Win32:malware-gen / Win32:trojan-gen

View previous topic View next topic Go down

Win32:malware-gen / Win32:trojan-gen

Post by tommehr on 26th May 2010, 1:01 pm

Hi,

Over the past week or so my laptop has been slowing down quite a bit so I decided to run some virus/spyware scans and try and clear everything up and get it running a bit more smoothly. It's running a lot better now but Avast has popped up with warnings of 'Win32:malware-gen' and 'Win32:trojan-gen' a few times. Having done a search and seen that some people had had some problems with these I thought it best to check that everything was alright. Interestingly, pretty much every reference to these viruses/spyware seems to come from someone operating Avast which makes me think that it might be a problem with that program.

I have updated Java, etc. and here is the OTL log:

OTL logfile created on: 26/05/2010 13:39:23 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Tom Rowberry\My Documents\Firefox Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 532.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.05 Gb Total Space | 1.48 Gb Free Space | 1.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ELEPHANT
Current User Name: Tom Rowberry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/25 22:53:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Rowberry\My Documents\Firefox Downloads\OTL.exe
PRC - [2009/11/25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2000/05/20 18:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/05/25 22:53:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Rowberry\My Documents\Firefox Downloads\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/09 16:52:30 | 002,478,640 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2010/01/25 11:02:20 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/03/26 17:15:24 | 002,789,672 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2008/12/15 15:52:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/15 12:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 12:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 12:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/01/07 00:22:04 | 000,530,816 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L6PODLV.sys -- (L6PODLV)
DRV - [2009/01/07 00:22:04 | 000,029,312 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l6dp.sys -- (L6DP)
DRV - [2008/10/06 11:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/09/15 08:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/09/15 08:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/09/15 08:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/15 08:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/11 11:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/23 22:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/29 11:11:41 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/04/24 09:20:26 | 000,042,112 | ---- | M] (Arovax, LLC) [Kernel | System | Running] -- C:\Program Files\Arovax Shield\dtd.sys -- (dtd)
DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/16 18:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/18 16:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/09/18 16:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/09/18 16:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/09/18 16:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/18 16:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 16:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/09/18 16:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/08/25 08:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/05/23 15:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/08 19:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/17 22:34:18 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mdm.sys -- (k510mdm)
DRV - [2006/02/17 22:34:16 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mdfl.sys -- (k510mdfl)
DRV - [2006/02/17 22:34:10 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus) Sony Ericsson K510 Driver driver (WDM)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/10/14 16:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 16:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 16:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 04:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 04:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 04:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/27 10:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 10:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 10:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/05/25 18:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/03/14 23:03:36 | 000,033,024 | R--- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwu2dtd.sys -- (HCWU2DTD)
DRV - [2005/01/26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/10 19:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 19:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/12/21 20:40:00 | 000,016,768 | R--- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwusdtl.sys -- (HCWU2DTL)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/05/23 16:42:52 | 000,012,084 | ---- | M] (Aiptek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UTBLFILT.sys -- (utblfilt)
DRV - [2001/04/09 14:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Freeserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/03/17 15:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 21:39:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/25 23:06:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/22 22:02:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/08/09 21:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Extensions
[2009/08/09 21:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2008/10/04 19:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\5h7fs5zx.Test\extensions
[2010/05/26 13:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\extensions
[2009/09/17 19:33:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/18 20:12:59 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009/01/05 18:03:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/01/05 18:03:30 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/01/05 18:03:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/07/08 23:34:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/02/15 16:25:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/10/02 19:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\extensions\betteryoutube@ginatrapani(2).org
[2007/08/07 22:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\extensions\faceoff@designmeme.com
[2008/09/05 08:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\extensions\firenes@facundo.zaldo
[2010/05/25 23:09:58 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\searchplugins\dictionarycom.xml
[2008/04/18 11:28:07 | 000,001,387 | ---- | M] () -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\searchplugins\torrentspy.xml
[2008/06/18 19:21:45 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\searchplugins\wikipedia-en.xml
[2007/08/24 14:00:54 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\Tom Rowberry\Application Data\Mozilla\Firefox\Profiles\od9ab75j.default\searchplugins\youtube-video-search.xml
[2010/05/26 13:21:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 22:54:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2006/05/06 17:42:04 | 007,260,160 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\libvlc.dll
[2010/05/25 22:54:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/05/06 17:42:04 | 000,478,720 | ---- | M] (VideoLAN Team) -- C:\Program Files\Mozilla Firefox\plugins\npvlc.dll
[2010/03/13 17:47:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/13 17:47:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/13 17:47:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/13 17:47:53 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/25 16:46:34 | 000,395,292 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 13652 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} [You must be registered and logged in to see this link.] (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} [You must be registered and logged in to see this link.] (Crucial cpcScan)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} [You must be registered and logged in to see this link.] (CRLDownloadWrapper Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [You must be registered and logged in to see this link.] (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 05:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "KService"
MsConfig - Services: "Creative Service for CDROM Access"
MsConfig - Services: "TabletService"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "WLSetupSvc"
MsConfig - Services: "iPod Service"
MsConfig - Services: "IDriverT"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "CVPND"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "aawservice"
MsConfig - Services: "BthServ"
MsConfig - Services: "Ati HotKey Poller"
MsConfig - Services: "TabletServiceWacom"
MsConfig - Services: "HssTrayService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe - (Cisco Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe - (Logitech)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Tom Rowberry^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Tom Rowberry^Start Menu^Programs^Startup^Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe - (Last.fm)
MsConfig - StartUpFolder: C:^Documents and Settings^Tom Rowberry^Start Menu^Programs^Startup^UCL RoamNet VPN Profile & Cert Config.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: 4oD - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
MsConfig - StartUpReg: AOLDialer - hkey= - key= - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
MsConfig - StartUpReg: atwtusb - hkey= - key= - File not found
MsConfig - StartUpReg: BDAgent - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BDMCon - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Creative Detector - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CTSVolFE.exe - hkey= - key= - C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)
MsConfig - StartUpReg: DellSupport - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: eyeBeam SIP Client - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Glary Memory Optimizer - hkey= - key= - C:\Program Files\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Tom Rowberry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: H2O - hkey= - key= - C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: kdx - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: LDM - hkey= - key= - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
MsConfig - StartUpReg: LogitechSoftwareUpdate - hkey= - key= - C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
MsConfig - StartUpReg: LogitechVideoRepair - hkey= - key= - C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
MsConfig - StartUpReg: LogitechVideoTray - hkey= - key= - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
MsConfig - StartUpReg: MCAgentExe - hkey= - key= - c:\PROGRA~1\mcafee.com\agent\mcagent.exe File not found
MsConfig - StartUpReg: MCUpdateExe - hkey= - key= - C:\PROGRA~1\mcafee.com\agent\McUpdate.exe File not found
MsConfig - StartUpReg: ModemOnHold - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MPFExe - hkey= - key= - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe File not found
MsConfig - StartUpReg: MSKAGENTEXE - hkey= - key= - C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe File not found
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MsConfig - StartUpReg: OASClnt - hkey= - key= - C:\Program Files\McAfee.com\VSO\oasclnt.exe File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: PeerGuardian - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SpeedTouch USB Diagnostics - hkey= - key= - C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: VirusScan Online - hkey= - key= - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe File not found
MsConfig - StartUpReg: Vista_upgrade - hkey= - key= - C:\Documents and Settings\Tom Rowberry\Local Settings\Application Data\DellVistaUpgrade\VISTA_UPGRADE.EXE (Dell Inc.)
MsConfig - StartUpReg: VSOCheckTask - hkey= - key= - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe File not found
MsConfig - StartUpReg: XSC SIP Client - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices


Last edited by tommehr on 26th May 2010, 1:04 pm; edited 1 time in total

tommehr
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-17
OS OS : XP
Points Points : 25938
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32:malware-gen / Win32:trojan-gen

Post by tommehr on 26th May 2010, 1:01 pm

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CB5F665B-04A8-D8D9-AC5F-94B68BA5A5BD} - NetShow
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{41DB134C-83A3-46F3-8E92-EFD5990FAED4} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/25 22:54:55 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/25 22:54:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/25 22:54:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/25 22:54:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/25 22:54:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/25 22:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/25 22:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Arovax Shield
[2010/05/25 22:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2010/05/25 17:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/05/17 17:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/17 17:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/26 13:16:00 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2593703689-551964569-3529092413-1005UA.job
[2010/05/26 12:50:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/26 12:14:25 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/26 12:14:25 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/26 12:14:25 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/26 12:10:15 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/26 12:10:15 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/05/26 12:10:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 12:10:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 12:10:07 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 23:32:46 | 012,845,056 | ---- | M] () -- C:\Documents and Settings\Tom Rowberry\NTUSER.DAT
[2010/05/25 23:32:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tom Rowberry\ntuser.ini
[2010/05/25 23:06:59 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/25 22:54:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/25 22:54:23 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/25 22:54:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/25 22:54:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/25 22:54:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/25 22:44:34 | 000,000,597 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/25 22:44:34 | 000,000,255 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/25 22:44:34 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/05/25 20:22:22 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Tom Rowberry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/25 17:05:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/25 16:46:34 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/25 15:16:03 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2593703689-551964569-3529092413-1005Core.job
[2010/05/25 09:11:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/02 17:55:16 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Tom Rowberry\My Documents\~$m training.doc
[2010/04/30 18:51:13 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Tom Rowberry\My Documents\Tom training.doc
[2010/04/30 12:16:46 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\Tom Rowberry\Desktop\Google Chrome.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/25 23:06:58 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/17 17:45:58 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/17 17:45:58 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/02 17:55:16 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Tom Rowberry\My Documents\~$m training.doc
[2010/04/30 18:51:13 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Tom Rowberry\My Documents\Tom training.doc
[2008/12/17 17:33:15 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2008/12/17 17:33:15 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2008/12/17 17:30:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/12/17 17:24:43 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE RX620EI.ini
[2008/12/15 15:27:27 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2008/12/15 15:26:56 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2008/12/15 15:26:56 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2008/08/29 18:33:20 | 000,000,378 | ---- | C] () -- C:\WINDOWS\GearBox.ini
[2008/01/27 23:31:34 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2007/11/17 15:55:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Funckey.dll
[2007/11/17 15:55:19 | 000,002,505 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2007/09/21 19:46:18 | 000,000,430 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/20 13:40:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/08/12 17:35:47 | 000,029,543 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/08/12 17:35:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/08/12 17:35:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2007/08/12 17:33:54 | 000,002,792 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/29 23:00:40 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/01/14 20:16:04 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/01/02 13:09:47 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/28 15:28:44 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/12/07 15:13:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/07 14:56:22 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2006/11/29 19:11:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/29 19:01:26 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/29 18:55:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/29 18:55:38 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/29 18:25:46 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/29 18:25:38 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/31 13:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 01:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/10 06:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/10 06:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/06/09 09:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys
[2005/03/13 16:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2005/02/08 12:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys
[2004/06/15 15:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2004/08/10 06:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/10 06:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 06:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/10 06:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 06:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 06:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 06:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 06:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 06:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 06:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 06:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2005/01/26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys
[2008/04/13 19:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 14:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2006/05/23 14:19:40 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2008/04/14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/02/12 20:24:44 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log
[2010/05/25 22:44:34 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/11/29 18:31:14 | 000,006,373 | RH-- | M] () -- C:\dell.sdr
[2007/12/25 17:27:58 | 465,458,688 | ---- | M] () -- C:\Family Guy - Season 5.1.avi
[2007/12/25 17:35:22 | 144,856,028 | ---- | M] () -- C:\Family Guy - Season 5.1.mp4
[2010/05/26 12:10:07 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2007/09/06 16:20:33 | 000,000,132 | ---- | M] () -- C:\ICSYSINF.log
[2006/12/07 14:55:25 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/11/29 18:59:57 | 000,000,857 | -H-- | M] () -- C:\IPH.PH
[2010/05/25 22:56:17 | 000,009,048 | ---- | M] () -- C:\JavaRa.log
[2007/01/15 15:13:18 | 000,001,060 | ---- | M] () -- C:\libSRTP_log.txt
[2007/01/14 20:12:13 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2010/05/25 17:08:31 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/03/30 15:23:35 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2008/03/30 15:23:35 | 000,022,729 | ---- | M] () -- C:\newkey
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/06 12:17:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/26 12:10:05 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2006/12/07 15:08:11 | 000,096,963 | ---- | M] () -- C:\pc-decrap-reg.txt
[2006/12/07 15:15:38 | 000,099,360 | ---- | M] () -- C:\pc-decrapifier-msi.log
[2007/02/20 17:05:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/02/26 17:20:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/06/12 12:55:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/12/24 13:39:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/12/25 01:58:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/12/26 02:58:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/06/04 21:53:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/06/04 22:31:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/08/04 12:00:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/08/19 16:07:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/16 16:47:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/02/05 17:20:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/02/06 15:09:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2007/02/06 16:22:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2007/02/06 18:55:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2007/02/07 12:54:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2007/02/12 20:11:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2007/02/15 17:37:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2007/02/15 21:36:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2007/02/16 13:45:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2007/02/20 17:05:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/02/26 17:20:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/06/12 12:55:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/12/24 13:39:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/12/25 01:58:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/12/26 02:58:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/06/04 21:53:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/06/04 22:31:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/08/04 12:00:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/08/19 16:07:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/16 16:47:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/02/05 17:20:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/02/06 15:09:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2007/02/06 16:22:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2007/02/06 18:55:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2007/02/07 12:54:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2007/02/12 20:11:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2007/02/15 17:37:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2007/02/15 21:36:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2007/02/16 13:45:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007/05/02 22:26:01 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2010/05/25 23:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/10/02 20:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2007/12/25 14:32:19 | 000,000,000 | ---D | M] -- C:\Program Files\Apple
[2008/10/04 00:43:31 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/05/25 22:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Arovax Shield
[2007/04/07 17:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2006/11/29 18:54:29 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/05/25 17:00:02 | 000,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2008/07/08 00:16:10 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2008/10/02 18:53:42 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2006/11/29 19:04:49 | 000,000,000 | ---D | M] -- C:\Program Files\BAE
[2008/04/11 02:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2009/01/13 16:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2006/11/29 18:53:58 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2007/04/19 22:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\Cakewalk
[2010/01/16 22:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\Camfrog
[2009/11/22 17:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\CDex_170b2
[2010/01/22 22:31:42 | 000,000,000 | ---D | M] -- C:\Program Files\CFWebAdvancedU
[2007/10/08 11:19:04 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2007/12/06 20:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\cladDVD .NET 3.5.6
[2010/01/22 18:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/11/29 18:51:21 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/06/05 08:00:38 | 000,000,000 | ---D | M] -- C:\Program Files\CoreFTP
[2006/12/10 13:22:40 | 000,000,000 | ---D | M] -- C:\Program Files\CounterPath
[2008/10/02 19:28:34 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2006/12/07 15:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2006/12/07 15:16:30 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2009/03/17 15:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2006/11/29 18:55:16 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2007/05/25 22:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/12/17 17:48:28 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2010/01/21 17:26:16 | 000,000,000 | ---D | M] -- C:\Program Files\Fake Webcam
[2007/06/19 19:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\FinalBurner
[2010/03/30 18:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\FLV Player
[2006/12/16 22:06:30 | 000,000,000 | ---D | M] -- C:\Program Files\Games
[2010/05/25 16:52:54 | 000,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
[2010/05/19 15:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/12/06 19:03:56 | 000,000,000 | ---D | M] -- C:\Program Files\Guitar Pro 5
[2009/10/18 18:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Incomplete
[2007/02/09 15:48:59 | 000,000,000 | ---D | M] -- C:\Program Files\Infra Recorder
[2008/12/17 17:37:08 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/04/01 11:23:02 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/03/07 17:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2007/02/07 17:33:31 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/03/07 17:46:46 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/10/02 19:04:19 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes(2)
[2010/05/25 22:56:02 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/03/06 14:44:00 | 000,000,000 | ---D | M] -- C:\Program Files\JustZIPit
[2008/01/08 18:17:07 | 000,000,000 | ---D | M] -- C:\Program Files\Last.fm
[2008/10/04 19:54:42 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/10/18 18:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\Limewire
[2007/05/29 11:45:03 | 000,000,000 | ---D | M] -- C:\Program Files\Line6
[2007/02/07 17:17:03 | 000,000,000 | ---D | M] -- C:\Program Files\LiveUpdate
[2007/01/14 20:12:20 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2008/07/08 23:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\Maintenance
[2010/05/25 17:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/11/29 19:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2008/09/06 12:30:33 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/11 16:25:18 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2009/11/12 15:31:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/01/02 13:09:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/03/10 11:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/08/16 05:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/01/20 23:45:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/22 17:31:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/02/07 23:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
[2009/10/15 03:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/01/21 21:40:32 | 000,000,000 | ---D | M] -- C:\Program Files\MOBILE PHONE TOOLS 3.11 PARA TODOS LOS MOTOROLA
[2007/02/07 17:16:52 | 000,000,000 | ---D | M] -- C:\Program Files\mobile PhoneTools
[2010/03/12 15:47:26 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/02 21:39:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/04/01 13:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2009/08/22 10:47:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/20 23:44:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/08/16 05:37:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/08/16 05:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/11/24 21:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/04/23 21:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\Native Instruments
[2008/09/06 12:20:58 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/17 15:36:59 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2010/02/15 16:26:02 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2008/10/04 17:07:40 | 000,000,000 | ---D | M] -- C:\Program Files\Notebook Hardware Control
[2005/08/16 05:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2007/02/12 20:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/05/12 23:52:36 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/03/17 15:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2007/02/12 20:30:13 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2
[2007/11/21 23:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\Peggle
[2008/03/25 23:59:00 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoScape
[2007/03/06 19:29:03 | 000,000,000 | ---D | M] -- C:\Program Files\Plucker
[2009/05/06 18:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2007/11/02 16:43:55 | 000,000,000 | ---D | M] -- C:\Program Files\Power Tab Software
[2007/06/20 21:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
[2009/11/22 22:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/10/02 19:04:40 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime(2)
[2007/09/21 19:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/22 10:46:58 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/10/02 19:34:15 | 000,000,000 | ---D | M] -- C:\Program Files\rFactor
[2005/08/16 21:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2007/06/12 12:59:39 | 000,000,000 | ---D | M] -- C:\Program Files\SampleTank 2 Free
[2006/11/29 18:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2007/08/07 22:09:15 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2008/12/17 17:35:55 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Panel
[2008/03/21 18:35:10 | 000,000,000 | ---D | M] -- C:\Program Files\Smith Micro
[2007/09/10 21:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Soulseek
[2006/12/28 15:31:44 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedTouch
[2009/02/11 14:38:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spotify
[2009/11/22 17:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2007/10/11 23:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Terminator
[2010/05/25 16:47:57 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2008/08/29 18:33:20 | 000,000,000 | ---D | M] -- C:\Program Files\Steinberg
[2006/11/29 18:53:26 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2007/04/24 19:55:37 | 000,000,000 | ---D | M] -- C:\Program Files\Syncrosoft
[2007/06/20 21:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2009/06/04 21:47:12 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2009/05/08 14:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Thomson
[2007/11/17 15:55:19 | 000,000,000 | ---D | M] -- C:\Program Files\USB Tablet
[2010/02/19 13:58:05 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2006/12/07 16:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2006/11/29 18:59:54 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/10/18 23:54:37 | 000,000,000 | ---D | M] -- C:\Program Files\Vodei
[2008/12/15 15:27:31 | 000,000,000 | ---D | M] -- C:\Program Files\Wacom
[2008/03/30 19:28:03 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009/11/22 18:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\WinASO
[2009/11/12 15:28:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/11/22 17:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/11/12 15:29:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/02/12 20:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/01/10 15:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/06 12:20:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/08/16 05:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2007/02/09 15:39:11 | 000,000,000 | ---D | M] -- C:\Program Files\winMd5Sum
[2007/01/07 22:26:37 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/11/22 17:54:47 | 000,000,000 | ---D | M] -- C:\Program Files\WinTV
[2007/01/15 17:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2005/08/16 05:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/02/01 18:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\XtenNetworksInc
[2007/05/02 22:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2005/08/16 05:33:26 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Tom Rowberry\Application Data\desktop.ini
[2007/01/16 22:27:32 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Tom Rowberry\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2009/12/09 18:36:06 | 000,045,936 | ---- | M] () -- C:\Documents and Settings\Tom Rowberry\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/17 16:48:31 | 000,003,666 | ---- | M] () -- C:\Documents and Settings\Tom Rowberry\Application Data\NMM-MetaData.db


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/06 12:11:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/06 12:11:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/06 12:11:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/06 12:11:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/06 12:11:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/06 12:11:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/06 12:11:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/09/06 12:11:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-12 22:56:00

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
< End of report >

tommehr
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-17
OS OS : XP
Points Points : 25938
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32:malware-gen / Win32:trojan-gen

Post by Belahzur on 26th May 2010, 10:04 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32:malware-gen / Win32:trojan-gen

Post by tommehr on 27th May 2010, 3:24 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4147

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/05/2010 16:18:24
mbam-log-2010-05-27 (16-18-24).txt

Scan type: Quick scan
Objects scanned: 141121
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

tommehr
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-17
OS OS : XP
Points Points : 25938
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32:malware-gen / Win32:trojan-gen

Post by Belahzur on 27th May 2010, 8:56 pm

Hello.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32:malware-gen / Win32:trojan-gen

Post by tommehr on 28th May 2010, 2:06 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2205b7cba957284a8f946ec975004b79
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-28 01:35:31
# local_time=2010-05-28 02:35:31 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777175 100 0 153671 153671 0 0
# compatibility_mode=7937 16777214 85 100 82904092 87481188 0 0
# compatibility_mode=8192 67108863 100 0 216 216 0 0
# scanned=135986
# found=0
# cleaned=0
# scan_time=8026

tommehr
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-17
OS OS : XP
Points Points : 25938
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32:malware-gen / Win32:trojan-gen

Post by Belahzur on 28th May 2010, 6:13 pm

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32:malware-gen / Win32:trojan-gen

Post by tommehr on 28th May 2010, 6:39 pm

725plc32
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.3
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Auslogics Disk Defrag
avast! Free Antivirus
Bonjour
Broadcom Management Programs
CamfrogWEB Advanced ActiveX Plugin (remove only)
CCleaner (remove only)
CDex extraction audio
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Creative Jukebox Driver
Critical Update for Windows Media Player 11 (KB959772)
Dell Wireless WLAN Card
Digital Line Detect
DivX Web Player
Dr SpeedTouch
EPSON CardMonitor
EPSON Copy Utility 3
EPSON PhotoStarter3.1
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
eyeBeam 1.5.10.2
FLV Player 2.0 (build 25)
Glary Utilities 2.22.0.896
Google Earth Plug-in
Google Gears
Google Gmail Notifier
Google Talk (remove only)
Google Update Helper
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Infra Recorder
IrfanView (remove only)
iTunes
Java(TM) 6 Update 20
Line 6 Uninstaller
Logitech Desktop Messenger
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware
MCU
MediaDirect
Messenger Plus! Live
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mixer
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (2.0.0.23)
MSRuntime Libraries
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
PC Connectivity Solution
PDF Settings
QuickSet
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
SigmaTel Audio
Skype™ 3.6
Sonic Encoders
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB Demo
Spotify
Spybot - Search & Destroy
Spyware Terminator
SpywareBlaster 4.2
StartupMonitor
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
Wacom Tablet
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip
WIRELESS DESIGN & WORK TABLET 100/200/400

tommehr
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-17
OS OS : XP
Points Points : 25938
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32:malware-gen / Win32:trojan-gen

Post by Belahzur on 29th May 2010, 10:21 pm

Hello.
How is the machine running?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win32:malware-gen / Win32:trojan-gen

Post by tommehr on 30th May 2010, 10:43 am

It's running quite a lot more smoothly. It's a reasonably old XP laptop so it's not mega-fast any more, but the constant jerkiness and 80%+ CPU usage has stopped so whatever we've done seems to have done the job.

Thanks!

tommehr
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-17
OS OS : XP
Points Points : 25938
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum