Trojan vundo,adwares,rogue ascentive etc...

View previous topic View next topic Go down

Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 31st January 2010, 1:33 am

please help me out here's my hijackthis log :




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:57 AM, on 1/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\Documents and Settings\B A T M AN\Desktop\WinPatrol\winpatrol.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" A4 Tech USB PC Camera
O4 - HKLM\..\Run: [WinPatrol] C:\Documents and Settings\B A T M AN\Desktop\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C76C76C-55F3-45FE-9541-77FA1B6130AD}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C76C76C-55F3-45FE-9541-77FA1B6130AD}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C76C76C-55F3-45FE-9541-77FA1B6130AD}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7848 bytes

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 31st January 2010, 2:16 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 31st January 2010, 6:41 am

Malwarebytes' Anti-Malware 1.44
Database version: 3665
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/31/2010 2:16:18 PM
mbam-log-2010-01-31 (14-16-18).txt

Scan type: Quick Scan
Objects scanned: 131748
Time elapsed: 10 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 31st January 2010, 8:09 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 1st February 2010, 12:54 am

OTL logfile created on: 2/1/2010 8:28:12 AM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\B A T M AN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.48 Gb Total Space | 0.84 Gb Free Space | 2.44% Space Free | Partition Type: NTFS
Drive D: | 40.04 Gb Total Space | 27.17 Gb Free Space | 67.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 19.53 Gb Total Space | 5.46 Gb Free Space | 27.97% Space Free | Partition Type: NTFS
Drive G: | 17.73 Gb Total Space | 0.76 Gb Free Space | 4.30% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINDOWSX-A4F882
Current User Name: B A T M AN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/01 08:03:30 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B A T M AN\Desktop\OTL.exe
PRC - [2010/01/29 06:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/01/29 06:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/22 14:30:16 | 000,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/10/11 05:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Documents and Settings\B A T M AN\Desktop\WinPatrol\WinPatrol.exe
PRC - [2009/03/09 05:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/08/30 17:43:18 | 000,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2007/06/27 09:49:20 | 000,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/23 17:54:04 | 000,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2006/12/14 17:49:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/08/04 09:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 09:07:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/02/24 16:00:40 | 000,049,152 | ---- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXE
PRC - [1999/12/13 09:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/01 08:03:30 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B A T M AN\Desktop\OTL.exe
MOD - [2007/03/27 02:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Documents and Settings\B A T M AN\Desktop\WinPatrol\patrolpro.dll
MOD - [2004/08/04 09:07:00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/29 06:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/29 06:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/29 06:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/22 14:30:16 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/04/11 19:07:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/09 05:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2007/06/29 21:05:00 | 000,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007/06/27 09:49:20 | 000,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2006/12/23 17:54:04 | 000,262,144 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/12/14 17:49:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2004/08/04 09:07:00 | 000,064,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [1999/12/13 09:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2010/01/29 05:57:55 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/01/29 05:57:34 | 000,163,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/01/29 05:54:42 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/01/29 05:54:16 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/29 05:54:05 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/01/29 05:53:50 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/08/21 01:58:58 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/07/11 12:07:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/11 12:07:15 | 004,424,192 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/27 09:58:16 | 002,303,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/01/25 21:57:08 | 000,020,544 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS -- (SSFS0509)
DRV - [2006/04/13 09:04:39 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/13 09:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/13 09:04:39 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/10/13 08:15:18 | 000,124,928 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2005/10/13 08:15:18 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2005/10/13 08:15:18 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 09:07:00 | 000,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2004/08/04 09:07:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 09:07:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 09:07:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 09:07:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 09:07:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/02/11 15:13:20 | 000,090,527 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/16 21:18:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/14 21:10:36 | 000,000,000 | ---D | M]

[2009/03/28 21:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B A T M AN\Application Data\Mozilla\Extensions
[2009/03/28 21:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B A T M AN\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/01 07:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B A T M AN\Application Data\Mozilla\Firefox\Profiles\dj72o076.default\extensions
[2010/01/25 11:20:08 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\B A T M AN\Application Data\Mozilla\Firefox\Profiles\dj72o076.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/28 10:10:57 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Application Data\Mozilla\Firefox\Profiles\dj72o076.default\searchplugins\amazondotcom.xml
[2009/11/09 05:29:57 | 000,002,233 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Application Data\Mozilla\Firefox\Profiles\dj72o076.default\searchplugins\askcom.xml
[2009/05/29 09:37:01 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Application Data\Mozilla\Firefox\Profiles\dj72o076.default\searchplugins\ebay.xml
[2009/11/03 17:47:41 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Application Data\Mozilla\Firefox\Profiles\dj72o076.default\searchplugins\mywebsearch.xml
[2009/03/16 13:15:16 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Application Data\Mozilla\Firefox\Profiles\dj72o076.default\searchplugins\sweetim.xml
[2010/02/01 07:52:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009/05/22 07:43:24 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwinzy116.xml
[2009/05/23 23:28:42 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\kwinzy119.xml

O1 HOSTS File: ([2010/01/22 20:36:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG)
O4 - HKLM..\Run: [WinPatrol] C:\Documents and Settings\B A T M AN\Desktop\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.126.40.5 222.127.143.5
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\B A T M AN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\B A T M AN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/05 23:07:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/27 16:17:54 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2388f042-ab2c-11de-8aac-001cc03b2aa0}\Shell\AutoRun\command - "" = F:\dhrhyje.bat -- File not found
O33 - MountPoints2\{2388f042-ab2c-11de-8aac-001cc03b2aa0}\Shell\open\Command - "" = F:\dhrhyje.bat -- File not found
O33 - MountPoints2\{33848dfa-b57a-11de-8acd-001cc03b2aa0}\Shell\AutoRun\command - "" = F:\dhrhyje.bat -- File not found
O33 - MountPoints2\{33848dfa-b57a-11de-8acd-001cc03b2aa0}\Shell\open\Command - "" = F:\dhrhyje.bat -- File not found
O33 - MountPoints2\{33848dfb-b57a-11de-8acd-001cc03b2aa0}\Shell\AutoRun\command - "" = G:\dhrhyje.bat -- File not found
O33 - MountPoints2\{33848dfb-b57a-11de-8acd-001cc03b2aa0}\Shell\open\Command - "" = G:\dhrhyje.bat -- File not found
O33 - MountPoints2\{4c26294b-099b-11de-889d-001cc03b2aa0}\Shell - "" = AutoRun
O33 - MountPoints2\{4c26294b-099b-11de-889d-001cc03b2aa0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{652599b8-4503-11de-897a-001cc03b2aa0}\Shell\AutoRun\command - "" = H:\dhrhyje.bat -- File not found
O33 - MountPoints2\{652599b8-4503-11de-897a-001cc03b2aa0}\Shell\open\Command - "" = H:\dhrhyje.bat -- File not found
O33 - MountPoints2\{6c9bfe36-2651-11de-88f3-001cc03b2aa0}\Shell\AutoRun\command - "" = F:\1ogf.exe -- File not found
O33 - MountPoints2\{6c9bfe36-2651-11de-88f3-001cc03b2aa0}\Shell\open\Command - "" = F:\1ogf.exe -- File not found
O33 - MountPoints2\{88e2cdd6-1c26-11de-88d0-001cc03b2aa0}\Shell\AutoRun\command - "" = H:\dhrhyje.bat -- File not found
O33 - MountPoints2\{88e2cdd6-1c26-11de-88d0-001cc03b2aa0}\Shell\open\Command - "" = H:\dhrhyje.bat -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/01 08:03:29 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\B A T M AN\Desktop\OTL.exe
[2010/01/31 19:37:55 | 022,159,766 | ---- | C] (Agnitum, Ltd. ) -- C:\Documents and Settings\B A T M AN\Desktop\OutpostFreeInstall64.exe
[2010/01/31 18:29:44 | 000,163,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/31 18:29:44 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/31 18:29:43 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/31 18:29:42 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/31 18:29:41 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/31 18:29:40 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/31 18:29:38 | 000,028,240 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/31 18:28:46 | 000,152,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/31 18:28:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/01/31 13:01:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/31 13:01:42 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/31 13:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/30 17:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/30 17:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Application Data\SUPERAntiSpyware.com
[2010/01/30 17:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/30 17:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/30 12:32:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\B A T M AN\Recent
[2010/01/28 22:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Application Data\Comodo
[2010/01/28 22:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/01/28 21:55:27 | 045,174,032 | ---- | C] (COMODO) -- C:\Documents and Settings\B A T M AN\Desktop\CIS_Setup_3.13.125662.579_XP_Vista_x32.exe
[2010/01/28 14:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Desktop\WinPatrol
[2010/01/28 14:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Application Data\WinPatrol
[2010/01/28 14:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/01/28 14:21:04 | 000,993,992 | ---- | C] (BillP Studios) -- C:\Documents and Settings\B A T M AN\Desktop\wpcsetup.exe
[2010/01/27 16:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Desktop\Autoruns
[2010/01/27 16:09:39 | 000,670,072 | ---- | C] (Sysinternals - [You must be registered and logged in to see this link.] -- C:\Documents and Settings\B A T M AN\Desktop\autoruns.exe
[2010/01/27 16:09:39 | 000,559,992 | ---- | C] (Sysinternals - [You must be registered and logged in to see this link.] -- C:\Documents and Settings\B A T M AN\Desktop\autorunsc.exe
[2010/01/27 15:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Application Data\Uniblue
[2010/01/26 22:01:54 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\B A T M AN\Desktop\RootRepeal.exe
[2010/01/26 18:18:33 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\B A T M AN\Desktop\fsbl.exe
[2010/01/26 12:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2010/01/26 12:38:27 | 010,314,752 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\B A T M AN\Desktop\cbSetup BACK UP.exe
[2010/01/26 02:42:36 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/01/25 20:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Local Settings\Application Data\VS Revo Group
[2010/01/25 20:40:55 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2010/01/25 20:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/01/25 20:31:34 | 009,476,032 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\B A T M AN\Desktop\RevoUninProSetup.exe
[2010/01/24 16:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/24 16:45:09 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\B A T M AN\Desktop\HJTInstall.exe
[2010/01/23 23:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Desktop\CCleaner
[2010/01/23 23:33:52 | 003,357,024 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\B A T M AN\Desktop\ccsetup227.exe
[2010/01/23 23:27:03 | 000,310,168 | ---- | C] (Zemana Ltd.) -- C:\Documents and Settings\B A T M AN\Desktop\keyboard.exe
[2010/01/23 20:51:56 | 005,207,047 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\B A T M AN\Desktop\stinger1001688.exe
[2010/01/23 20:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Application Data\Malwarebytes
[2010/01/23 20:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/23 20:16:23 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\B A T M AN\Desktop\mbam-setup.exe
[2010/01/22 20:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/01/22 20:08:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/01/22 14:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/22 14:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Local Settings\Application Data\Temp
[2010/01/22 14:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/22 14:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Local Settings\Application Data\Google
[2010/01/22 14:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/01/22 14:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/22 14:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/21 23:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Desktop\gravity_files
[2010/01/21 19:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/01/18 15:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B A T M AN\Application Data\Apple Computer
[2010/01/16 08:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/01/14 07:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/11/21 08:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/04/23 18:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2009/04/23 18:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2009/04/23 18:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
[2009/04/23 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
[2009/03/08 15:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/03/05 23:14:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/03/05 23:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/05 23:13:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/05 23:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/01 08:22:30 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/01 08:22:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2010/02/01 08:21:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 08:20:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/01 08:19:21 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\B A T M AN\ntuser.dat
[2010/02/01 08:19:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\B A T M AN\ntuser.ini
[2010/02/01 08:03:30 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B A T M AN\Desktop\OTL.exe
[2010/01/31 19:47:27 | 022,159,766 | ---- | M] (Agnitum, Ltd. ) -- C:\Documents and Settings\B A T M AN\Desktop\OutpostFreeInstall64.exe
[2010/01/31 18:34:09 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/31 18:30:19 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/01/31 18:29:45 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/01/31 18:07:20 | 042,044,328 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\setup_av_free.exe
[2010/01/31 13:01:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/31 13:00:28 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\B A T M AN\Desktop\mbam-setup.exe
[2010/01/31 11:27:46 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/01/31 11:27:24 | 000,022,981 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\She_lost_her_soul_to_him_by_dark_magician_girl14.png.jpg
[2010/01/30 22:35:49 | 000,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2010/01/30 19:46:58 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010/01/30 17:36:35 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/01/30 17:33:12 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\SUPERAntiSpywarePro.exe
[2010/01/29 06:09:26 | 000,152,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/29 05:57:55 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/29 05:57:34 | 000,163,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/29 05:54:42 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/29 05:54:16 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/29 05:54:12 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/29 05:54:05 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/29 05:53:50 | 000,028,240 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/28 22:03:25 | 045,174,032 | ---- | M] (COMODO) -- C:\Documents and Settings\B A T M AN\Desktop\CIS_Setup_3.13.125662.579_XP_Vista_x32.exe
[2010/01/28 14:21:15 | 000,993,992 | ---- | M] (BillP Studios) -- C:\Documents and Settings\B A T M AN\Desktop\wpcsetup.exe
[2010/01/27 21:48:07 | 000,018,900 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\donation_image.jpg
[2010/01/27 18:30:08 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/01/27 16:09:00 | 000,595,499 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\Autoruns.zip
[2010/01/27 13:58:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\settings.dat
[2010/01/26 22:02:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\B A T M AN\settings.dat
[2010/01/26 22:01:55 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\B A T M AN\Desktop\RootRepeal.exe
[2010/01/26 21:56:59 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\dds.scr
[2010/01/26 18:18:33 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\B A T M AN\Desktop\fsbl.exe
[2010/01/26 12:39:43 | 010,314,752 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\B A T M AN\Desktop\cbSetup BACK UP.exe
[2010/01/26 02:43:18 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\HijackThis.lnk
[2010/01/25 20:40:55 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/01/25 20:39:43 | 009,476,032 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\B A T M AN\Desktop\RevoUninProSetup.exe
[2010/01/24 16:45:09 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\B A T M AN\Desktop\HJTInstall.exe
[2010/01/23 23:38:10 | 000,001,511 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\CCleaner.lnk
[2010/01/23 23:35:34 | 003,357,024 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\B A T M AN\Desktop\ccsetup227.exe
[2010/01/23 23:27:04 | 000,310,168 | ---- | M] (Zemana Ltd.) -- C:\Documents and Settings\B A T M AN\Desktop\keyboard.exe
[2010/01/23 22:34:14 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\stinger1001688.opt
[2010/01/23 20:52:40 | 005,207,047 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\B A T M AN\Desktop\stinger1001688.exe
[2010/01/23 08:11:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/22 20:02:46 | 040,233,352 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\zaSetup_91_007_002_en.exe
[2010/01/22 14:34:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/01/22 14:11:53 | 040,146,416 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Desktop\setup_av_free_eng.exe
[2010/01/19 19:57:59 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/01/15 20:24:48 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\B A T M AN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 10:37:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 13:48:07 | 000,003,678 | RHS- | M] () -- C:\FS6519.dll.vbs
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/31 18:29:45 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/01/31 18:00:14 | 042,044,328 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\setup_av_free.exe
[2010/01/31 13:01:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/31 11:27:16 | 000,022,981 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\She_lost_her_soul_to_him_by_dark_magician_girl14.png.jpg
[2010/01/30 17:36:34 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/01/30 17:32:12 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\SUPERAntiSpywarePro.exe
[2010/01/28 23:42:49 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010/01/28 22:23:31 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/01/27 21:48:06 | 000,018,900 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\donation_image.jpg
[2010/01/27 16:09:39 | 000,048,904 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\autoruns.chm
[2010/01/27 16:08:52 | 000,595,499 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\Autoruns.zip
[2010/01/27 13:58:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\settings.dat
[2010/01/26 22:02:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\B A T M AN\settings.dat
[2010/01/26 21:56:59 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\dds.scr
[2010/01/25 20:40:55 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/01/24 16:45:16 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\HijackThis.lnk
[2010/01/23 23:38:09 | 000,001,511 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\CCleaner.lnk
[2010/01/23 22:34:14 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\stinger1001688.opt
[2010/01/22 19:31:10 | 040,233,352 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\zaSetup_91_007_002_en.exe
[2010/01/22 14:34:06 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/01/22 14:30:57 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/22 14:04:52 | 040,146,416 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Desktop\setup_av_free_eng.exe
[2010/01/21 09:06:29 | 005,767,168 | ---- | C] () -- C:\Documents and Settings\B A T M AN\ntuser.dat
[2010/01/06 13:48:07 | 000,003,678 | RHS- | C] () -- C:\FS6519.dll.vbs
[2009/10/25 18:01:49 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/10/02 15:48:15 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2009/06/09 18:28:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/06/09 18:23:58 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/24 22:26:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/03/06 22:55:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/06 01:29:05 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/06 01:29:03 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/06 01:29:03 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/06 01:29:03 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/06 01:29:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/06 01:29:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/06 00:44:30 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\B A T M AN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/05 23:50:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/05 23:37:29 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/08/04 09:07:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 09:07:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE2C623F
@Alternate Data Stream - 12 bytes -> C:\Documents and Settings\B A T M AN\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
< End of report >

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 1st February 2010, 1:01 am

OTL Extras logfile created on: 2/1/2010 8:28:12 AM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\B A T M AN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.48 Gb Total Space | 0.84 Gb Free Space | 2.44% Space Free | Partition Type: NTFS
Drive D: | 40.04 Gb Total Space | 27.17 Gb Free Space | 67.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 19.53 Gb Total Space | 5.46 Gb Free Space | 27.97% Space Free | Partition Type: NTFS
Drive G: | 17.73 Gb Total Space | 0.76 Gb Free Space | 4.30% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINDOWSX-A4F882
Current User Name: B A T M AN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\run messenger\Y!Multi Messenger.exe" = D:\run messenger\Y!Multi Messenger.exe:*:Disabled:Y!Multi Messenger -- (PS Soft)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\SmartWhois\sw.exe" = C:\Program Files\SmartWhois\sw.exe:*:Disabled:SmartWhois -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Disabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Disabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04677911-D5DC-C500-A4E8-2D5CCC9180E9}" = CCC Help Greek
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0629A9E3-42C3-38F4-7DE1-84647E9BE9CE}" = ccc-utility
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{15327F19-DCA5-D102-0A11-C8B213AC278A}" = Catalyst Control Center Localization Greek
"{170A555B-8B7C-18A7-FBB3-68FCD8171BEF}" = CCC Help English
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2100F7DB-91AA-8C7C-1917-E41BE3E06C64}" = CCC Help Dutch
"{23101306-56BD-BD95-DE03-907203A2D121}" = CCC Help Russian
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23F84188-E168-12FC-68E1-0BC2B9ADA0F7}" = CCC Help Thai
"{252E8DB0-E036-1BFD-D1BA-0434C3B66B41}" = ccc-core-preinstall
"{255B921D-AE7F-8C7A-ACEA-9C7420659DC5}" = Catalyst Control Center Localization Thai
"{25F78FDD-6D45-5229-3602-1026D916B534}" = CCC Help Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 13
"{281D1C3D-50DA-46B4-D3E3-B811A9A3E644}" = Catalyst Control Center Localization Dutch
"{2847E94E-E127-1018-BA2D-1B99C229BE71}" = CCC Help Polish
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C6D03AC-02ED-4417-9F40-6A0CB55CEF2B}" = ACDSee Photo Editor
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32AF8E1C-CCC7-78D0-1BD6-E48EFFBBEE92}" = Catalyst Control Center Localization French
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{385DFAC7-B31A-6FB0-1EB6-CD4854D55219}" = Catalyst Control Center Localization Swedish
"{3D6816CE-0943-85C8-8AB4-88C23C38CECB}" = Catalyst Control Center Localization Chinese Traditional
"{4026F0FC-CD1B-C487-B5C6-E815B258A1CA}" = Catalyst Control Center Graphics Light
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = A4 Tech USB PC Camera
"{44EBA8D8-C559-A742-692D-51D2049AB8F1}" = CCC Help Finnish
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45E5354A-2CB2-EB0B-D930-29F8DD9F17AC}" = CCC Help Turkish
"{4846B4A3-E2E3-61A3-2B9F-3674291C3C97}" = CCC Help Spanish
"{491E695B-D88A-96B3-5DD6-C8487E6CF145}" = CCC Help Swedish
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52DF099A-2A4A-4714-756F-3E4719FE4672}" = Skins
"{5399ACAF-7B15-43D5-9233-4E797B184FD2}" = AVIVO
"{54043BD9-50E5-96F0-D95F-E8BAACE26D89}" = Catalyst Control Center Localization Finnish
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B21299-1523-BA6D-CF0C-37122B5CB762}" = CCC Help Italian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.0.5
"{67E76212-F672-32C4-0828-5BE8F7B85966}" = Catalyst Control Center Graphics Full New
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6A9D8554-E01A-B116-C84D-810589D016A1}" = Catalyst Control Center Localization Japanese
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C144163-02C2-B57F-AB61-56DA5546B2BB}" = Catalyst Control Center Localization Spanish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74DF227F-21FD-1B67-B1C2-635B14A0158E}" = CCC Help Danish
"{76CA3745-48C8-1B2E-4090-56711467CD43}" = Catalyst Control Center Localization Portuguese
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B545503-5C31-B8A4-9B77-B6B99ADEC09D}" = Catalyst Control Center Localization Russian
"{7D4A509E-8F02-7850-5837-B50D08D47FF5}" = Catalyst Control Center Localization Czech
"{7DD3D82C-714A-F883-D93B-4C129D5FFA15}" = Catalyst Control Center Localization Norwegian
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7E95FCBF-A6E7-2475-7A87-C6D4A355AA66}" = Catalyst Control Center Localization German
"{8010923B-40C7-0ECC-95C5-50623E548D96}" = CCC Help Portuguese
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82CD426E-31DC-2F43-205E-E01E5C098F5A}" = CCC Help Chinese Traditional
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{920560B7-6A55-DC40-5525-5F44A494F740}" = CCC Help Czech
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9B56936D-273E-F723-89D1-6EB3FC858AB5}" = ccc-core-static
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B545059F-F74D-115D-2BAD-56555D575FCD}" = CCC Help Norwegian
"{B7757137-0A71-4A9F-8A82-1AE4A1B73420}" = Nokia Connectivity Cable Driver
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C03DF297-96AD-B6D5-92EA-D99F5D76E5A3}" = CCC Help German
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{C5DC3DD5-80E0-88B9-2AF4-DFBEF10E4EBB}" = CCC Help Chinese Standard
"{C66844A2-A373-1EEB-589E-AFD77E661FC9}" = Catalyst Control Center Core Implementation
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8781F28-84B1-4DBB-4627-951652B04293}" = CCC Help French
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.0
"{CC8EA619-F11E-AD1F-93B7-7B356752185A}" = Catalyst Control Center Localization Polish
"{CD13227D-2CA4-AB85-8674-5F6ADF42B882}" = Catalyst Control Center Localization Korean
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6FC3A76-C2BD-0B95-FB03-7EE37A8D2B21}" = Catalyst Control Center Localization Hungarian
"{D83D00F3-BBEF-B19D-5FE3-AA3C2BD726E3}" = Catalyst Control Center Localization Turkish
"{D966EC30-E3FF-9B17-BB68-2277D0870F5B}" = Catalyst Control Center Graphics Previews Common
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5ADC9FD-8C1F-456E-DFFB-716FE481C520}" = CCC Help Hungarian
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F30E3BD6-F658-FDC3-8FF7-13302359DDD8}" = CCC Help Korean
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4B265CB-59BF-CCB2-F606-B8D16EE2D8ED}" = Catalyst Control Center Localization Chinese Standard
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F860DD52-99C8-8746-1F2E-71A662B59FEA}" = Catalyst Control Center Graphics Full Existing
"{FAFDA3E9-7035-5EF2-679C-C787EFD01ADF}" = Catalyst Control Center Localization Danish
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB63CC95-17BA-A660-35EE-EAEBBA79C30C}" = Catalyst Control Center Localization Italian
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF059F2A-62A7-4E6A-B305-559591D2769E}" = Nokia PC Suite
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CobBackup9" = Cobian Backup 9
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Media Lite" = Creative Media Lite
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSN Toolbar" = MSN Toolbar
"MSNINST" = MSN
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZENStonePlusUG" = Creative ZEN Stone Plus User's Guide

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2010 4:41:05 PM | Computer Name = WINDOWSX-A4F882 | Source = Google Update | ID = 20
Description =

Error - 1/24/2010 5:41:05 PM | Computer Name = WINDOWSX-A4F882 | Source = Google Update | ID = 20
Description =

Error - 1/24/2010 6:41:08 PM | Computer Name = WINDOWSX-A4F882 | Source = Google Update | ID = 20
Description =

Error - 1/27/2010 2:32:39 AM | Computer Name = WINDOWSX-A4F882 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 1/27/2010 5:41:06 PM | Computer Name = WINDOWSX-A4F882 | Source = Google Update | ID = 20
Description =

Error - 1/27/2010 5:41:24 PM | Computer Name = WINDOWSX-A4F882 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/30/2010 1:17:00 AM | Computer Name = WINDOWSX-A4F882 | Source = MsiInstaller | ID = 11722
Description = Product: Java(TM) 6 Update 12 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action FilesInUseDialog,
location: C:\WINDOWS\Installer\MSI12.tmp, command: C:\Program Files\Java\jre6\

Error - 1/30/2010 9:28:49 AM | Computer Name = WINDOWSX-A4F882 | Source = Google Update | ID = 20
Description =

Error - 1/31/2010 2:25:32 AM | Computer Name = WINDOWSX-A4F882 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 1/31/2010 2:25:32 AM | Computer Name = WINDOWSX-A4F882 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 1/30/2010 8:33:41 PM | Computer Name = WINDOWSX-A4F882 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.102. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 1/30/2010 8:38:51 PM | Computer Name = WINDOWSX-A4F882 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.102. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 1/30/2010 8:38:51 PM | Computer Name = WINDOWSX-A4F882 | Source = BROWSER | ID = 8009
Description = The browser was unable to promote itself to master browser. The computer
that currently believes it is the master browser is TOSHIBA-PC.

Error - 1/30/2010 8:44:01 PM | Computer Name = WINDOWSX-A4F882 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.102. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 1/30/2010 8:49:11 PM | Computer Name = WINDOWSX-A4F882 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.102. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 1/30/2010 8:54:21 PM | Computer Name = WINDOWSX-A4F882 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.102. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 1/30/2010 8:55:34 PM | Computer Name = WINDOWSX-A4F882 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.102. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 1/30/2010 9:00:44 PM | Computer Name = WINDOWSX-A4F882 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.102. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 1/30/2010 9:05:55 PM | Computer Name = WINDOWSX-A4F882 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.102. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 1/31/2010 7:38:01 PM | Computer Name = WINDOWSX-A4F882 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 001CC03B2AA0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 1st February 2010, 1:09 am

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 13

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
    FF - prefs.js..browser.search.order.1: "Ask.com"
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O33 - MountPoints2\{2388f042-ab2c-11de-8aac-001cc03b2aa0}\Shell\AutoRun\command - "" = F:\dhrhyje.bat -- File not found
    O33 - MountPoints2\{2388f042-ab2c-11de-8aac-001cc03b2aa0}\Shell\open\Command - "" = F:\dhrhyje.bat -- File not found
    O33 - MountPoints2\{33848dfa-b57a-11de-8acd-001cc03b2aa0}\Shell\AutoRun\command - "" = F:\dhrhyje.bat -- File not found
    O33 - MountPoints2\{33848dfa-b57a-11de-8acd-001cc03b2aa0}\Shell\open\Command - "" = F:\dhrhyje.bat -- File not found
    O33 - MountPoints2\{33848dfb-b57a-11de-8acd-001cc03b2aa0}\Shell\AutoRun\command - "" = G:\dhrhyje.bat -- File not found
    O33 - MountPoints2\{33848dfb-b57a-11de-8acd-001cc03b2aa0}\Shell\open\Command - "" = G:\dhrhyje.bat -- File not found
    O33 - MountPoints2\{4c26294b-099b-11de-889d-001cc03b2aa0}\Shell - "" = AutoRun
    O33 - MountPoints2\{4c26294b-099b-11de-889d-001cc03b2aa0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{652599b8-4503-11de-897a-001cc03b2aa0}\Shell\AutoRun\command - "" = H:\dhrhyje.bat -- File not found
    O33 - MountPoints2\{652599b8-4503-11de-897a-001cc03b2aa0}\Shell\open\Command - "" = H:\dhrhyje.bat -- File not found
    O33 - MountPoints2\{6c9bfe36-2651-11de-88f3-001cc03b2aa0}\Shell\AutoRun\command - "" = F:\1ogf.exe -- File not found
    O33 - MountPoints2\{6c9bfe36-2651-11de-88f3-001cc03b2aa0}\Shell\open\Command - "" = F:\1ogf.exe -- File not found
    O33 - MountPoints2\{88e2cdd6-1c26-11de-88d0-001cc03b2aa0}\Shell\AutoRun\command - "" = H:\dhrhyje.bat -- File not found
    O33 - MountPoints2\{88e2cdd6-1c26-11de-88d0-001cc03b2aa0}\Shell\open\Command - "" = H:\dhrhyje.bat -- File not found
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
    [2010/01/06 13:48:07 | 000,003,678 | RHS- | M] () -- C:\FS6519.dll.vbs
    @Alternate Data Stream - 12 bytes -> C:\Documents and Settings\B A T M AN\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 1st February 2010, 1:24 am

========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{23B0D39A-E245-41B7-BF86-1238CF62625E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23B0D39A-E245-41B7-BF86-1238CF62625E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2388f042-ab2c-11de-8aac-001cc03b2aa0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2388f042-ab2c-11de-8aac-001cc03b2aa0}\ not found.
File F:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2388f042-ab2c-11de-8aac-001cc03b2aa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2388f042-ab2c-11de-8aac-001cc03b2aa0}\ not found.
File F:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33848dfa-b57a-11de-8acd-001cc03b2aa0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33848dfa-b57a-11de-8acd-001cc03b2aa0}\ not found.
File F:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33848dfa-b57a-11de-8acd-001cc03b2aa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33848dfa-b57a-11de-8acd-001cc03b2aa0}\ not found.
File F:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33848dfb-b57a-11de-8acd-001cc03b2aa0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33848dfb-b57a-11de-8acd-001cc03b2aa0}\ not found.
File G:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33848dfb-b57a-11de-8acd-001cc03b2aa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33848dfb-b57a-11de-8acd-001cc03b2aa0}\ not found.
File G:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c26294b-099b-11de-889d-001cc03b2aa0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c26294b-099b-11de-889d-001cc03b2aa0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c26294b-099b-11de-889d-001cc03b2aa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c26294b-099b-11de-889d-001cc03b2aa0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{652599b8-4503-11de-897a-001cc03b2aa0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{652599b8-4503-11de-897a-001cc03b2aa0}\ not found.
File H:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{652599b8-4503-11de-897a-001cc03b2aa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{652599b8-4503-11de-897a-001cc03b2aa0}\ not found.
File H:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c9bfe36-2651-11de-88f3-001cc03b2aa0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c9bfe36-2651-11de-88f3-001cc03b2aa0}\ not found.
File F:\1ogf.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c9bfe36-2651-11de-88f3-001cc03b2aa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c9bfe36-2651-11de-88f3-001cc03b2aa0}\ not found.
File F:\1ogf.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88e2cdd6-1c26-11de-88d0-001cc03b2aa0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88e2cdd6-1c26-11de-88d0-001cc03b2aa0}\ not found.
File H:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88e2cdd6-1c26-11de-88d0-001cc03b2aa0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88e2cdd6-1c26-11de-88d0-001cc03b2aa0}\ not found.
File H:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
C:\FS6519.dll.vbs moved successfully.
ADS C:\Documents and Settings\B A T M AN\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38} deleted successfully.

OTL by OldTimer - Version 3.1.27.1 log created on 02012010_091720

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 1st February 2010, 7:49 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 13

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 1st February 2010, 10:20 pm

gud morning here Smile, Java(TM) 6 Update 13 was already removed yesterday..as per checking i dont find it anymore in my add /remove programs.thanks

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 2nd February 2010, 10:52 pm

Hi I was waiting for your reply so what will i do next? Yesterday my mozilla crashed while im logged on to Facebook and your site only.Then after awhile there was a connection reset.Pls help me thank you.

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 3rd February 2010, 12:54 am

Your Firefox is slightly out of date anyhow, so update it and we'll see what happens then.

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 3rd February 2010, 1:03 am

Done... whats next? thanks Smile

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 3rd February 2010, 1:09 am

Let me know if the crashes still happen.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 3rd February 2010, 1:16 am

ok thanks so much Smile

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 3rd February 2010, 11:17 am

hello im back again with the crashed mozilla thing Smile....do i need to show what the report says?

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 3rd February 2010, 8:03 pm

Yes please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 3rd February 2010, 10:41 pm

good morning here Smile

here's the report:

Add-ons: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
BuildID: 20100115144158
CrashTime: 1265189932
EMCheckCompatibility: true
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1265158829
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 1493
StartupTime: 1265188457
Theme: classic/1.0
Throttleable: 1
URL: [You must be registered and logged in to see this link.]
Vendor: Mozilla
Version: 3.6

This report also contains technical information about the state of the application when it crashed.

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 4th February 2010, 11:21 pm

Good morning here Smile,

My mozilla went fine yesterday...updated all my applications and installed Sygate and Kerio personal firewall.For the meantime i used it alternately just to check which one is better.Is there anything more i should do with my PC?Thank you so much for taking your time out on your busy day just to help us.Smile

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 4th February 2010, 11:45 pm

Hello.
Not a problem, it could be one of those add-ons that are causing. Let me know if it crashes again and we'll stop them add-ons.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 4th February 2010, 11:49 pm

I'll keep in touch thanks Smile

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 5th February 2010, 11:06 pm

Good morning here Smile,

I'm back.and i need your help again...:)My webcam doesnt seem to work when im using my YM....do i need to upgrade my YM too?currently using YM version 8. Thanks.

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 5th February 2010, 11:23 pm

Never hurts to do so.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 6th February 2010, 1:06 am

done! Smile i'll just check my WC later as soon as someone goes online.Thanks again.

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 6th February 2010, 8:08 pm

Okay, standing by.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 6th February 2010, 10:10 pm

Good morning here Smile,
`
My WC's okey now...;) I just noticed something about my browser can u pls check this one....thanks.
(this is just a part of the whole page)
Yahoo! Web Search

* Hi, Guest
* Sign In
* Help

* Make Yahoo! your homepage
* Mail

Yahoo!

* Web
* Images
* Video
* Local
* Shopping
* More
o Answers
o News
o Advanced Search
o Search Shortcuts
o All Search Services
o Search Marketing

Search query
Options

* Advanced Search
* Preferences

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 7th February 2010, 1:11 am

Sites not loading properly I'm guessing?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 7th February 2010, 1:30 am

Oh ....ok Smile I guess im just being paranoid lately Big Grin thanks!

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 7th February 2010, 11:40 pm

Good morning here Smile,

Yesterday my WC 's not functioning again.. , having the hard time reinstalling it again and again... everytime i boot up .Just reinstalled it earlier and i hope this time it will work.

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by Belahzur on 8th February 2010, 12:02 am

Hmm, weird, it works, then doesn't work. Let me think
Are the webcam drivers the latest version?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan vundo,adwares,rogue ascentive etc...

Post by BAYONETTA on 8th February 2010, 12:20 am

wait let me check it Smile

BAYONETTA
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-01-31
OS OS : windows xp
Points Points : 25323
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum