 16:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) [2008/12/01 14:35:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) [2008/11/26 13:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) [2008/11/26 13:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped]) [2008/11/26 13:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped]) [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) [2008/12/16 10:48:29 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2008/08/27 12:06:08 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running]) [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2008/11/26 13:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running]) [2007/01/15 21:09:06 | 00,293,888 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running]) [2006/08/06 18:57:30 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio [On_Demand | Running]) [2008/06/24 01:17:47 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running]) [2006/12/28 10:02:22 | 00,008,704 | R--- | M] (OCZ Technology Co.,Ltd.) -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter [system | Running]) [2006/12/28 10:07:34 | 00,013,824 | R--- | M] (OCZ Technology Co.,Ltd.) -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt [On_Demand | Stopped]) [2008/11/26 13:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) [2008/11/26 13:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) [2008/11/26 13:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) [2008/11/26 13:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running]) [2008/11/26 13:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running]) [2008/12/01 18:13:40 | 03,452,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) [2007/07/20 17:40:10 | 00,084,992 | ---- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running]) [2005/03/21 21:48:30 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [boot | Stopped]) [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2006/12/28 12:44:44 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService [On_Demand | Stopped]) [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2006/02/07 07:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [boot | Running]) [2007/03/23 23:20:24 | 00,046,208 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [boot | Running]) [2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped]) [2004/08/13 06:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running]) [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running]) [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2008/06/27 01:39:42 | 00,332,928 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB [On_Demand | Running]) [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2006/03/17 05:18:58 | 00,392,960 | R--- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService [On_Demand | Running]) [2007/12/06 08:51:00 | 00,285,952 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.avast.com HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> O1 HOSTS File: (290277 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 9998 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKCU\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot (JMicron Technology Corp.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE (Logitech Inc.) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\OCZ Technology\Mouse\Amoumain.exe () O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation) O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (ASUSTek Computer Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Sites: www.update.microsoft.com (http in Trusted sites) O15 - HKCU\..Trusted Sites: 52 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1214303958468 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1214304017937 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.) ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2008/06/24 00:28:46 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2008/12/19 17:28:07 | 00,418,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Josh Keith\Desktop\OTListIt.exe [2008/12/19 12:45:41 | 00,065,232 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Josh Keith\Desktop\RegASSASSIN.exe [2008/12/18 16:14:15 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2008/12/18 12:07:42 | 00,000,000 | ---D | C] -- C:\ComboFix [2008/12/18 11:59:47 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2008/12/18 11:59:45 | 00,260,272 | ---- | C] () -- C:\cmldr [2008/12/18 11:59:44 | 00,000,000 | RHSD | C] -- C:\cmdcons [2008/12/18 11:58:23 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2008/12/18 11:58:23 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2008/12/18 11:58:23 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2008/12/18 11:58:23 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2008/12/18 11:58:23 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2008/12/18 11:58:23 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2008/12/18 11:58:23 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2008/12/18 11:58:23 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe [2008/12/18 11:58:23 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2008/12/18 11:58:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2008/12/18 11:58:21 | 00,000,000 | ---D | C] -- C:\Qoobox [2008/12/18 11:57:58 | 02,884,875 | R--- | C] () -- C:\Documents and Settings\Josh Keith\Desktop\ComboFix.exe [2008/12/18 11:48:34 | 00,000,000 | ---D | C] -- C:\rsit [2008/12/18 11:48:12 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\Josh Keith\Desktop\RSIT.exe [2008/12/18 08:32:32 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2008/12/18 08:31:55 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2008/12/18 07:37:44 | 00,000,268 | -H-- | C] () -- C:\sqmdata19.sqm [2008/12/18 07:37:44 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt19.sqm [2008/12/17 18:51:02 | 00,000,268 | -H-- | C] () -- C:\sqmdata18.sqm [2008/12/17 18:51:02 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm [2008/12/17 18:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2008/12/17 18:49:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2008/12/17 18:41:13 | 00,007,662 | ---- | C] () -- C:\WINDOWS\System32\oodbs.lor [2008/12/17 18:37:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2008/12/17 17:36:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oodag [2008/12/17 17:22:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Josh Keith\Local Settings\Application Data\O&O [2008/12/17 16:42:01 | 00,000,268 | -H-- | C] () -- C:\sqmdata17.sqm [2008/12/17 16:42:01 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm [2008/12/17 16:39:40 | 00,000,268 | -H-- | C] () -- C:\sqmdata16.sqm [2008/12/17 16:39:40 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm [2008/12/17 15:45:09 | 00,000,268 | -H-- | C] () -- C:\sqmdata15.sqm [2008/12/17 15:45:09 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm [2008/12/17 12:25:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2008/12/17 11:31:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Josh Keith\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2008/12/16 18:37:28 | 00,000,268 | -H-- | C] () -- C:\sqmdata14.sqm [2008/12/16 18:37:28 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm [2008/12/16 17:30:42 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2008/12/16 17:27:44 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender [2008/12/16 16:50:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI [2008/12/16 16:47:30 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2008/12/16 16:43:12 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/12/16 16:23:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2008/12/16 16:11:44 | 00,000,268 | -H-- | C] () -- C:\sqmdata13.sqm [2008/12/16 16:11:44 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm [2008/12/16 15:24:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Josh Keith\Local Settings\Application Data\Mozilla [2008/12/16 15:24:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Josh Keith\Application Data\Mozilla [2008/12/16 15:03:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/12/16 15:02:54 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2008/12/16 14:55:41 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour [2008/12/16 14:55:03 | 00,000,000 | ---D | C] -- C:\Program Files\iPod [2008/12/16 14:55:02 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes [2008/12/16 14:55:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2008/12/16 14:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime [2008/12/16 14:35:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Josh Keith\Application Data\SUPERAntiSpyware.com [2008/12/16 13:47:56 | 00,000,268 | -H-- | C] () -- C:\sqmdata12.sqm [2008/12/16 13:47:56 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm [2008/12/16 11:58:44 | 00,000,268 | -H-- | C] () -- C:\sqmdata11.sqm [2008/12/16 11:58:44 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm [2008/12/16 11:58:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Josh Keith\Application Data\Malwarebytes [2008/12/16 11:42:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Josh Keith\Application Data\Spyware Terminator [2008/12/16 09:59:49 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/12/16 09:59:47 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/12/16 09:59:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/12/16 09:59:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2008/12/16 07:06:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2008/12/16 07:05:53 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2008/12/15 20:18:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC [2008/12/01 16:41:02 | 00,188,416 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll [2008/12/01 16:40:49 | 00,147,456 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll [2008/12/01 16:40:41 | 00,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe [2008/12/01 16:40:32 | 00,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll [2008/12/01 16:11:21 | 03,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2008/12/01 16:11:21 | 03,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2008/12/01 16:11:21 | 00,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2008/12/01 16:11:21 | 00,069,112 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2008/12/19 17:28:08 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh Keith\Desktop\OTListIt.exe [2008/12/19 17:19:00 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2008/12/19 15:14:25 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2008/12/19 12:45:41 | 00,065,232 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Josh Keith\Desktop\RegASSASSIN.exe [2008/12/19 11:15:48 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2008/12/19 11:14:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2008/12/19 11:14:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/12/19 11:13:09 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/12/19 11:12:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/12/19 11:12:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/12/19 11:11:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2008/12/19 11:11:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/12/19 11:11:27 | 04,305,586 | -H-- | M] () -- C:\Documents and Settings\Josh Keith\Local Settings\Application Data\IconCache.db [2008/12/18 15:24:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2008/12/18 15:24:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/12/18 12:25:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2008/12/18 12:25:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/12/18 12:20:07 | 00,007,662 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2008/12/18 12:19:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2008/12/18 12:19:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2008/12/18 12:08:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2008/12/18 11:59:47 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2008/12/18 11:58:04 | 02,884,875 | R--- | M] () -- C:\Documents and Settings\Josh Keith\Desktop\ComboFix.exe [2008/12/18 11:48:12 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\Josh Keith\Desktop\RSIT.exe [2008/12/18 10:59:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2008/12/18 10:59:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2008/12/18 07:37:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2008/12/18 07:37:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2008/12/17 19:10:21 | 00,290,277 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2008/12/17 18:51:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2008/12/17 18:51:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2008/12/17 18:37:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\oodcnt.INI [2008/12/17 16:42:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm [2008/12/17 16:42:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2008/12/17 16:39:40 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2008/12/17 16:39:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2008/12/17 15:45:09 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2008/12/17 15:45:09 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2008/12/16 18:37:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2008/12/16 18:37:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/12/16 16:43:14 | 00,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI [2008/12/16 16:11:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2008/12/16 16:11:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/12/16 15:03:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2008/12/16 15:00:13 | 00,004,625 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/12/16 15:00:12 | 00,477,362 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/12/16 15:00:12 | 00,406,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/12/16 15:00:12 | 00,063,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/12/16 13:47:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm [2008/12/16 13:47:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/12/16 11:58:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2008/12/16 11:58:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/12/15 21:14:48 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini [2008/12/13 02:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2008/12/13 02:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2008/12/09 19:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/12/01 16:41:02 | 00,188,416 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll [2008/12/01 16:40:49 | 00,147,456 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll [2008/12/01 16:40:41 | 00,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe [2008/12/01 16:40:32 | 00,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll [2008/12/01 16:11:21 | 03,107,788 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.dat [2008/12/01 16:11:21 | 03,107,788 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat [2008/12/01 16:11:21 | 00,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat [2008/12/01 16:11:21 | 00,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2008/12/01 14:35:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe [2008/11/26 13:21:30 | 01,236,208 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2008/11/26 13:18:25 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2008/11/26 13:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2008/11/26 13:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2008/11/26 13:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2008/11/26 13:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2008/11/26 13:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2008/11/26 13:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2008/11/26 13:15:10 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr < End of report > ++++++++++++++++++++++++ And here is the contents of Extras.txt ++++++++++++++++++++++++ OTListIt Extras logfile created on: 12/19/2008 5:28:50 PM - Run OTListIt by OldTimer - Version 1.0.12.1 Folder = C:\Documents and Settings\Josh Keith\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.31% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 433.94 Gb Free Space | 93.17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JK Current User Name: Josh Keith Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [2008/09/18 14:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire [2008/08/27 12:06:08 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA [2008/11/10 22:22:12 | 00,202,320 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB [2007/10/04 03:14:26 | 03,325,952 | ---- | M] () -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare [2007/08/07 12:22:12 | 09,710,464 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III [2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11 "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6 "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English "{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4 "{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas "{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo "{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard "{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full "{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant "{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "avast!" = avast! Antivirus "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "LimeWire" = LimeWire 4.18.8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "WheelMouse" = OCZ Technology Laser Gaming Mouse "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 12/16/2008 9:56:50 AM | Computer Name = JK | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\JOSH KEITH\MY DOCUMENTS\ENGLISH.DOC failed, 00000005. Error - 12/16/2008 9:57:11 AM | Computer Name = JK | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\JOSH KEITH\MY DOCUMENTS\PASSCHENDALE REVIEW.DOC failed, 00000005. Error - 12/16/2008 9:57:12 AM | Computer Name = JK | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\JOSH KEITH\MY DOCUMENTS\CASINO ROYALE.DOC failed, 00000005. Error - 12/16/2008 11:12:30 AM | Computer Name = JK | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\JOSH KEITH\MY DOCUMENTS\SOCIOLOGY ASSIGNMENT.DOC failed, 00000005. Error - 12/16/2008 11:12:35 AM | Computer Name = JK | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\JOSH KEITH\MY DOCUMENTS\ENGLISH.DOC failed, 00000005. Error - 12/16/2008 11:12:56 AM | Computer Name = JK | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\JOSH KEITH\MY DOCUMENTS\PASSCHENDALE REVIEW.DOC failed, 00000005. Error - 12/16/2008 11:12:56 AM | Computer Name = JK | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\JOSH KEITH\MY DOCUMENTS\CASINO ROYALE.DOC failed, 00000005. Error - 12/16/2008 4:25:11 PM | Computer Name = JK | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\JOSH KEITH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\P0QI6NLH.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}\DEFAULTS\PREFERENCES\NOSCRIPT.JS failed, 00000005. Error - 12/16/2008 4:25:11 PM | Computer Name = JK | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\JOSH KEITH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\P0QI6NLH.DEFAULT\PREFS.JS failed, 00000005. Error - 12/16/2008 4:35:51 PM | Computer Name = JK | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\DOCUMENTS AND SETTINGS\JOSH KEITH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\P0QI6NLH.DEFAULT\PREFS.JS failed, 00000005. [ Application Events ] Error - 9/23/2008 7:10:55 PM | Computer Name = JK | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/27/2008 1:46:22 PM | Computer Name = JK | Source = Application Error | ID = 1000 Description = Faulting application iw3sp.exe, version 0.0.0.0, faulting module ~df394b.tmp, version 0.0.0.0, fault address 0x000abca8. Error - 9/27/2008 3:33:11 PM | Computer Name = JK | Source = Application Hang | ID = 1002 Description = Hanging application CoD4.exe, version 2.5.0.32, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/28/2008 4:21:19 PM | Computer Name = JK | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/28/2008 4:25:30 PM | Computer Name = JK | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/29/2008 3:16:08 PM | Computer Name = JK | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/29/2008 4:48:14 PM | Computer Name = JK | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/30/2008 3:03:34 PM | Computer Name = JK | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000372e3. Error - 10/1/2008 5:45:53 PM | Computer Name = JK | Source = Application Hang | ID = 1002 Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/2/2008 10:36:20 AM | Computer Name = JK | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 12/18/2008 7:40:08 AM | Computer Name = JK | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 12/18/2008 7:40:47 AM | Computer Name = JK | Source = Service Control Manager | ID = 7001 Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 Error - 12/18/2008 7:40:47 AM | Computer Name = JK | Source = Service Control Manager | ID = 7001 Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 12/18/2008 7:40:47 AM | Computer Name = JK | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 12/18/2008 7:40:47 AM | Computer Name = JK | Source = Service Control Manager | ID = 7001 Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 12/18/2008 7:40:47 AM | Computer Name = JK | Source = Service Control Manager | ID = 7001 Description = The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 12/18/2008 7:40:47 AM | Computer Name = JK | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 12/18/2008 7:40:47 AM | Computer Name = JK | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 12/18/2008 7:52:00 AM | Computer Name = JK | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/18/2008 12:21:45 PM | Computer Name = JK | Source = Service Control Manager | ID = 7034 Description = The O&O Defrag service terminated unexpectedly. It has done this 1 time(s). < End of report >
  9. Hi Tom, I followed your instructions and disabled real-time protection in Windows Defender and then closed the program. I then updated MBAM's database to version 1520 and re-ran MBAM. The MBAM log file is included below. MBAM instructed me to re-boot the computer to remove the 3 infected registry keys but did not automatically re-boot the computer itself. Is it supposed to do this? Based on the dialogs I have the impression that it is going to re-boot the computer but it doesn't. Anyway, I manually re-booted the computer after closing down MBAM but after re-boot I ran MBAM again and the 3 registry keys are still there. Here is the contents of the logfile: ++++++++++++++++++++++++ Malwarebytes' Anti-Malware 1.31 Database version: 1520 Windows 5.1.2600 Service Pack 3 12/19/2008 11:10:05 AM mbam-log-2008-12-19 (11-10-05).txt Scan type: Full Scan (C:\|) Objects scanned: 92183 Time elapsed: 11 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{096cba44-4a4c-49f7-8903-1e75550abcb7} (Trojan.Zlob) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. ++++++++++++ HiJackThis log file ++++++++++++ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:13:37 PM, on 12/18/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\OCZ Technology\Mouse\Amoumain.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.avast.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\OCZ Technology\Mouse\Amoumain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214303958468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214304017937 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7594 bytes
  11. ++++++++++++++++ Panda ActiveScan log file ++++++++++++++++ ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-18 16:12:58 PROTECTIONS: 1 MALWARE: 2 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Windows Defender 1.1.4205.0 No No ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\kendo\Cookies\kendo@com[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\kendo\Cookies\kendo@overture[1].txt ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = ===================
  12. ++++++++++++++++++++++ MalwareBytes Anti-Malware log file ++++++++++++++++++++++ Malwarebytes' Anti-Malware 1.31 Database version: 1514 Windows 5.1.2600 Service Pack 3 12/18/2008 3:49:03 PM mbam-log-2008-12-18 (15-49-03).txt Scan type: Full Scan (C:\|) Objects scanned: 91691 Time elapsed: 10 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{096cba44-4a4c-49f7-8903-1e75550abcb7} (Trojan.Zlob) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  13. ++++++++++++++++++++++++++++ SpyBot Search & Destroy Checks log file ++++++++++++++++++++++++++++ --- Report generated: 2008-12-18 15:29 --- Hint of the Day: Click the bar at the right of this to see more information! () Fraud.VirusTrigger: [sBI $FB8353AA] Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{096CBA44-4A4C-49f7-8903-1E75550ABCB7} Zlob.Downloader: [sBI $B0BAB7CF] Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{8710DF42-3171-4A3B-9079-3F7D7101552B} Zlob.Downloader: [sBI $E3985B59] Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) --- 2008-07-07 blindman.exe (1.0.0.8) 2008-07-07 SDFiles.exe (1.6.0.4) 2008-07-07 SDMain.exe (1.0.0.6) 2008-07-07 SDShred.exe (1.0.2.3) 2008-07-07 SDUpdate.exe (1.6.0.8) 2008-07-07 SDWinSec.exe (1.0.0.12) 2008-07-07 SpybotSD.exe (1.6.0.30) 2008-09-16 TeaTimer.exe (1.6.3.25) 2008-12-17 unins000.exe (51.49.0.0) 2008-07-07 Update.exe (1.6.0.7) 2008-10-22 advcheck.dll (1.6.2.13) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2008-09-15 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2008-10-22 Tools.dll (2.1.6.8) 2008-11-04 Includes\Adware.sbi (*) 2008-12-09 Includes\AdwareC.sbi (*) 2008-06-03 Includes\Cookies.sbi (*) 2008-09-02 Includes\Dialer.sbi (*) 2008-09-09 Includes\DialerC.sbi (*) 2008-07-23 Includes\HeavyDuty.sbi (*) 2008-11-18 Includes\Hijackers.sbi (*) 2008-12-16 Includes\HijackersC.sbi (*) 2008-12-09 Includes\Keyloggers.sbi (*) 2008-12-16 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-11-18 Includes\Malware.sbi (*) 2008-12-16 Includes\MalwareC.sbi (*) 2008-12-16 Includes\PUPS.sbi (*) 2008-12-16 Includes\PUPSC.sbi (*) 2007-11-07 Includes\Revision.sbi (*) 2008-06-18 Includes\Security.sbi (*) 2008-12-16 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2008-12-10 Includes\Spyware.sbi (*) 2008-12-10 Includes\SpywareC.sbi (*) 2008-06-03 Includes\Tracks.uti 2008-11-04 Includes\Trojans.sbi (*) 2008-12-16 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll ++++++++++++++++++++++++++++ SpyBot Search & Destroy Fixes log file ++++++++++++++++++++++++++++ --- Report generated: 2008-12-18 15:29 --- Hint of the Day: Click the bar at the right of this to see more information! () Fraud.VirusTrigger: [sBI $FB8353AA] Class ID (Registry key, fixing failed) HKEY_CLASSES_ROOT\CLSID\{096CBA44-4A4C-49f7-8903-1E75550ABCB7} Zlob.Downloader: [sBI $B0BAB7CF] Class ID (Registry key, fixing failed) HKEY_CLASSES_ROOT\CLSID\{8710DF42-3171-4A3B-9079-3F7D7101552B} Zlob.Downloader: [sBI $E3985B59] Class ID (Registry key, fixing failed) HKEY_CLASSES_ROOT\CLSID\{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) --- 2008-07-07 blindman.exe (1.0.0.8) 2008-07-07 SDFiles.exe (1.6.0.4) 2008-07-07 SDMain.exe (1.0.0.6) 2008-07-07 SDShred.exe (1.0.2.3) 2008-07-07 SDUpdate.exe (1.6.0.8) 2008-07-07 SDWinSec.exe (1.0.0.12) 2008-07-07 SpybotSD.exe (1.6.0.30) 2008-09-16 TeaTimer.exe (1.6.3.25) 2008-12-17 unins000.exe (51.49.0.0) 2008-07-07 Update.exe (1.6.0.7) 2008-10-22 advcheck.dll (1.6.2.13) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2008-09-15 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2008-10-22 Tools.dll (2.1.6.8) 2008-11-04 Includes\Adware.sbi (*) 2008-12-09 Includes\AdwareC.sbi (*) 2008-06-03 Includes\Cookies.sbi (*) 2008-09-02 Includes\Dialer.sbi (*) 2008-09-09 Includes\DialerC.sbi (*) 2008-07-23 Includes\HeavyDuty.sbi (*) 2008-11-18 Includes\Hijackers.sbi (*) 2008-12-16 Includes\HijackersC.sbi (*) 2008-12-09 Includes\Keyloggers.sbi (*) 2008-12-16 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-11-18 Includes\Malware.sbi (*) 2008-12-16 Includes\MalwareC.sbi (*) 2008-12-16 Includes\PUPS.sbi (*) 2008-12-16 Includes\PUPSC.sbi (*) 2007-11-07 Includes\Revision.sbi (*) 2008-06-18 Includes\Security.sbi (*) 2008-12-16 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2008-12-10 Includes\Spyware.sbi (*) 2008-12-10 Includes\SpywareC.sbi (*) 2008-06-03 Includes\Tracks.uti 2008-11-04 Includes\Trojans.sbi (*) 2008-12-16 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll
  14. I posted this problem yesterday but nobody has replied so I thought I would try again. I have mostly cleaned up a friend's computer after he inadvertently installed some sort of fake anti-virus program but MalwareBytes is still reporting three infected registry keys which it is unable to quarantine even after a re-boot. I can't find a way to delete the three infected registry keys. I have tried running in safemode and using other spyware but the infected keys persist. I think the computer is not running as it should since web page loading seems unusually slow (my netbook loads web pages faster!). Today I ran SpyBot Search & Destroy, MalwareBytes Anti-Malware, Panda ActiveScan and HiJackThis (in that order) and will post each log file in four additional postings. I would appreciate it if someone could let me know how to get rid of the infected registry keys. I would like to return my friend's computer this weekend but not if I can't get rid of the 3 infected registry keys.
  15. Hi, I have mostly cleaned up a friend's computer after he inadvertently installed some sort of fake anti-virus program but MalwareBytes is still reporting three infected registry keys which it is unable to quarantine even after a re-boot. I can't find a way to delete the three infected registry keys. I have tried running in safemode and using other spyware but the infected keys persist. I think the computer is not running as it should since web page loading seems unusually slow (my netbook loads web pages faster!). I would appreciate it if someone could let me know how to get rid of the infected registry keys. Here is the Malwarebytes' Anti-Malware 1.31 log file after the most recent scan: +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Malwarebytes' Anti-Malware 1.31 Database version: 1506 Windows 5.1.2600 Service Pack 3 12/17/2008 12:23:57 PM mbam-log-2008-12-17 (12-23-57).txt Scan type: Full Scan (C:\|) Objects scanned: 98881 Time elapsed: 19 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{096cba44-4a4c-49f7-8903-1e75550abcb7} (Trojan.Zlob) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ And here is the HiJackThis log file : +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:09:52 PM, on 12/17/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\OCZ Technology\Mouse\Amoumain.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.avast.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\OCZ Technology\Mouse\Amoumain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214303958468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214304017937 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7886 bytes +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.