Jump to content

Antivirus Software Alert - MBAM not working/ reinstalling


ikbol
 Share

Recommended Posts

I've got an attack by what seems to be Antivirus Software Alert. [3 days ago I had an attack by the Hard Disk Drive related malware - which I temporarily cured by a System Restore]. This was preventing browser connection via a proxy server.

I ran Malwarebytes - it seemed to identify all the programs, incl. strange ones I'd noticed running in procexp like conhost.exe, dwm.exe. - but when it restarted it hadn't worked. I was still getting browser interference.

Here is the initial Mbam log:

*****************

mbam-log-2010-12-27 (15-35-44).txt

Scan type: Full scan (C:\|F:\|)

Objects scanned: 492124

Time elapsed: 1 hour(s), 38 minute(s), 56 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 8

Memory Processes Infected:

c:\Users\Mike\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> 1684 -> Unloaded process successfully.

c:\Users\Mike\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 1784 -> Unloaded process successfully.

c:\Users\Mike\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 1952 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Spyware.Passwords.XGen) -> Value: conhost -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Mike\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Folders Infected:

c:\Users\Mike\AppData\Roaming\whitesmoke (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:

c:\Users\Mike\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.

c:\Users\Mike\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Delete on reboot.

c:\Users\Mike\AppData\Local\Temp\pdf-epub-to-kindle-tool-2.0_tmp.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\Users\Mike\AppData\Local\Temp\~nsu.tmp\mosquito.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\Mike\AppData\Roaming\adgs.bat (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Mike\AppData\Local\Temp\0.6722448786175607.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\Mike\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Delete on reboot.

c:\Users\Mike\AppData\Roaming\whitesmoke\stat.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

*********************************

Afterwards I tried to run mbamsetup.exe [i'd read about this being good to ensure an uninfected version] - but it wouldn't run.

I tried Safe Mode instead - the proxy server still interfered with networking, and in pure Safe Mode, mbamsetup still wouldn't run.

So I tried another System Restore - this hasn't worked - I still can't install mbamsetup.exe - but it has left the computer in a less infected state- I can connect to the net at the mo.

The homepage the malware had set BTW was:

http://www.searchqu.com/402

I ran DDS [txts below & attached]

*********************************************************

DDS (Ver_10-12-12.02) - NTFSx86

Run by Mike at 17:28:06.67 on 27/12/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3071.1885 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\notepad.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Mike\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\9uofxkrf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=

FF - plugin: c:\program files (x86)\microsoft silverlight\2.0.31005.0\npctrl.dll

FF - plugin: c:\program files (x86)\microsoft silverlight\2.0.40115.0\npctrl.dll

FF - plugin: c:\program files (x86)\microsoft silverlight\3.0.40723.0\npctrl.dll

FF - plugin: c:\program files (x86)\microsoft silverlight\3.0.40818.0\npctrl.dll

FF - plugin: c:\program files (x86)\microsoft silverlight\3.0.50106.0\npctrl.dll

FF - plugin: c:\program files (x86)\microsoft silverlight\npctrl.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\mike\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

FF - Ext: CookieSafe: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} - %profile%\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}

FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

FF - Ext: AthensToolbar: {B22E157D-283C-498f-9554-C3A80E841E91} - %profile%\extensions\{B22E157D-283C-498f-9554-C3A80E841E91}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-28 165584]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]

R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-5-21 90112]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-28 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-28 50768]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-28 1153368]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-12-27 16:37:15 -------- d--h--w- c:\windows\PIF

2010-12-27 03:02:32 -------- d-----w- c:\program files\Fun4IM

2010-12-27 03:02:15 -------- d-----w- c:\program files\WhiteSmoke

2010-12-27 03:02:02 -------- d-----w- c:\program files\Quick Web Player

2010-12-27 03:00:18 -------- d-----w- c:\program files\YouTube Downloader

2010-12-25 22:21:35 -------- d-----w- C:\eBooks

2010-12-25 22:21:19 -------- d-----w- c:\program files\PDF to Kindle Tool

2010-12-25 15:07:43 -------- d-----w- c:\program files\Seagate

2010-12-25 15:05:51 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2010-12-24 23:06:12 -------- d-----w- c:\users\mike\appdata\roaming\Temo

2010-12-24 23:06:12 -------- d-----w- c:\users\mike\appdata\roaming\Siut

2010-12-15 09:58:39 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{6d425329-263b-4bf6-a275-1dc9e12ed77b}\mpengine.dll

2010-12-07 22:23:20 200 ----a-w- c:\users\mike\appdata\roaming\adgs.bat

==================== Find3M ====================

2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 17:28:35.98 ===============

*************************************************

I ran GMER - it didn't report anything.

I ran Rootrepeal - it gives me FOPS - device control error - and then when I try to Scan Files - it cannot "initiialize driver".

So that's where I am at the moment - with my old copy of Malwarebytes uninstalled, and unable to install mbamsetup.exe.

I'm not getting popups yet as I did, and programs appear to be opening [at the worst point, they wouldn't] but I presume this won't last long.

What should I do?

Many thanks for any help.

P.S. If it's any help, I also include a Hijack log - from the middle of the process [after Mbam had failed to work]

right now.

However N.B. - I just tried to do another Hijack log - and it says it can't access the hosts file - I didn't edit this but here were the two hijack lines:

127.0.0.1 www.hijack-this.net

127.0.0.1 hijack-this.net

And then !!! the Hijack log doesn't save - though it lists everything in its window [don't know how to copy that]

I run it again and it says the Hosts file has redirected it - & only gives a few lines related to Internet Explorer!

I tried an old version of Hijack this - and it gave an imperfect log - incl. at the bottom

***************************************

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:54:55, on 27/12/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Safe mode with network support

Running processes:

C:\Windows\system32\ctfmon.exe

C:\Windows\explorer.exe

C:\Windows\helppane.exe

C:\Users\Mike\Desktop\HijackThis.exe

C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/402

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8074

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WIA6EB~1\ToolBar\SearchquDx.dll (file missing)

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ucbkgjqd] C:\Users\Mike\AppData\Local\Temp\icruvngdo\tysqleglajb.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--

**************************************

******************************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:24:57, on 27/12/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\totalcmd\TOTALCMD.EXE

F:\AAAADDDDDDRIVE\PROGRAMS\HiJackThis.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--

End of file - 2193 bytes

Attach.txt

Link to post
Share on other sites

P.S.

Managed to install Malwarebytes via msi file. Ran in Safe Mode - only came up with 1 file:

"Files Infected:

c:\Users\Mike\AppData\Roaming\adgs.bat (Malware.Trace) -> No action taken."

which I removed.

Edited Hijackthis out of 'hosts' file as instructed - and saved - but the two lines .

Managed to save log though which is:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:18:30, on 27/12/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--

End of file - 5561 bytes

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Many thanks for reply. Combof. file below.

Separate comment: computer post 2nd system restore largely ok. Main problem that remains (incl. after Combofix), is that all browsers still can't connect to a whole set of sites, which were among my most used favourites (and do connect from other computers). I notice Combo deleted "searchqu*" files under Firefox, but not Chrome. "Searchqu.com" was the homepage on Chrome even after 2nd restore - I managed to remove it by switching search in Options from "Web search" to "Google search."

Avast scan, before Combo, came up with a "JS: FakeWarn-C" Trojan & JS:Pdfka-gen - now moved to chest.

Something seems to be still there, even if weak.

Thanks again.

**************************************************************************

ComboFix 10-12-28.03 - Mike 29/12/2010 18:14:57.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3071.1809 [GMT 0:00]

Running from: c:\users\Mike\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

c:\users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\cookies.sqlite

c:\users\Mike\AppData\Roaming\completescan

c:\users\Mike\AppData\Roaming\install

c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\searchplugins\SearchquWebSearch.xml

.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))

.

2010-12-29 18:21 . 2010-12-29 18:35 -------- d-----w- c:\users\Mike\AppData\Local\temp

2010-12-29 18:21 . 2010-12-29 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-27 21:11 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A8E5B38-611E-42C8-AA1A-59129CFC292A}\mpengine.dll

2010-12-27 21:05 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-12-27 18:44 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-27 18:44 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-27 18:07 . 2010-12-27 18:07 388096 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-12-27 18:07 . 2010-12-27 18:07 -------- d-----w- c:\program files\Trend Micro

2010-12-27 16:37 . 2010-12-27 16:37 -------- d--h--w- c:\windows\PIF

2010-12-27 03:02 . 2010-12-27 03:15 -------- d-----w- c:\program files\Fun4IM

2010-12-27 03:02 . 2010-12-27 03:05 -------- d-----w- c:\program files\WhiteSmoke

2010-12-27 03:02 . 2010-12-27 03:14 -------- d-----w- c:\program files\Quick Web Player

2010-12-27 03:00 . 2010-12-27 16:19 -------- d-----w- c:\program files\YouTube Downloader

2010-12-25 22:21 . 2010-12-25 22:21 -------- d-----w- C:\eBooks

2010-12-25 22:21 . 2010-12-27 16:19 -------- d-----w- c:\program files\PDF to Kindle Tool

2010-12-25 15:07 . 2010-12-25 15:07 -------- d-----w- c:\program files\Seagate

2010-12-25 15:05 . 2010-12-25 15:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-12-24 23:06 . 2010-12-25 14:43 -------- d-----w- c:\users\Mike\AppData\Roaming\Temo

2010-12-24 23:06 . 2010-12-24 23:22 -------- d-----w- c:\users\Mike\AppData\Roaming\Siut

2010-12-06 01:15 . 2010-12-27 16:19 -------- d-----w- c:\users\Mike\AppData\Roaming\vlc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 10:41 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]

DevDetect.exe -autorun [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 23:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 04:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-06-16 16:48 136176 ----atw- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-12-20 18:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 17:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2006-12-19 05:34 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-05-21 90112]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]

.

Contents of the 'Scheduled Tasks' folder

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3338929866-3183339769-3982331239-1000Core.job

- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 16:48]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3338929866-3183339769-3982331239-1000UA.job

- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 16:48]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

FF - Ext: CookieSafe: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} - %profile%\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}

FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

FF - Ext: AthensToolbar: {B22E157D-283C-498f-9554-C3A80E841E91} - %profile%\extensions\{B22E157D-283C-498f-9554-C3A80E841E91}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-UIWatcher - c:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe

MSConfigStartUp-{E96AEE2F-D918-D79B-D85B-7C9E5D734319} - c:\users\Mike\AppData\Roaming\Latyme\ovdia.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.032"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.abr"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ani"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.apd"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.arw"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.bay"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.bmp"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.bw"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cr2"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.crw"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cs1"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cur"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dcr"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dcx"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dib"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.djv"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (S-1-5-21-3338929866-3183339769-3982331239-1000)

@Denied: (2) (LocalSystem)

"Progid"="DjVuFile"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dng"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.emf"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.eps"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.erf"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.fff"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.fpx"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.gif"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.hdr"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.icl"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.icn"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.iff"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ilbm"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.int"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.inta"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.iw4"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.j2c"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.j2k"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jbr"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jfif"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jif"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jp2"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpc"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpe"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpeg"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpg"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpk"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpx"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.kdc"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.lbm"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mef"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mos"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mrw"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.nef"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.nrw"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.orf"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pbm"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pbr"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pcd"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pct"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pcx"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pef"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pgm"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pic"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pict"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pix"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.png"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ppm"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.psd"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.psp"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pspbrush"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pspimage"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.raf"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ras"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.raw"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rgb"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rgba"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rle"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rsb"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rw2"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rwl"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.sgi"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.sr2"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.srf"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.tga"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.thm"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.tif"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.tiff"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ttc"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ttf"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.v30po"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.v30pp"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.v30ppf"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wbm"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wbmp"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wmf"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xbm"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xif"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xmp"

[HKEY_USERS\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xpm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-12-29 18:37:35

ComboFix-quarantined-files.txt 2010-12-29 18:37

Pre-Run: 133,696,262,144 bytes free

Post-Run: 134,885,502,976 bytes free

- - End Of File - - 4A99261F9309B25128DFB446ADBD854A

Link to post
Share on other sites

Hi,

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Processes

    :Services

    :Reg

    :Files
    ipconfig /flushdns /c
    C:\program files\Fun4IM
    c:\program files\WhiteSmoke
    c:\program files\Quick Web Player
    C:\eBooks
    c:\program files\PDF to Kindle Tool !!!
    c:\users\Mike\AppData\Roaming\Temo
    c:\users\Mike\AppData\Roaming\Siut
    c:\users\Mike\AppData\Roaming\Latyme

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Thanks again. 3 files of operations below. I'd already done 2 quick Malwarebyte scans in last 24 hours - all came up with zero. I left the Esetscan overnight & came back to find it only 80% completed - computer had gone to sleep - but it was well through the 2nd drive, where I presume not much could be. It seems to have found old keygens lying around.

Meanwhile, all these websites plus some new ones are still being blocked as before all 3 browsers! With same

This web page is not available.The web page at http://*********** might be temporarily down or it may have moved permanently to a new web address.

And I still get:

"For some reason your system denied Hijackthis write access to the Hosts file"

Thanks

****************

1.0TMAll processes killed

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Mike\Desktop\cmd.bat deleted successfully.

C:\Users\Mike\Desktop\cmd.txt deleted successfully.

C:\program files\Fun4IM folder moved successfully.

c:\program files\WhiteSmoke folder moved successfully.

c:\program files\Quick Web Player folder moved successfully.

C:\eBooks folder moved successfully.

File/Folder c:\program files\PDF to Kindle Tool !!! not found.

c:\users\Mike\AppData\Roaming\Temo folder moved successfully.

c:\users\Mike\AppData\Roaming\Siut folder moved successfully.

c:\users\Mike\AppData\Roaming\Latyme folder moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Mike

->Temp folder emptied: 438366 bytes

->Temporary Internet Files folder emptied: 13781279 bytes

->Java cache emptied: 13402061 bytes

->FireFox cache emptied: 52604501 bytes

->Google Chrome cache emptied: 412751965 bytes

->Apple Safari cache emptied: 10807296 bytes

->Flash cache emptied: 135076 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 481.00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 12302010_000955

Files moved on Reboot...

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

*******************************

2.malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5419

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

30/12/2010 00:19:35

mbam-log-2010-12-30 (00-19-35).txt

Scan type: Quick scan

Objects scanned: 136926

Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

**********************

3. ESETSCANC:\PP\24\Adobe flash Keygen\total_crack\Key Generator.exe probably a variant of Win32/Agent.KMBRCHJ trojan cleaned by deleting - quarantined

C:\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe probably a variant of Win32/TrojanDropper.Delf.NKEQRT trojan cleaned by deleting - quarantined

C:\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe probably a variant of Win32/TrojanDropper.Delf.JBFNDPK trojan cleaned by deleting - quarantined

C:\Users\Mike\Downloads\Windows 7 AIO\Activator\Activator.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined

F:\AAAADDDDDDRIVE\PROGRAMS\Absolute.Video.Splitter.Joiner.v1.6.7.WinALL.Incl.Keygen-BRD\bravsj67\bravsj67.rar probably a variant of Win32/Agent.IAKWJME trojan deleted - quarantined

F:\MIKE-PC\Backup Set 2010-10-31 190002\Backup Files 2010-10-31 190002\Backup files 58.zip multiple threats deleted - quarantined

F:\MIKE-PC\Backup Set 2010-10-31 190002\Backup Files 2010-10-31 190002\Backup files 59.zip multiple threats deleted - quarantined

F:\MIKE-PC\Backup Set 2010-10-31 190002\Backup Files 2010-10-31 190002\Backup files 61.zip a variant of Win32/HackKMS.A application deleted - quarantined

Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Under the Custom Scan box paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to post
Share on other sites

Thanks. The two files:

1.OTL logfile created on: 30/12/2010 13:33:21 - Run 1

OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Mike\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 124.83 Gb Free Space | 53.60% Space Free | Partition Type: NTFS

Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 465.76 Gb Total Space | 103.26 Gb Free Space | 22.17% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/30 13:30:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe

PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/09/07 15:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/05/21 00:59:26 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

PRC - [2009/11/25 03:17:34 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2009/11/25 03:17:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (SafeList) ==========

MOD - [2010/12/30 13:30:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe

MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll

MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll

MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/05/21 00:59:26 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009/11/25 03:17:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/14 01:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mike\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\AsInsHelp32.sys -- (ASInsHelp)

DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/09/07 14:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 14:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 14:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 14:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/09/07 14:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/05/21 01:18:29 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)

DRV - [2010/05/21 00:59:26 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2010/05/21 00:59:26 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)

DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/11/25 03:51:32 | 005,143,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)

DRV - [2009/07/13 22:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2007/01/16 12:16:28 | 000,318,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 1B EF 95 65 A7 CB 01 [binary data]

IE - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8

FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3

FF - prefs.js..extensions.enabledItems: {B22E157D-283C-498f-9554-C3A80E841E91}:1.3

FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5

FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2

FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.1

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.15

FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en-GB&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/14 23:17:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 22:08:50 | 000,000,000 | ---D | M]

[2010/12/27 03:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions

[2010/12/29 14:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions

[2010/04/27 13:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/07 00:20:46 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}

[2010/09/11 14:19:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/08/30 21:12:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/03/01 21:56:58 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

[2010/03/01 21:56:58 | 000,000,000 | ---D | M] (CookieSafe) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}

[2010/03/01 21:56:58 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

[2010/03/01 21:56:58 | 000,000,000 | ---D | M] (AthensToolbar) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{B22E157D-283C-498f-9554-C3A80E841E91}

[2010/07/26 22:50:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/07/10 13:08:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/06/25 12:23:36 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2010/03/01 21:56:57 | 000,000,000 | ---D | M] (Flash Video Downloader) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\artur.dubovoy@gmail(23).com

[2010/10/24 14:30:35 | 000,000,000 | ---D | M] ("Flash Video Downloader - Youtube Downloader") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\artur.dubovoy@gmail.com

[2010/03/01 21:56:57 | 000,000,000 | ---D | M] ("Magic's Video - Downloader") -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\extensions\video-dowloader@magic-imv.ro

[2010/03/01 21:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\temp\extensions

[2010/03/01 21:56:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\9uofxkrf.default\temp\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/05 12:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009/07/31 12:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

[2010/03/24 12:49:43 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/03/24 12:49:43 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/03/24 12:49:43 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/03/24 12:49:43 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/30 00:09:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3338929866-3183339769-3982331239-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O24 - Desktop WallPaper: C:\Windows\web\Wallpaper\img23.jpg

O24 - Desktop BackupWallPaper: C:\Windows\web\Wallpaper\img23.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: VIDC.ACDV - ACDV.dll File not found

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/30 13:30:43 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe

[2010/12/30 00:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/12/30 00:09:55 | 000,000,000 | ---D | C] -- C:\_OTM

[2010/12/30 00:05:52 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTM.exe

[2010/12/29 18:57:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Apple Computer

[2010/12/29 18:57:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Apple Computer

[2010/12/29 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Safari

[2010/12/29 18:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2010/12/29 18:37:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/12/29 18:37:37 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\temp

[2010/12/29 18:12:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/12/29 18:12:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/12/29 18:12:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/12/29 18:11:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/12/29 18:11:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/12/29 18:10:43 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/12/27 21:56:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\ANTIVIRUS FILES

[2010/12/27 18:44:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/27 18:44:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/27 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/12/27 16:37:15 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2010/12/27 03:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader

[2010/12/25 22:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\PDF to Kindle Tool

[2010/12/25 15:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate

[2010/12/25 15:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/12/06 01:15:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\vlc

========== Files - Modified Within 30 Days ==========

[2010/12/30 13:30:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe

[2010/12/30 13:02:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3338929866-3183339769-3982331239-1000UA.job

[2010/12/30 11:36:35 | 000,000,105 | ---- | M] () -- C:\Users\Mike\Desktop\Play bluray files on computer-.url

[2010/12/30 09:53:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/30 00:21:25 | 002,672,312 | ---- | M] () -- C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe

[2010/12/30 00:17:26 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/30 00:17:25 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/30 00:12:00 | 2415,419,392 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/30 00:09:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2010/12/30 00:06:14 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/30 00:06:14 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/30 00:05:54 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTM.exe

[2010/12/29 18:57:23 | 000,188,968 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat

[2010/12/29 18:56:52 | 000,002,503 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/12/29 18:56:52 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2010/12/29 18:11:26 | 003,999,260 | R--- | M] () -- C:\Users\Mike\Desktop\ComboFix.exe

[2010/12/29 15:27:05 | 000,000,123 | ---- | M] () -- C:\Users\Mike\Desktop\Best Free Trojan Scanner-Trojan Remover.url

[2010/12/29 14:48:29 | 000,000,091 | ---- | M] () -- C:\Users\Mike\Desktop\How to fix error 101 (net--ERR_CONNECTION_RESET)- Unknown error- - Yahoo! Answers.url

[2010/12/29 12:03:32 | 000,006,396 | ---- | M] () -- C:\Users\Mike\Desktop\hijackthis29

[2010/12/29 11:47:14 | 000,000,051 | ---- | M] () -- C:\Users\Mike\Desktop\Security and Privacy - My ramblings on how to protect yourself online - Security & Privacy.url

[2010/12/29 11:08:58 | 000,000,117 | ---- | M] () -- C:\Users\Mike\Desktop\Redirects Continue Despite Malwarebytes & McAfee - Malwarebytes Forum.url

[2010/12/28 22:02:01 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3338929866-3183339769-3982331239-1000Core.job

[2010/12/28 12:30:43 | 000,000,088 | ---- | M] () -- C:\Users\Mike\Desktop\MalWare Removal

Link to post
Share on other sites

Hi,

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2010/12/25 22:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\PDF to Kindle Tool
    [2010/12/27 15:37:35 | 000,021,496 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\DB06.F29
    [2010/11/25 17:20:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Hidee

    :Services

    :Reg

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After that, your logs are clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :)

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :)

Link to post
Share on other sites

Many thanks. Everything was finally back to normal after first stages of above - browser connecting to the sites at last - BUT then I ran OTC for the last stage - and after reboot the same sites are blocked. The v. first site I tried connected {same as this morning) but then everything else blocked and same site wouldn't connect again.

Aargh! What can I do now?

Link to post
Share on other sites

Hi,

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the
    F8
    key until a menu appears.

    Use your up arrow key to highlight SafeMode then hit
    enter
    .


  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • Hidden Startup Objects

  • System Memory

  • Disk Boot Sectors.

  • My Computer.

  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Dr.Web CureIt to the desktop.

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb_green_arrow.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    drweb_check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    drweb_move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download DDS and save it to your desktop.

  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.

Link to post
Share on other sites

Thanks. Kaspersky was long - nearly 6 hours. But below is file. [i notice all Win backups have same trojans incl. a Hostseditor file -is that important?]

Dr Web Cureit was shaping up for similar length - but then it CRASHED after about 1 hour. Dunno why - just found computer rebooted into normal Windows. [i also ran Dr Web in Safe Mode]

So should I rerun? {May take a while!)

Autoscan: stopped 5 hours ago (events: 2, objects: 0, time: 00:00:09)

02/01/2011 23:35:59 Task stopped

02/01/2011 23:35:50 Task started

Autoscan: completed 3 minutes ago (events: 339, objects: 2911615, time: 05:46:53)

02/01/2011 23:36:07 Task started

03/01/2011 00:04:31 Detected: Backdoor.Win32.SdBot.uwj C:\Documents and Settings\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 00:05:24 Detected: Backdoor.Win32.SdBot.qzd C:\Documents and Settings\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 00:05:25 Detected: Backdoor.Win32.SdBot.uwi C:\Documents and Settings\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 00:05:29 Deleted: Backdoor.Win32.SdBot.uwi C:\Documents and Settings\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe

03/01/2011 03:58:50 Detected: Backdoor.Win32.SdBot.uwj F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 03:58:52 Detected: Backdoor.Win32.SdBot.uwj F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 03:58:56 Detected: Backdoor.Win32.SdBot.uwj F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 04:00:00 Detected: Backdoor.Win32.SdBot.uwj F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 04:09:45 Detected: Backdoor.Win32.SdBot.qzd F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:09:45 Detected: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:09:46 Deleted: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe

03/01/2011 04:09:46 Detected: Backdoor.Win32.SdBot.qzd F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:09:47 Detected: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:09:48 Deleted: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe

03/01/2011 04:09:49 Detected: Backdoor.Win32.SdBot.uwj F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 04:09:49 Detected: Backdoor.Win32.SdBot.qzd F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:09:50 Detected: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:09:51 Deleted: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\MovieMagicScreenWriter2000 V4.00E.zip/screenwriter 2000 setup.exe

03/01/2011 04:10:00 Detected: Backdoor.Win32.SdBot.qzd F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:10:00 Detected: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:10:00 Detected: Backdoor.Win32.SdBot.qzd F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:10:01 Detected: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:10:02 Deleted: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe

03/01/2011 04:10:03 Deleted: Backdoor.Win32.SdBot.uwi F:\AAAADDDDDDRIVE\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe

03/01/2011 04:15:40 Detected: Trojan.Win32.FraudPack.avhw F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\Local\qeehhrwhb\naqqwqutssd.exe

03/01/2011 04:16:00 Detected: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe

03/01/2011 04:17:57 Deleted: Trojan.Win32.FraudPack.avhw F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\Local\qeehhrwhb\naqqwqutssd.exe

03/01/2011 04:18:04 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class

03/01/2011 04:18:13 Deleted: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe

03/01/2011 04:18:21 Detected: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe

03/01/2011 04:18:23 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class

03/01/2011 04:18:29 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class

03/01/2011 04:18:52 Deleted: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe

03/01/2011 04:18:57 Detected: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe

03/01/2011 04:18:59 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class

03/01/2011 04:19:04 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class

03/01/2011 04:19:05 Deleted: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe

03/01/2011 04:19:09 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class

03/01/2011 04:19:10 Detected: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe/Armadillo

03/01/2011 04:19:15 Detected: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class

03/01/2011 04:19:16 Deleted: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 35.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe

03/01/2011 04:19:20 Deleted: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class

03/01/2011 04:19:26 Detected: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class

03/01/2011 04:19:28 Deleted: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class

03/01/2011 04:19:34 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class

03/01/2011 04:19:36 Deleted: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class

03/01/2011 04:19:42 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed By hash

03/01/2011 04:19:42 Overwritten with a copy disinfected earlier: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed

03/01/2011 04:19:42 Disinfected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed

03/01/2011 04:19:48 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class

03/01/2011 04:19:52 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class

03/01/2011 04:19:58 Detected: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class

03/01/2011 04:20:00 Deleted: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class

03/01/2011 04:20:05 Detected: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class

03/01/2011 04:20:09 Deleted: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class

03/01/2011 04:20:10 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 04:20:15 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class

03/01/2011 04:20:27 Deleted: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class

03/01/2011 04:20:29 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:20:32 Detected: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class

03/01/2011 04:20:34 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:20:35 Deleted: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class

03/01/2011 04:20:35 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe

03/01/2011 04:20:41 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class

03/01/2011 04:20:41 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe By hash

03/01/2011 04:20:44 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class

03/01/2011 04:20:50 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class

03/01/2011 04:20:54 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class

03/01/2011 04:20:56 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 04:21:00 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class

03/01/2011 04:21:02 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:21:04 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class

03/01/2011 04:21:07 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:21:08 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe

03/01/2011 04:21:10 Detected: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class

03/01/2011 04:21:11 Deleted: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class

03/01/2011 04:21:17 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class

03/01/2011 04:21:17 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe By hash

03/01/2011 04:21:26 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class

03/01/2011 04:21:31 Detected: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class

03/01/2011 04:21:37 Deleted: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class

03/01/2011 04:21:40 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 04:21:42 Detected: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class

03/01/2011 04:21:49 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:21:54 Deleted: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class

03/01/2011 04:21:54 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:21:55 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe

03/01/2011 04:21:59 Detected: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class

03/01/2011 04:22:01 Deleted: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class

03/01/2011 04:22:02 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe By hash

03/01/2011 04:22:09 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class

03/01/2011 04:22:11 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 04:22:12 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class

03/01/2011 04:22:17 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class

03/01/2011 04:22:21 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:22:23 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class

03/01/2011 04:22:28 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:22:28 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class

03/01/2011 04:22:30 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 36.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe

03/01/2011 04:22:31 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class

03/01/2011 04:22:37 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 By hash

03/01/2011 04:22:37 Overwritten with a copy disinfected earlier: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282

03/01/2011 04:22:37 Disinfected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282

03/01/2011 04:22:43 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e By hash

03/01/2011 04:22:43 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e

03/01/2011 04:22:43 Disinfected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 34.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e

03/01/2011 04:23:16 Detected: Trojan-PSW.Win32.LdPinch.aroh F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 37.zip/C\Users\Mike\Desktop\PROGS\Malwarebytes' Anti-Malware 1.45 + Keygen-Lz0\Keymaker.exe

03/01/2011 04:23:31 Deleted: Trojan-PSW.Win32.LdPinch.aroh F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 37.zip/C\Users\Mike\Desktop\PROGS\Malwarebytes' Anti-Malware 1.45 + Keygen-Lz0\Keymaker.exe

03/01/2011 04:24:47 Detected: Trojan-Spy.HTML.Fraud.gen F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-21 190003\Backup files 5.zip/C\Users\Mike\AppData\Local\Microsoft\Windows Live Mail\pop3.blueyo 6c8\Inbox\3F5C5702-0000216C.eml

03/01/2011 04:27:51 Detected: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class

03/01/2011 04:32:26 Deleted: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class

03/01/2011 04:32:31 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class

03/01/2011 04:32:36 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class

03/01/2011 04:32:41 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 By hash

03/01/2011 04:32:41 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399

03/01/2011 04:32:41 Disinfected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-11-28 190003\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399

03/01/2011 04:36:33 Detected: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-12-12 194914\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class

03/01/2011 04:37:16 Deleted: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-12-12 194914\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class

03/01/2011 04:37:22 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-12-12 194914\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class

03/01/2011 04:37:24 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-11-21 190003\Backup Files 2010-12-12 194914\Backup files 2.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class

03/01/2011 04:42:11 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class

03/01/2011 04:42:35 Detected: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe

03/01/2011 04:44:32 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class

03/01/2011 04:44:38 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class

03/01/2011 04:44:46 Deleted: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe

03/01/2011 04:44:48 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class

03/01/2011 04:44:53 Detected: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe

03/01/2011 04:44:54 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class

03/01/2011 04:44:54 Deleted: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe

03/01/2011 04:44:55 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class

03/01/2011 04:45:01 Detected: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class

03/01/2011 04:45:01 Detected: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe

03/01/2011 04:45:02 Deleted: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class

03/01/2011 04:45:04 Deleted: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe

03/01/2011 04:45:07 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class

03/01/2011 04:45:10 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class

03/01/2011 04:45:12 Detected: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe/Armadillo

03/01/2011 04:45:13 Deleted: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe

03/01/2011 04:45:17 Detected: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class

03/01/2011 04:45:18 Deleted: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class

03/01/2011 04:45:24 Detected: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class

03/01/2011 04:45:25 Deleted: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class

03/01/2011 04:45:31 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class

03/01/2011 04:45:32 Deleted: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class

03/01/2011 04:45:38 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed By hash

03/01/2011 04:45:38 Overwritten with a copy disinfected earlier: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed

03/01/2011 04:45:38 Disinfected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed

03/01/2011 04:45:43 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 04:45:44 Detected: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class

03/01/2011 04:45:57 Deleted: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class

03/01/2011 04:46:02 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:46:02 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class

03/01/2011 04:46:04 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class

03/01/2011 04:46:08 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:46:10 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe

03/01/2011 04:46:12 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class

03/01/2011 04:46:14 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class

03/01/2011 04:46:16 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe By hash

03/01/2011 04:46:19 Detected: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class

03/01/2011 04:46:21 Deleted: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class

03/01/2011 04:46:25 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 04:46:26 Detected: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class

03/01/2011 04:46:28 Deleted: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class

03/01/2011 04:46:32 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:46:34 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class

03/01/2011 04:46:35 Deleted: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class

03/01/2011 04:46:38 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:46:38 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe

03/01/2011 04:46:42 Detected: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class

03/01/2011 04:46:43 Deleted: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class

03/01/2011 04:46:45 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe By hash

03/01/2011 04:46:46 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe

03/01/2011 04:46:51 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class

03/01/2011 04:46:53 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class

03/01/2011 04:46:54 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe By hash

03/01/2011 04:46:59 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class

03/01/2011 04:47:00 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class

03/01/2011 04:47:03 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 04:47:05 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class

03/01/2011 04:47:06 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class

03/01/2011 04:47:11 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 04:47:12 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 By hash

03/01/2011 04:47:12 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399

03/01/2011 04:47:12 Disinfected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399

03/01/2011 04:47:18 Detected: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class

03/01/2011 04:47:18 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 04:47:19 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 34.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe

03/01/2011 04:47:19 Deleted: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class

03/01/2011 04:47:25 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class

03/01/2011 04:47:26 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class

03/01/2011 04:47:32 Detected: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class

03/01/2011 04:47:34 Deleted: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class

03/01/2011 04:47:40 Detected: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class

03/01/2011 04:47:41 Deleted: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class

03/01/2011 04:47:46 Detected: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class

03/01/2011 04:47:48 Deleted: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class

03/01/2011 04:47:56 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class

03/01/2011 04:47:57 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class

03/01/2011 04:48:03 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class

03/01/2011 04:48:04 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class

03/01/2011 04:48:10 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class

03/01/2011 04:48:12 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class

03/01/2011 04:48:17 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 By hash

03/01/2011 04:48:17 Overwritten with a copy disinfected earlier: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282

03/01/2011 04:48:17 Disinfected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282

03/01/2011 04:48:23 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e By hash

03/01/2011 04:48:23 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e

03/01/2011 04:48:23 Disinfected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-19 213957\Backup Files 2010-12-19 213957\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e

03/01/2011 04:50:40 Detected: Trojan-Downloader.Win32.FraudLoad.hix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 1.zip/C\Users\Mike\AppData\Roaming\dwm.exe

03/01/2011 04:52:36 Deleted: Trojan-Downloader.Win32.FraudLoad.hix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 1.zip/C\Users\Mike\AppData\Roaming\dwm.exe

03/01/2011 04:52:42 Detected: Trojan-Downloader.Win32.FraudLoad.hix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 1.zip/C\Users\Mike\AppData\Roaming\Microsoft\conhost.exe

03/01/2011 04:52:51 Deleted: Trojan-Downloader.Win32.FraudLoad.hix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 1.zip/C\Users\Mike\AppData\Roaming\Microsoft\conhost.exe

03/01/2011 04:59:22 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class

03/01/2011 04:59:33 Detected: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe

03/01/2011 05:00:50 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/Changes.class

03/01/2011 05:00:56 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class

03/01/2011 05:01:02 Deleted: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe

03/01/2011 05:01:04 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyBuilds.class

03/01/2011 05:01:09 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class

03/01/2011 05:01:11 Deleted: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\685b2441-5915d963/sunny/MyFiles.class

03/01/2011 05:01:11 Detected: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe

03/01/2011 05:01:13 Deleted: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe

03/01/2011 05:01:16 Detected: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class

03/01/2011 05:01:18 Deleted: Trojan-Downloader.Java.OpenConnection.bu F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/a.class

03/01/2011 05:01:21 Detected: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe

03/01/2011 05:01:22 Deleted: Trojan-Dropper.Win32.Delf.eix F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\ProcessWatch.exe

03/01/2011 05:01:24 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class

03/01/2011 05:01:25 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\674cc08c-4354f58c/bpac/KAVS.class

03/01/2011 05:01:29 Detected: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe/Armadillo

03/01/2011 05:01:31 Deleted: Trojan-Dropper.Win32.Delf.epx F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 32.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\update-cracked.exe

03/01/2011 05:01:32 Detected: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class

03/01/2011 05:01:34 Deleted: Exploit.Java.CVE-2009-3867.h F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/C.class

03/01/2011 05:01:39 Detected: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class

03/01/2011 05:01:40 Deleted: Exploit.Java.CVE-2009-3867.g F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/F.class

03/01/2011 05:01:46 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class

03/01/2011 05:01:47 Deleted: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\31be8954-3ddaac53/Google.class

03/01/2011 05:01:53 Detected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed By hash

03/01/2011 05:01:53 Overwritten with a copy disinfected earlier: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed

03/01/2011 05:01:53 Disinfected: Exploit.Java.Agent.ca F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\339da2d5-3d2dcfed

03/01/2011 05:01:59 Detected: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class

03/01/2011 05:02:00 Deleted: Trojan-Downloader.Java.OpenConnection.ay F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/a.class

03/01/2011 05:02:03 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 05:02:05 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class

03/01/2011 05:04:53 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\363322d9-10f55a0f/bpac/KAVS.class

03/01/2011 05:04:57 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 05:05:01 Detected: Trojan-Downloader.Java.OpenConnection.cp F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2172b79c-4e09b711/yandex/xmlparser.class

03/01/2011 05:05:02 Deleted: Trojan-Downloader.Java.OpenConnection.cp F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2172b79c-4e09b711/yandex/xmlparser.class

03/01/2011 05:05:03 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 05:05:03 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe

03/01/2011 05:05:08 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class

03/01/2011 05:05:09 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\76d1f95c-10043dbd/ExecService.class

03/01/2011 05:05:10 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe By hash

03/01/2011 05:05:15 Detected: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class

03/01/2011 05:05:17 Deleted: Exploit.Java.Agent.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/AdgredY.class

03/01/2011 05:05:19 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 05:05:22 Detected: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class

03/01/2011 05:05:23 Deleted: Trojan-Downloader.Java.Agent.cd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/DyesyasZ.class

03/01/2011 05:05:26 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 05:05:29 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class

03/01/2011 05:05:31 Deleted: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\604e89f-6102a9c5/dev/s/LoaderX.class

03/01/2011 05:05:32 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 05:05:33 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe

03/01/2011 05:05:38 Detected: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class

03/01/2011 05:05:40 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe By hash

03/01/2011 05:05:40 Deleted: Exploit.Java.Agent.ax F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6d2a327-2004ba00/AppleT.class

03/01/2011 05:05:46 Detected: Trojan-Downloader.Java.OpenConnection.cf F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\689c9629-2607a2b2/bpac/a.class

03/01/2011 05:05:47 Deleted: Trojan-Downloader.Java.OpenConnection.cf F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\689c9629-2607a2b2/bpac/a.class

03/01/2011 05:05:50 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 05:05:53 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\689c9629-2607a2b2/bpac/KAVS.class

03/01/2011 05:05:56 Deleted: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\689c9629-2607a2b2/bpac/KAVS.class

03/01/2011 05:05:58 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 05:06:03 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 05:06:04 Detected: Packed.Win32.Krap.ao F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6b487a6b-41d422fa

03/01/2011 05:06:05 Deleted: Packed.Win32.Krap.ao F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6b487a6b-41d422fa

03/01/2011 05:06:07 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe

03/01/2011 05:06:12 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class

03/01/2011 05:06:13 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe By hash

03/01/2011 05:06:13 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/AServers.class

03/01/2011 05:06:19 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class

03/01/2011 05:06:20 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server1.class

03/01/2011 05:06:22 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 05:06:25 Detected: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class

03/01/2011 05:06:27 Deleted: Trojan-Downloader.Java.Agent.fe F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1f28756c-58c656a2/javax/Server2.class

03/01/2011 05:06:30 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 05:06:34 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3fccfb32-29d8a6f0 By hash

03/01/2011 05:06:34 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3fccfb32-29d8a6f0

03/01/2011 05:06:34 Disinfected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3fccfb32-29d8a6f0

03/01/2011 05:06:36 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 05:06:38 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 33.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe

03/01/2011 05:06:40 Detected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399 By hash

03/01/2011 05:06:40 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399

03/01/2011 05:06:40 Disinfected: Trojan-Downloader.Java.OpenConnection.cg F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\74d2e8f2-28f91399

03/01/2011 05:06:46 Detected: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class

03/01/2011 05:06:48 Deleted: Exploit.Java.Agent.ar F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/Email.class

03/01/2011 05:06:53 Detected: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class

03/01/2011 05:06:54 Deleted: Exploit.Java.Agent.as F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\68e558f5-1ad5c41a/ExecService.class

03/01/2011 05:07:01 Detected: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class

03/01/2011 05:07:03 Deleted: Trojan-Downloader.Java.Agent.fl F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/AdgredY.class

03/01/2011 05:07:08 Detected: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class

03/01/2011 05:07:09 Deleted: Trojan-Downloader.Java.Agent.fk F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/DyesyasZ.class

03/01/2011 05:07:15 Detected: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class

03/01/2011 05:07:17 Deleted: Trojan-Downloader.Java.Agent.fj F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\717752f6-6680f06a/dev/s/LoaderX.class

03/01/2011 05:07:22 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class

03/01/2011 05:07:24 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/AServers.class

03/01/2011 05:07:29 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class

03/01/2011 05:07:31 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server1.class

03/01/2011 05:07:36 Detected: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class

03/01/2011 05:07:37 Deleted: Trojan-Downloader.Java.Agent.fd F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\413705f7-20309c7b/total/Server2.class

03/01/2011 05:07:43 Detected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282 By hash

03/01/2011 05:07:43 Overwritten with a copy disinfected earlier: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282

03/01/2011 05:07:43 Disinfected: Exploit.Java.CVE-2009-3867.f F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\66395eb7-62a14282

03/01/2011 05:07:48 Detected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e By hash

03/01/2011 05:07:48 Overwritten with a copy disinfected earlier: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e

03/01/2011 05:07:48 Disinfected: Trojan-Downloader.Java.OpenStream.al F:\MIKE-PC\Backup Set 2010-12-26 190003\Backup Files 2010-12-26 190003\Backup files 30.zip/C\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6c1c2efb-18b51a3e

03/01/2011 05:15:27 Detected: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 18.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe

03/01/2011 05:15:29 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 05:17:45 Deleted: Trojan-Dropper.Win32.Delf.grz F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 18.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\Ad-Watch2007.exe

03/01/2011 05:17:53 Detected: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 18.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe

03/01/2011 05:17:59 Deleted: Trojan-Dropper.Win32.Delf.eiw F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 18.zip/C\Users\Mike\Desktop\OEView\programs\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3-DVT\crack\HostFileEditor.exe

03/01/2011 05:18:04 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 05:18:10 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe/screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 05:18:13 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\Movie Magic Screenwriter 2000.exe

03/01/2011 05:18:19 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe By hash

03/01/2011 05:18:27 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 05:18:34 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 05:18:39 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 05:18:39 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\moviemagicscreenwriter\screenwriter 2000 setup.exe

03/01/2011 05:18:47 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe By hash

03/01/2011 05:20:01 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 05:20:08 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 05:20:14 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 05:20:15 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter\Moviemagic\screenwriter 2000 setup.exe

03/01/2011 05:20:21 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe By hash

03/01/2011 05:20:29 Detected: Backdoor.Win32.SdBot.uwj F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/WRS32.DLL

03/01/2011 05:20:37 Detected: Backdoor.Win32.SdBot.qzd F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/netpub.exe/Shrinker

03/01/2011 05:20:42 Detected: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe/ClibPDF.dll

03/01/2011 05:20:43 Deleted: Backdoor.Win32.SdBot.uwi F:\MIKE-PC\Backup Set 2010-12-27 200628\Backup Files 2011-01-02 190004\Backup files 19.zip/C\Users\Mike\Desktop\OEView\programs\SCRIPTING\screenwriter2000\screenwriter 2000 setup.exe

03/01/2011 05:23:00 Task completed

Link to post
Share on other sites

I'll try - but I may have found main cause. I think it's a keygen wh. produced the same restricted downloading effects on another computer. Someone on a site identified it, apparently through AVG, as:

"Trojan Horse Downloader.Banload.BDGN"

I did System Restore on the other computer - and the effects were gone - although the fact that I had already shredded the keygen may have helped.

I installed AVG on this computer & scanned - but it didn't come up with that Trojan, only FakeAlert..

I'll try a Dr Web scan, but I'll check back in case you have any other ideas. [The other thing BTW is that OTL on Dec 30 02.53 with your Custom Fixes paste DID cure the problem - even if only temporarily till the Combofix cleanup]

P.S. Dr Web in Safe Mode was shaping to be 24 hour scan - I tried again last night & stopped after it had only made B folders after 3 hours.

Thanks again. This is a tough one!

Link to post
Share on other sites

Dr Web after a 20 hour scan came up with 0 - no viruses, nothing, (although it had found & perhaps removed one on first go).

Below is the DDS file. Please correct me, but my impression is my computer is fairly clean now - all these tests have removed assorted stuff esp. what remained from recent attacks like the searchqu.com-related stuff.

What I've been complaining of most recently - being blocked from many sites - isn't a virus, it's MALWAREBYTES. I just discovered yesterday that the prog. blocks a whole slew of P2P & similar sites, some a lot less malicious than others. So I disabled Website blocking & I can get back on all the sites. [if Mbam were more explicit about this, we'd both have saved time].

Seems like problems over. But a great many thanks for your help & persistence. It's v. much appreciated. [My last post BTW was based on misniformation - I switched to AVG needlessly because of it].

DDS (Ver_10-12-12.02) - NTFSx86

Run by Mike at 21:35:38.50 on 05/01/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3071.1396 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\system32\taskhost.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mike\Desktop\dds.com

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\9uofxkrf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\mike\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

FF - Ext: CookieSafe: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} - %profile%\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}

FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

FF - Ext: AthensToolbar: {B22E157D-283C-498f-9554-C3A80E841E91} - %profile%\extensions\{B22E157D-283C-498f-9554-C3A80E841E91}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

R0 54468372;54468372 Boot Guard Driver;c:\windows\system32\drivers\54468372.sys [2011-1-2 37392]

R0 99184672;99184672 Boot Guard Driver;c:\windows\system32\drivers\99184672.sys [2011-1-2 37392]

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 54468371;54468371;c:\windows\system32\drivers\54468371.sys [2011-1-2 128016]

R1 99184671;99184671;c:\windows\system32\drivers\99184671.sys [2011-1-2 128016]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]

R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-5-21 90112]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-27 363344]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-27 20952]

RUnknown DwProt;DwProt; [x]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 utk0mjc1;AVZ Kernel Driver;c:\windows\system32\drivers\utk0mjc1.sys [2011-1-3 7168]

=============== Created Last 30 ================

2011-01-05 14:38:03 -------- d-----w- c:\program files\The KMPlayer

2011-01-04 15:38:49 -------- d-----w- c:\users\mike\appdata\roaming\AVG10

2011-01-04 15:37:44 -------- d--h--w- c:\progra~2\Common Files

2011-01-04 15:36:48 -------- d-----w- c:\windows\system32\drivers\AVG

2011-01-04 15:36:48 -------- d-----w- c:\progra~2\AVG10

2011-01-04 15:36:08 -------- d-----w- c:\program files\AVG

2011-01-04 15:28:13 -------- d-----w- c:\progra~2\MFAData

2011-01-03 15:13:13 497664 ----a-w- c:\windows\system32\ac3filter.acm

2011-01-03 15:13:12 -------- d-----w- c:\program files\AC3Filter

2011-01-03 15:03:24 -------- d-----w- c:\users\mike\appdata\roaming\Local

2011-01-03 05:34:09 -------- d-----w- c:\users\mike\DoctorWeb

2011-01-03 03:37:39 7168 ----a-w- c:\windows\system32\drivers\utk0mjc1.sys

2011-01-02 23:05:38 37392 ----a-w- c:\windows\system32\drivers\99184672.sys

2011-01-02 23:05:38 311312 ----a-w- c:\windows\system32\drivers\9918467.sys

2011-01-02 23:05:38 128016 ----a-w- c:\windows\system32\drivers\99184671.sys

2011-01-02 21:23:41 -------- d-----w- c:\progra~2\Kaspersky Lab

2011-01-02 21:22:52 37392 ----a-w- c:\windows\system32\drivers\54468372.sys

2011-01-02 21:22:52 311312 ----a-w- c:\windows\system32\drivers\5446837.sys

2011-01-02 21:22:52 128016 ----a-w- c:\windows\system32\drivers\54468371.sys

2011-01-01 12:15:12 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{947a07e2-2b59-42e2-8214-d44340fb5b04}\mpengine.dll

2010-12-30 19:03:15 -------- d-----w- C:\_OTL

2010-12-30 00:22:45 -------- d-----w- c:\program files\ESET

2010-12-29 18:57:09 -------- d-----w- c:\users\mike\appdata\local\Apple Computer

2010-12-29 18:37:41 -------- d-sh--w- C:\$RECYCLE.BIN

2010-12-29 18:37:37 -------- d-----w- c:\users\mike\appdata\local\temp

2010-12-27 21:05:43 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-12-27 18:44:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-27 18:44:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-27 18:07:21 388096 ----a-r- c:\users\mike\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-12-27 18:07:21 -------- d-----w- c:\program files\Trend Micro

2010-12-27 16:37:15 -------- d--h--w- c:\windows\PIF

2010-12-27 03:00:18 -------- d-----w- c:\program files\YouTube Downloader

2010-12-25 15:07:43 -------- d-----w- c:\program files\Seagate

2010-12-25 15:05:51 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2010-12-08 04:12:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys

==================== Find3M ====================

2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll

2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll

2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe

2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

============= FINISH: 21:36:53.53 ===============

Link to post
Share on other sites

it's MALWAREBYTES

Yes, that explains a lot. :blink:

Instead of disabling the IP protection you can also put the IP adresses of the blocked websites on the ignore list:

How can I add an IP so it won't be detected and can access a site I need to?

Visit the site and incur an IP block. Then right-click on the Malwarebytes system-tray icon after the block notification appears, and choose Add to Ignore List.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.