GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

View previous topic View next topic Go down

Solved Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Sat Sep 03, 2011 3:49 pm

Trojan horse PSW.Generic9.ISD
Trojan horse Agent3.AFTC
Trojan horse Java/Downloader.CP
Trojan horse Generic24.BFIA


Possibly more Sad tearing

AVG flagged up a warning when. Seems more and more getting in even though I kill all internet activity on Zone Alarm.

Have scanned a few times with AVG and it heels some of them, but pretty soon later they are back.

Tried using MalwareBytes but crashing during scans Sad tearing


Last edited by scottmurray on Sun Sep 04, 2011 3:00 am; edited 1 time in total

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Sat Sep 03, 2011 3:55 pm

OTL logfile created on: 03/09/2011 15:54:47 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 72.51% Memory free
6.62 Gb Paging File | 5.93 Gb Available in Paging File | 89.49% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 453.74 Gb Total Space | 388.37 Gb Free Space | 85.59% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 8.00 Gb Free Space | 66.65% Space Free | Partition Type: NTFS
Drive G: | 453.74 Gb Total Space | 421.79 Gb Free Space | 92.96% Space Free | Partition Type: NTFS

Computer Name: PARTS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 11:51:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
PRC - [2011/06/23 12:48:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/15 16:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/05/08 11:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 16:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/07/24 17:59:08 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHJLDCS.EXE
PRC - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/07/10 19:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2000/02/25 22:34:56 | 007,155,757 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\EXCEL.EXE


========== Modules (No Company Name) ==========

MOD - [2011/06/23 12:48:36 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/07/18 04:21:00 | 003,883,424 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/04/14 01:12:08 | 000,339,456 | ---- | M] () -- C:\WINDOWS\itububobogebute.dll
MOD - [2007/04/02 13:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/07/10 19:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (EapHostPortEmulatorV2)
SRV - File not found [Auto | Stopped] -- -- (0146971232374505mcinstcleanup) McAfee Application Installer Cleanup (0146971232374505)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/15 16:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/08/07 12:43:04 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/07 16:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/24 17:59:08 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHJLDCS.EXE -- (OKI OPHJ DCS Loader)
SRV - [2007/03/23 11:26:48 | 000,114,688 | ---- | M] (Star Micronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\StarMicronics\VirtualPortEmulator\Software\portemu_umdf.exe -- (PortEmulatorV2) Port Emulator V2 (Star)
SRV - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/15 16:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/02/10 14:24:54 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdklbf.sys -- (PSSDKLBF)
DRV - [2011/02/10 14:24:54 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/07/11 23:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/11/06 18:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/30 13:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/07/30 13:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/06/29 23:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/18 09:15:48 | 000,062,080 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NmSerial.sys -- (nmserial)
DRV - [2006/10/11 04:12:12 | 000,076,416 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2006/07/02 07:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/02/28 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/02/28 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 18:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 18:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 18:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 18:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 18:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 18:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 18:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 18:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 18:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 18:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 18:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 18:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 18:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 18:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 18:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 06:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [2001/08/10 03:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2000/07/24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cb8136e&v=7.007.026.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/20 10:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/07/12 08:56:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 09:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/06/18 09:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0495D2E7-89EA-4353-9F37-D8E1B18024C0}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{0495D2E7-89EA-4353-9F37-D8E1B18024C0} [2011/08/09 13:08:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 12:48:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/21 10:47:38 | 000,000,000 | ---D | M]

[2009/11/25 16:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/06/24 15:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3axw25ly.default\extensions
[2011/02/05 14:36:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3axw25ly.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/24 15:58:12 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3axw25ly.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/05/25 16:15:18 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3axw25ly.default\searchplugins\conduit.xml
[2011/06/17 08:53:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/09 13:08:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{0495D2E7-89EA-4353-9F37-D8E1B18024C0}
[2011/08/09 09:05:31 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/08/20 10:36:54 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/06/23 12:48:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Mfisana] C:\WINDOWS\itububobogebute.dll ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A99896F-2D94-43CE-9920-4E0E20D17377}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/01 02:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b0704315-e636-11dd-b4bc-00226426e3c5}\Shell - "" = AutoRun
O33 - MountPoints2\{b0704315-e636-11dd-b4bc-00226426e3c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0704315-e636-11dd-b4bc-00226426e3c5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found




ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {0117F56B-AD48-4773-BDD1-FBEFE0142D00} - Yahoo! Search Settings Update
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61C934E3-4D8D-4F51-A817-AA2FC5DE3134} - NoIE8Tour
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{E497BACD-9F23-4CDC-B3EE-963005CF088D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 15:51:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/09/03 15:51:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/08/22 10:34:53 | 000,000,000 | ---D | C] -- C:\5cbedd17a2f1fcd62e1dffac1c
[2011/08/22 10:32:38 | 000,000,000 | ---D | C] -- C:\09c084b657cfdfaa2fd0
[2011/08/17 10:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/08/17 08:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Tyeggei
[2011/08/17 08:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ofcuap
[2011/08/16 17:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Hasuwoo
[2011/08/16 17:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Axux
[2011/08/16 17:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Idv
[2011/08/16 17:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Icdy
[2011/08/13 10:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/08/12 16:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ykewpwgl
[2011/08/12 16:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/08/10 16:00:17 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/10 16:00:13 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/09 13:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2011/08/09 13:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ykewpwgl
[2011/08/09 13:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/09 13:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{0495D2E7-89EA-4353-9F37-D8E1B18024C0}
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/03 15:50:46 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{735CC627-E268-460A-9438-D4E5F97414AC}.job
[2011/09/03 15:43:26 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-545504692-997205589-1577464367-500UA.job
[2011/09/03 15:10:26 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/03 14:42:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-545504692-997205589-1577464367-500Core.job
[2011/09/03 13:16:38 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/09/03 13:16:37 | 130,954,251 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/03 11:52:24 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2011/09/03 11:52:06 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/09/03 11:51:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/09/03 09:50:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Iyawavina.bin
[2011/09/03 09:09:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/03 08:57:04 | 000,421,532 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/09/03 08:57:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/03 08:55:57 | 000,000,099 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/09/03 08:54:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/03 08:54:32 | 3085,422,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/01 17:02:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/01 16:58:09 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2011/08/26 17:05:55 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Vxulifohavo.dat
[2011/08/25 13:28:08 | 000,000,179 | --S- | M] () -- C:\WINDOWS\System32\1320404779.dat
[2011/08/17 10:40:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/08/17 10:40:00 | 000,000,063 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2011/08/17 10:39:50 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/08/16 15:28:35 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sign in to Yahoo!.url
[2011/08/13 17:17:39 | 000,000,435 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/08/13 10:30:12 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/11 09:12:35 | 000,491,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 09:12:35 | 000,090,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/11 09:09:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/11 09:08:36 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/08/09 14:10:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/03 15:51:15 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2011/08/24 17:24:02 | 000,000,179 | --S- | C] () -- C:\WINDOWS\System32\1320404779.dat
[2011/08/18 16:11:31 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vxulifohavo.dat
[2011/08/18 16:11:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Iyawavina.bin
[2011/08/17 10:40:00 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/08/11 09:08:36 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/08/09 14:10:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/04 13:12:07 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xsgyucee.sys
[2011/02/03 17:49:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/04 10:43:58 | 000,000,140 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011/01/04 10:43:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/01/04 10:42:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/01/04 10:42:36 | 000,031,244 | ---- | C] () -- C:\WINDOWS\HL-5340D.INI
[2011/01/04 10:42:35 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/01/04 10:42:34 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM08A.DAT
[2011/01/04 10:42:26 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/03/05 14:59:51 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/29 13:20:24 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/01/29 13:03:24 | 000,001,006 | ---- | C] () -- C:\WINDOWS\OPHJ.INI
[2010/01/12 15:58:52 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/12/11 11:06:34 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/12/11 11:06:31 | 000,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2009/12/11 11:01:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2009/11/25 16:31:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/12 12:03:30 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2009/02/10 12:32:28 | 000,184,320 | R--- | C] () -- C:\WINDOWS\System32\NmUninst.exe
[2009/02/10 12:32:28 | 000,006,656 | R--- | C] () -- C:\WINDOWS\System32\NmCoInst.dll
[2009/02/06 16:46:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/29 16:28:03 | 000,000,435 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/01/29 16:28:03 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/01/29 16:25:05 | 000,000,921 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/01/29 16:25:05 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/01/29 16:25:05 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2009/01/29 16:23:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/01/29 16:23:29 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/01/29 16:21:51 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/01/19 15:33:13 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/01/19 15:32:22 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/11/27 11:42:19 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/27 11:42:19 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/11/27 11:42:19 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/27 11:42:19 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/27 11:42:19 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/11/27 11:42:18 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/11/27 11:42:18 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/11/27 11:42:14 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/11/27 11:42:13 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/11/27 11:18:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/27 11:00:10 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/27 11:00:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/27 11:00:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/27 11:00:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/27 11:00:10 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/27 11:00:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/11/27 10:59:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/11/27 10:50:29 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2006/04/25 19:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 18:43:54 | 000,491,502 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 18:43:54 | 000,090,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 18:39:48 | 000,298,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 18:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 18:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 03:00:00 | 000,339,456 | ---- | C] () -- C:\WINDOWS\itububobogebute.dll
[2006/02/28 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 03:00:00 | 000,006,672 | ---- | C] () -- C:\WINDOWS\System32\adptifv.dat
[2006/02/28 03:00:00 | 000,005,648 | ---- | C] () -- C:\WINDOWS\System32\1037y.dat
[2006/02/28 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 08:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 08:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 11:12:22 | 000,000,832 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/04 03:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1999/01/23 02:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/11/27 11:07:37 | 000,000,152 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\BCM_DropUserDatabases.txt

< %USERPROFILE%\Desktop\*.exe >
[2011/09/03 11:52:06 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/09/03 11:52:24 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/06/23 12:48:38 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/06/23 12:48:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/06/23 12:48:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/06/23 12:48:33 | 000,265,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/11/27 11:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2009/09/10 11:28:23 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/11/27 11:08:05 | 000,000,000 | ---D | M] -- C:\Program Files\Altiris
[2008/11/27 10:58:58 | 000,000,000 | ---D | M] -- C:\Program Files\AMD
[2010/11/24 11:56:57 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/01/04 10:42:34 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2011/01/04 10:42:41 | 000,000,000 | ---D | M] -- C:\Program Files\Brownie
[2010/03/26 10:11:59 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2011/08/13 10:27:23 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/11/27 11:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\Compaq
[2008/11/27 11:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/06/18 09:30:32 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/09/01 16:58:09 | 000,000,000 | ---D | M] -- C:\Program Files\DYMO Label
[2010/09/17 11:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2010/09/22 10:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/02/06 10:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/11/27 11:15:18 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/11/27 11:00:32 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2009/03/06 13:19:39 | 000,000,000 | ---D | M] -- C:\Program Files\Insert Text for Excel
[2011/06/14 14:29:41 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/08/11 09:05:59 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/11/27 11:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/03/27 10:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/08/09 14:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/29 11:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/11/27 11:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/09/08 11:33:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/18 09:03:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/11/27 11:06:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Small Business
[2011/09/03 09:04:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2011/08/17 10:39:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/06/29 11:18:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/11/27 11:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 18:00:54 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/07/28 15:47:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/03/10 19:04:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/03/04 16:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/11/27 11:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/11/27 11:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/11/27 11:05:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/01/31 13:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/09/01 12:26:07 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/01/29 13:07:46 | 000,000,000 | ---D | M] -- C:\Program Files\Okidata
[2009/01/09 01:20:05 | 000,000,000 | R--D | M] -- C:\Program Files\Online Services
[2010/03/27 18:25:02 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/16 19:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/11/27 11:07:47 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Complete
[2011/02/09 11:38:39 | 000,000,000 | ---D | M] -- C:\Program Files\Prestige
[2009/01/09 09:16:12 | 000,000,000 | ---D | M] -- C:\Program Files\Program Shortcuts
[2011/06/14 14:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\PTC
[2008/11/27 10:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2011/03/10 19:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/01/29 16:20:52 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2009/05/20 20:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\StarMicronics
[2011/02/10 14:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\thinkbroadband.com
[2008/11/27 11:40:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/08 13:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/10/08 13:07:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/01/31 13:49:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/11/27 11:40:57 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/11/27 11:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/07/10 14:41:17 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/01/19 15:32:06 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs
[2009/01/19 15:34:57 | 000,000,000 | ---D | M] -- C:\Program Files\ZoneAlarmSB
[2011/06/18 09:30:31 | 000,000,000 | ---D | M] -- C:\Program Files\ZoneAlarm_Security


< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006/02/28 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/31 13:40:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/31 13:40:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006/02/28 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/31 13:40:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/31 13:40:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2006/02/28 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/01/31 13:40:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/01/31 13:40:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 03:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-03 08:05:15

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/30 08:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/23 12:48:33 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/23 12:48:33 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/23 12:48:33 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/23 12:48:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/23 12:48:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/23 12:48:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/30 08:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/30 08:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/30 08:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/30 08:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)



scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Sat Sep 03, 2011 3:55 pm

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/30 08:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/23 12:48:33 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/23 12:48:33 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/23 12:48:33 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/23 12:48:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/23 12:48:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/23 12:48:37 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/30 08:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/30 08:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/30 08:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/30 08:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\Desktop\BM.pif:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\BM.pif:SummaryInformation
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Sat Sep 03, 2011 3:56 pm

OTL Extras logfile created on: 03/09/2011 15:54:47 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 72.51% Memory free
6.62 Gb Paging File | 5.93 Gb Available in Paging File | 89.49% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 453.74 Gb Total Space | 388.37 Gb Free Space | 85.59% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 8.00 Gb Free Space | 66.65% Space Free | Partition Type: NTFS
Drive G: | 453.74 Gb Total Space | 421.79 Gb Free Space | 92.96% Space Free | Partition Type: NTFS

Computer Name: PARTS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{4EB34322-B940-46EB-810E-68E71A819269}" = AVG 2011
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{704BA20C-E4D5-4265-92B4-9768345AB76B}" = AVG 2011
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{97CF5B9F-AEE5-491B-948E-3096E69C8B42}" = Brother HL-5340D
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch Utility
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B5770FD5-7345-47E0-BEB8-54522270D58F}" = AVG 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360A313-4656-4A1F-929A-243F668C12DA}" = Template Manager 3.0
"{D4CED2FB-CB81-4BBB-853A-9B25CE64CB35}" = TSP700II Setup
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7C92C22-436B-46C4-AAF2-80C4C569A55F}" = AVG 2011
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FEDCEFC4-62F6-4B71-B37E-11A7CB6BC5F8}" = Arbortext IsoView 7.0
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"DYMO Label Software" = DYMO Label Software
"EPSON Printer and Utilities" = EPSON Printer Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{FEDCEFC4-62F6-4B71-B37E-11A7CB6BC5F8}" = Arbortext IsoView 7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MosChip Technology" = MosChip Multi-IO Controller
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NGK Partfinder_is1" = NGK Partfinder
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Number Plate Printing Software_is1" = Number Plate Printing Software 1.51 Build 136
"NVIDIA Drivers" = NVIDIA Drivers
"PDF Complete" = PDF Complete
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/09/2011 04:04:40 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 03/09/2011 04:04:40 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 03/09/2011 04:04:40 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 03/09/2011 04:04:40 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 03/09/2011 04:04:40 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 03/09/2011 04:04:41 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 03/09/2011 04:04:41 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Access is
denied.).

Error - 03/09/2011 04:04:41 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 03/09/2011 04:04:41 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is
denied.).

Error - 03/09/2011 04:04:42 | Computer Name = PARTS-PC | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503.
The SQL Server service failed to start. For more information, see the SQL Server
Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting
SQL Server Manually." The error is (3417) .

[ Application Events ]
Error - 03/09/2011 04:04:40 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.5'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 03/09/2011 04:04:40 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 03/09/2011 04:04:40 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 03/09/2011 04:04:40 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 03/09/2011 04:04:40 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 03/09/2011 04:04:41 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 03/09/2011 04:04:41 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Access is
denied.).

Error - 03/09/2011 04:04:41 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 03/09/2011 04:04:41 | Computer Name = PARTS-PC | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is
denied.).

Error - 03/09/2011 04:04:42 | Computer Name = PARTS-PC | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503.
The SQL Server service failed to start. For more information, see the SQL Server
Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting
SQL Server Manually." The error is (3417) .

[ System Events ]
Error - 02/09/2011 04:34:11 | Computer Name = PARTS-PC | Source = Print | ID = 54
Description = Document about:blank was corrupted and has been deleted. The associated
driver is: Brother HL-5340D series.

Error - 02/09/2011 04:34:57 | Computer Name = PARTS-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 02/09/2011 04:34:57 | Computer Name = PARTS-PC | Source = Service Control Manager | ID = 7001
Description = The BrPar service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 03/09/2011 03:56:42 | Computer Name = PARTS-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 03/09/2011 03:56:42 | Computer Name = PARTS-PC | Source = Service Control Manager | ID = 7001
Description = The BrPar service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 03/09/2011 04:04:41 | Computer Name = PARTS-PC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 03/09/2011 04:05:45 | Computer Name = PARTS-PC | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 03/09/2011 04:07:25 | Computer Name = PARTS-PC | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 03/09/2011 06:38:13 | Computer Name = PARTS-PC | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SERVICE-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{2A99896F-2D94-43C. The master browser is stopping or an election is
being forced.

Error - 03/09/2011 08:40:42 | Computer Name = PARTS-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the PolicyAgent service.


< End of report >

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Sat Sep 03, 2011 3:56 pm

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-03 16:31:59
-----------------------------
16:31:59.000 OS Version: Windows 5.1.2600 Service Pack 3
16:31:59.000 Number of processors: 2 586 0x6B02
16:31:59.000 ComputerName: PARTS-PC UserName:
16:32:01.078 Initialize success
16:34:00.281 AVAST engine defs: 11090201
16:34:50.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:34:50.625 Disk 0 Vendor: ST3500620AS HP12 Size: 476940MB BusType: 3
16:34:50.656 Device \Driver\atapi -> DriverStartIo 8acce31b
16:34:52.671 Disk 0 MBR read successfully
16:34:52.718 Disk 0 MBR scan
16:34:52.812 Disk 0 MBR:Alureon-G [Rtk]
16:34:52.921 Disk 0 TDL4@MBR code has been found
16:34:52.937 Disk 0 MBR hidden
16:34:53.000 Disk 0 MBR [TDL4] **ROOTKIT**
16:34:53.000 Disk 0 trace - called modules:
16:34:53.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8acce4d0]<<
16:34:53.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad00ab8]
16:34:53.046 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8ad9b260]
16:34:53.046 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8aceed98]
16:34:53.046 \Driver\atapi[0x8adede20] -> IRP_MJ_CREATE -> 0x8acce4d0
16:34:53.937 AVAST engine scan C:\WINDOWS
16:35:04.218 AVAST engine scan C:\WINDOWS\system32
16:37:23.515 AVAST engine scan C:\WINDOWS\system32\drivers
16:37:38.484 AVAST engine scan C:\Documents and Settings\Administrator
16:39:09.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:39:09.250 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Sat Sep 03, 2011 3:57 pm

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
AVG PC Tuneup 2011
AVG 2011
ZoneAlarm
ZoneAlarm Toolbar
ZoneAlarm Spy Blocker
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
AVG PC Tuneup 2011
Java(TM) 6 Update 16
Java(TM) 6 Update 7
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.0.32.18
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Sat Sep 03, 2011 3:59 pm

Hope this is everything you you require, any help would be greatly appreciated.

Thanks for your time.

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Mon Sep 05, 2011 5:08 pm

Bump Big Grin

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Wed Sep 07, 2011 10:06 am

Bump

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Wed Sep 07, 2011 12:41 pm

Just noticed from other posts that the aswMBR scan hadn't finished, most likely had paused so here's the full report for it. Any one who can help would be greatly appreciated Big Grin


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-03 16:31:59
-----------------------------
16:31:59.000 OS Version: Windows 5.1.2600 Service Pack 3
16:31:59.000 Number of processors: 2 586 0x6B02
16:31:59.000 ComputerName: PARTS-PC UserName:
16:32:01.078 Initialize success
16:34:00.281 AVAST engine defs: 11090201
16:34:50.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:34:50.625 Disk 0 Vendor: ST3500620AS HP12 Size: 476940MB BusType: 3
16:34:50.656 Device \Driver\atapi -> DriverStartIo 8acce31b
16:34:52.671 Disk 0 MBR read successfully
16:34:52.718 Disk 0 MBR scan
16:34:52.812 Disk 0 MBR:Alureon-G [Rtk]
16:34:52.921 Disk 0 TDL4@MBR code has been found
16:34:52.937 Disk 0 MBR hidden
16:34:53.000 Disk 0 MBR [TDL4] **ROOTKIT**
16:34:53.000 Disk 0 trace - called modules:
16:34:53.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8acce4d0]<<
16:34:53.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad00ab8]
16:34:53.046 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8ad9b260]
16:34:53.046 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8aceed98]
16:34:53.046 \Driver\atapi[0x8adede20] -> IRP_MJ_CREATE -> 0x8acce4d0
16:34:53.937 AVAST engine scan C:\WINDOWS
16:35:04.218 AVAST engine scan C:\WINDOWS\system32
16:37:23.515 AVAST engine scan C:\WINDOWS\system32\drivers
16:37:38.484 AVAST engine scan C:\Documents and Settings\Administrator
16:39:09.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:39:09.250 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-07 12:59:09
-----------------------------
12:59:09.515 OS Version: Windows 5.1.2600 Service Pack 3
12:59:09.515 Number of processors: 2 586 0x6B02
12:59:09.515 ComputerName: PARTS-PC UserName:
12:59:10.906 Initialize success
13:00:02.218 AVAST engine defs: 11090700
13:00:25.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:00:25.828 Disk 0 Vendor: ST3500620AS HP12 Size: 476940MB BusType: 3
13:00:25.828 Device \Driver\atapi -> DriverStartIo 8acce31b
13:00:27.828 Disk 0 MBR read successfully
13:00:27.828 Disk 0 MBR scan
13:00:28.062 Disk 0 MBR:Alureon-G [Rtk]
13:00:28.062 Disk 0 TDL4@MBR code has been found
13:00:28.062 Disk 0 MBR hidden
13:00:28.062 Disk 0 MBR [TDL4] **ROOTKIT**
13:00:28.062 Disk 0 trace - called modules:
13:00:28.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8acce4d0]<<
13:00:28.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad9aab8]
13:00:28.062 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8ac9c510]
13:00:28.062 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8ad00940]
13:00:28.062 \Driver\atapi[0x8acc0280] -> IRP_MJ_CREATE -> 0x8acce4d0
13:00:48.515 AVAST engine scan C:\WINDOWS
13:01:14.218 AVAST engine scan C:\WINDOWS\system32
13:02:58.093 AVAST engine scan C:\WINDOWS\system32\drivers
13:03:09.906 AVAST engine scan C:\Documents and Settings\Administrator
13:08:21.093 File: C:\Documents and Settings\Administrator\Local Settings\Temp\nmsoeaxwcr.tmp **INFECTED** Win32:Hiloti-HD [Trj]
13:08:23.406 File: C:\Documents and Settings\Administrator\Local Settings\Temp\xcmsearonw.tmp **INFECTED** Win32:Hiloti-HD [Trj]
13:17:55.640 AVAST engine scan C:\Documents and Settings\All Users
13:19:13.000 Scan finished successfully
13:37:43.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\ANTI_V\MBR.dat"
13:37:43.546 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\ANTI_V\aswMBR.txt"


scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by Belahzur on Wed Sep 07, 2011 11:29 pm

Sorry about the wait.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Thu Sep 08, 2011 8:53 am

Hello Belahzur, thank you for your reply and looking at previous help giving I'm sure the wait will be worth it Big Grin

TDSSkiller never gave me the option of report once the scan had finished but I did find it in the C:\ as you had noted Big Grin


2011/09/08 09:39:04.0670 4892 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/08 09:39:06.0670 4892 ================================================================================
2011/09/08 09:39:06.0670 4892 SystemInfo:
2011/09/08 09:39:06.0670 4892
2011/09/08 09:39:06.0670 4892 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/08 09:39:06.0670 4892 Product type: Workstation
2011/09/08 09:39:06.0670 4892 ComputerName: PARTS-PC
2011/09/08 09:39:06.0670 4892 UserName: Administrator
2011/09/08 09:39:06.0670 4892 Windows directory: C:\WINDOWS
2011/09/08 09:39:06.0670 4892 System windows directory: C:\WINDOWS
2011/09/08 09:39:06.0670 4892 Processor architecture: Intel x86
2011/09/08 09:39:06.0670 4892 Number of processors: 2
2011/09/08 09:39:06.0670 4892 Page size: 0x1000
2011/09/08 09:39:06.0670 4892 Boot type: Normal boot
2011/09/08 09:39:06.0670 4892 ================================================================================
2011/09/08 09:39:08.0092 4892 Initialize success
2011/09/08 09:39:16.0514 2584 ================================================================================
2011/09/08 09:39:16.0514 2584 Scan started
2011/09/08 09:39:16.0514 2584 Mode: Manual;
2011/09/08 09:39:16.0514 2584 ================================================================================
2011/09/08 09:39:17.0545 2584 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/09/08 09:39:17.0592 2584 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/08 09:39:17.0607 2584 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/08 09:39:17.0654 2584 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/08 09:39:17.0686 2584 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
2011/09/08 09:39:17.0732 2584 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/08 09:39:17.0826 2584 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/08 09:39:17.0904 2584 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/08 09:39:17.0936 2584 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/08 09:39:18.0045 2584 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/09/08 09:39:18.0061 2584 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
2011/09/08 09:39:18.0186 2584 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/08 09:39:18.0201 2584 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/08 09:39:18.0248 2584 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/08 09:39:18.0279 2584 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/08 09:39:18.0404 2584 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/08 09:39:18.0436 2584 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/08 09:39:18.0467 2584 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/08 09:39:18.0498 2584 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/08 09:39:18.0514 2584 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/08 09:39:18.0545 2584 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/08 09:39:18.0561 2584 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/08 09:39:18.0592 2584 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/08 09:39:18.0639 2584 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/08 09:39:18.0670 2584 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
2011/09/08 09:39:18.0717 2584 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2011/09/08 09:39:18.0732 2584 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
2011/09/08 09:39:18.0764 2584 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
2011/09/08 09:39:18.0779 2584 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/08 09:39:18.0811 2584 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/08 09:39:18.0842 2584 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/08 09:39:18.0873 2584 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/08 09:39:18.0998 2584 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/08 09:39:19.0061 2584 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/08 09:39:19.0279 2584 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/08 09:39:19.0295 2584 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/08 09:39:19.0311 2584 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/08 09:39:19.0404 2584 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/08 09:39:19.0420 2584 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/08 09:39:19.0436 2584 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/08 09:39:19.0514 2584 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
2011/09/08 09:39:19.0576 2584 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/08 09:39:19.0623 2584 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/08 09:39:19.0639 2584 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/08 09:39:19.0701 2584 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/08 09:39:19.0764 2584 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/08 09:39:19.0811 2584 FSLX (037b3ab349be884bb8cb9c5356e34717) C:\WINDOWS\system32\drivers\fslx.sys
2011/09/08 09:39:19.0857 2584 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/08 09:39:19.0904 2584 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/08 09:39:19.0967 2584 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/08 09:39:20.0029 2584 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/08 09:39:20.0076 2584 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/08 09:39:20.0186 2584 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/08 09:39:20.0279 2584 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/08 09:39:20.0342 2584 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/09/08 09:39:20.0404 2584 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/09/08 09:39:20.0436 2584 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/09/08 09:39:20.0451 2584 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/09/08 09:39:20.0482 2584 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/09/08 09:39:20.0498 2584 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/09/08 09:39:20.0529 2584 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
2011/09/08 09:39:20.0545 2584 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
2011/09/08 09:39:20.0561 2584 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
2011/09/08 09:39:20.0592 2584 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/09/08 09:39:20.0623 2584 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/09/08 09:39:20.0639 2584 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/09/08 09:39:20.0670 2584 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/09/08 09:39:20.0686 2584 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
2011/09/08 09:39:20.0701 2584 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
2011/09/08 09:39:20.0748 2584 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/08 09:39:20.0951 2584 IntcAzAudAddService (e5c925b50154d102734ab446ade781f4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/08 09:39:21.0154 2584 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/08 09:39:21.0201 2584 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/08 09:39:21.0248 2584 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/08 09:39:21.0264 2584 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/08 09:39:21.0311 2584 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/08 09:39:21.0373 2584 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/08 09:39:21.0404 2584 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/08 09:39:21.0467 2584 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/08 09:39:21.0529 2584 ISWKL (eb8594268cf50baaecbe82d70c833533) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/09/08 09:39:21.0607 2584 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/08 09:39:21.0639 2584 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/08 09:39:21.0686 2584 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/08 09:39:21.0717 2584 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/08 09:39:21.0811 2584 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/09/08 09:39:21.0826 2584 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/08 09:39:21.0873 2584 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/08 09:39:21.0904 2584 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/08 09:39:21.0920 2584 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/08 09:39:21.0951 2584 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/08 09:39:22.0014 2584 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/08 09:39:22.0061 2584 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/08 09:39:22.0107 2584 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/08 09:39:22.0139 2584 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/08 09:39:22.0186 2584 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
2011/09/08 09:39:22.0232 2584 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/08 09:39:22.0279 2584 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/08 09:39:22.0342 2584 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/08 09:39:22.0389 2584 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/08 09:39:22.0436 2584 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/08 09:39:22.0467 2584 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/08 09:39:22.0514 2584 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/08 09:39:22.0529 2584 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/08 09:39:22.0561 2584 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/08 09:39:22.0592 2584 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/08 09:39:22.0623 2584 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/08 09:39:22.0670 2584 NmPar (79ea5a1b343db2f5187758e00195d9bd) C:\WINDOWS\system32\DRIVERS\NmPar.sys
2011/09/08 09:39:22.0686 2584 nmserial (27f715b99867d1c19d83327800976719) C:\WINDOWS\system32\DRIVERS\nmserial.sys
2011/09/08 09:39:22.0717 2584 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/08 09:39:22.0764 2584 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/08 09:39:22.0826 2584 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/08 09:39:23.0061 2584 nv (cce4877e45f5300fffbb4a6bc5e7fda7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/08 09:39:23.0217 2584 NVENETFD (1492c7738f68625805f5f53c8bad24c6) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/09/08 09:39:23.0264 2584 nvnetbus (ae73e61f07ddc84255bece6b02f18390) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/09/08 09:39:23.0295 2584 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/08 09:39:23.0311 2584 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/08 09:39:23.0357 2584 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/09/08 09:39:23.0389 2584 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/09/08 09:39:23.0420 2584 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/09/08 09:39:23.0467 2584 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/09/08 09:39:23.0482 2584 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/08 09:39:23.0514 2584 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/08 09:39:23.0529 2584 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/08 09:39:23.0561 2584 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/08 09:39:23.0592 2584 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/08 09:39:23.0607 2584 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/08 09:39:23.0748 2584 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/08 09:39:23.0764 2584 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/08 09:39:23.0779 2584 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/08 09:39:23.0826 2584 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\WINDOWS\system32\Drivers\pssdk42.sys
2011/09/08 09:39:23.0857 2584 PSSDKLBF (0bec7b42f4093400509821c63f13f1d5) C:\WINDOWS\system32\Drivers\pssdklbf.sys
2011/09/08 09:39:23.0889 2584 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/08 09:39:23.0967 2584 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/08 09:39:23.0998 2584 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/08 09:39:24.0014 2584 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/08 09:39:24.0029 2584 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/08 09:39:24.0061 2584 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/08 09:39:24.0107 2584 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/08 09:39:24.0139 2584 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/08 09:39:24.0295 2584 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/08 09:39:24.0326 2584 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/08 09:39:24.0436 2584 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/08 09:39:24.0467 2584 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/08 09:39:24.0482 2584 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/08 09:39:24.0498 2584 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/08 09:39:24.0576 2584 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/08 09:39:24.0592 2584 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/08 09:39:24.0701 2584 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/08 09:39:24.0732 2584 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/08 09:39:24.0779 2584 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/08 09:39:24.0811 2584 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/08 09:39:24.0826 2584 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/08 09:39:24.0857 2584 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
2011/09/08 09:39:24.0873 2584 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/08 09:39:24.0889 2584 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/08 09:39:24.0920 2584 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/08 09:39:24.0951 2584 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/08 09:39:24.0998 2584 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/08 09:39:25.0029 2584 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/08 09:39:25.0045 2584 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/08 09:39:25.0139 2584 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/09/08 09:39:25.0170 2584 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/08 09:39:25.0232 2584 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/08 09:39:25.0279 2584 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/08 09:39:25.0295 2584 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/08 09:39:25.0326 2584 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/08 09:39:25.0373 2584 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/08 09:39:25.0404 2584 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/08 09:39:25.0436 2584 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/08 09:39:25.0451 2584 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/08 09:39:25.0482 2584 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/08 09:39:25.0498 2584 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/08 09:39:25.0545 2584 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/09/08 09:39:25.0607 2584 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/08 09:39:25.0654 2584 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/08 09:39:25.0764 2584 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/08 09:39:25.0779 2584 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/08 09:39:25.0811 2584 MBR (0x1B8) (aef85c9bca3830dc89a54f855328d296) \Device\Harddisk0\DR0
2011/09/08 09:39:25.0826 2584 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/08 09:39:25.0826 2584 Boot (0x1200) (f86bf59cb0aac6adab9db71a1b4ba9d7) \Device\Harddisk0\DR0\Partition0
2011/09/08 09:39:25.0873 2584 Boot (0x1200) (a3bf283c8dfbc0fc91c2af637819de55) \Device\Harddisk0\DR0\Partition1
2011/09/08 09:39:25.0873 2584 ================================================================================
2011/09/08 09:39:25.0873 2584 Scan finished
2011/09/08 09:39:25.0873 2584 ================================================================================
2011/09/08 09:39:25.0889 5776 Detected object count: 1
2011/09/08 09:39:25.0889 5776 Actual detected object count: 1
2011/09/08 09:39:40.0326 5776 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/08 09:39:40.0326 5776 \Device\Harddisk0\DR0 - ok
2011/09/08 09:39:40.0326 5776 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/08 09:41:38.0640 3852 Deinitialize success


scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Thu Sep 08, 2011 11:21 am

Just had a look at Malwarebytes again, and it has been able to complete a quick scan. Here is the result of the scan, also 2 screen shots of the Quarantine contents...



Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7675

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/09/2011 12:06:48
mbam-log-2011-09-08 (12-06-21).txt

Scan type: Quick scan
Objects scanned: 191825
Time elapsed: 19 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\syte821.bin (Trojan.SpyEyes) -> No action taken.

Files Infected:
c:\documents and settings\administrator\local settings\Temp\nmsoeaxwcr.tmp (Trojan.Hiloti) -> No action taken.
c:\documents and settings\administrator\local settings\Temp\xcmsearonw.tmp (Trojan.Hiloti) -> No action taken.
c:\syte821.bin\470907e28a30970 (Trojan.SpyEyes) -> No action taken.


_________________________________________________________

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Thu Sep 08, 2011 12:21 pm

Like wise for AVG free


"";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\5\7ff4f845-7d60cb63:\buildService\ClassId.class";"Trojan horse Exploit_c.TYD";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\5\7ff4f845-7d60cb63:\buildService\BuildClass.class";"Trojan horse Java/Agent.EP";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\5\7ff4f845-7d60cb63";"Trojan horse Java/Agent.EP";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\29eb13fa-18da81f9:\buildService\MapYandex.class";"Trojan horse Java/Agent.EY";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\29eb13fa-18da81f9";"Trojan horse Java/Agent.EY";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\54\1cb50536-7ee0c129:\buildService\MapYandex.class";"Trojan horse Java/Agent.FN";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\54\1cb50536-7ee0c129";"Trojan horse Java/Agent.FN";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\8dac151-76423600:\buildService\MapYandex.class";"Trojan horse Java/Agent.EY";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\8dac151-76423600";"Trojan horse Java/Agent.EY";"Moved to Virus Vault"
"";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\57\d869ef9-717baba2:\buildService\ClassId.class";"Trojan horse Exploit_c.TYN";"Moved to Virus Vault"
"";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\57\d869ef9-717baba2:\buildService\BuildClass.class";"Trojan horse Java/Agent.EP";"Moved to Virus Vault"
"";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\57\d869ef9-717baba2";"Trojan horse Java/Agent.EP";"Moved to Virus Vault"
"";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\43\7c55146b-385d181d:\buildService\ClassId.class";"Trojan horse Exploit_c.TYN";"Moved to Virus Vault"
"";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\43\7c55146b-385d181d:\buildService\BuildClass.class";"Trojan horse Java/Agent.ET";"Moved to Virus Vault"
"";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\43\7c55146b-385d181d";"Trojan horse Java/Agent.ET";"Moved to Virus Vault"

_______________________________________________________


"";"C:\Documents and Settings\NetworkService\Cookies\ZTJRAIZ4.txt:\247realmedia.com.ef906bac";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\ZTJRAIZ4.txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\ZTJRAIZ4.txt";"Found Tracking cookie.247realmedia";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\ZS7K7O7Y.txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\ZS7K7O7Y.txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\ZS7K7O7Y.txt";"Found Tracking cookie.Mediaplex";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\YY59R479.txt:\revsci.net.dd448f0b";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\YY59R479.txt:\revsci.net.5981ed5e";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\YY59R479.txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\YY59R479.txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\YY59R479.txt:\revsci.net.18a1d1b2";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\YY59R479.txt";"Found Tracking cookie.Revsci";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\YWGUSTKX.txt:\adbrite.com.ff6c09ff";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\YWGUSTKX.txt:\adbrite.com.f796fd05";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\YWGUSTKX.txt:\adbrite.com.e1f04284";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\YWGUSTKX.txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\YWGUSTKX.txt:\adbrite.com.37283d89";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\YWGUSTKX.txt";"Found Tracking cookie.Adbrite";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\YA4PEIPJ.txt:\adviva.net.c0476bb7";"Found Tracking cookie.Adviva";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\YA4PEIPJ.txt";"Found Tracking cookie.Adviva";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\XQQCLNUI.txt:\adbrite.com.ff6c09ff";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\XQQCLNUI.txt:\adbrite.com.f796fd05";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\XQQCLNUI.txt:\adbrite.com.e1f04284";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\XQQCLNUI.txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\XQQCLNUI.txt:\adbrite.com.37283d89";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\XQQCLNUI.txt";"Found Tracking cookie.Adbrite";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\XHIS1XW1.txt:\weborama.fr.30104bcb";"Found Tracking cookie.Weborama";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\XHIS1XW1.txt";"Found Tracking cookie.Weborama";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\XA5BAKZ3.txt:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\XA5BAKZ3.txt:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\XA5BAKZ3.txt";"Found Tracking cookie.Overture";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\X3APDXA0.txt:\serving-sys.com.db46cecc";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\X3APDXA0.txt:\serving-sys.com.bb39fa8c";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\X3APDXA0.txt:\serving-sys.com.3c465e6e";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\X3APDXA0.txt:\serving-sys.com.176b0dad";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\X3APDXA0.txt";"Found Tracking cookie.Serving-sys";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\WW9DT306.txt:\ru4.com.5a5e0633";"Found Tracking cookie.Ru4";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\WW9DT306.txt";"Found Tracking cookie.Ru4";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\VW10I7YM.txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\VW10I7YM.txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\VW10I7YM.txt";"Found Tracking cookie.Mediaplex";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\VNB3D311.txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\VNB3D311.txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\VNB3D311.txt:\casalemedia.com.350339d4";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\VNB3D311.txt:\casalemedia.com.2d37ad26";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\VNB3D311.txt:\casalemedia.com.1e1e0e23";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\VNB3D311.txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\VNB3D311.txt";"Found Tracking cookie.Casalemedia";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\UMZGYRG4.txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\UMZGYRG4.txt";"Found Tracking cookie.Fastclick";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\TOIQFOQF.txt:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\TOIQFOQF.txt:\zedo.com.dab23eee";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\TOIQFOQF.txt:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\TOIQFOQF.txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\TOIQFOQF.txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\TOIQFOQF.txt:\zedo.com.88317d98";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\TOIQFOQF.txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\TOIQFOQF.txt";"Found Tracking cookie.Zedo";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\RZZJW322.txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\RZZJW322.txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\RZZJW322.txt:\advertising.com.893d35c2";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\RZZJW322.txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\RZZJW322.txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\RZZJW322.txt";"Found Tracking cookie.Advertising";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\R4D3O4MW.txt:\revsci.net.5f4da174";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\R4D3O4MW.txt:\revsci.net.5981ed5e";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\R4D3O4MW.txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\R4D3O4MW.txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\R4D3O4MW.txt:\revsci.net.18a1d1b2";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\R4D3O4MW.txt";"Found Tracking cookie.Revsci";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\R2PACCXE.txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\R2PACCXE.txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\R2PACCXE.txt:\casalemedia.com.350339d4";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\R2PACCXE.txt:\casalemedia.com.2d37ad26";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\R2PACCXE.txt:\casalemedia.com.1e1e0e23";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\R2PACCXE.txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\R2PACCXE.txt";"Found Tracking cookie.Casalemedia";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\Q5KM3AJR.txt:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\Q5KM3AJR.txt:\overture.com.bbef524a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\Q5KM3AJR.txt:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\Q5KM3AJR.txt";"Found Tracking cookie.Overture";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\PUJZT2L2.txt:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\PUJZT2L2.txt";"Found Tracking cookie.Adtech";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\PGN2CGG1.txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\PGN2CGG1.txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\PGN2CGG1.txt";"Found Tracking cookie.Atdmt";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\ML5Y15YY.txt:\tradedoubler.com.f4648305";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\ML5Y15YY.txt:\tradedoubler.com.ef90aa95";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\ML5Y15YY.txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\ML5Y15YY.txt:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\ML5Y15YY.txt:\tradedoubler.com.adc507fa";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\ML5Y15YY.txt";"Found Tracking cookie.Tradedoubler";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\L9E8U2BO.txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\L9E8U2BO.txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\L9E8U2BO.txt";"Found Tracking cookie.Questionmarket";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\JSDSCETC.txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\JSDSCETC.txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\JSDSCETC.txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\JSDSCETC.txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\JSDSCETC.txt:\trafficmp.com.9686d0fb";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\JSDSCETC.txt:\trafficmp.com.625265aa";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\JSDSCETC.txt:\trafficmp.com.4a6a90ff";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\JSDSCETC.txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\JSDSCETC.txt:\trafficmp.com.1ad5be0d";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\JSDSCETC.txt";"Found Tracking cookie.Trafficmp";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\J6CBV4TA.txt:\247realmedia.com.ef906bac";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\J6CBV4TA.txt:\247realmedia.com.e14be39e";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\J6CBV4TA.txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\J6CBV4TA.txt:\247realmedia.com.67d5399d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\J6CBV4TA.txt:\247realmedia.com.125a868c";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\J6CBV4TA.txt";"Found Tracking cookie.247realmedia";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\I7AP5LEN.txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\I7AP5LEN.txt";"Found Tracking cookie.Tribalfusion";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt:\trafficmp.com.dec3935d";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt:\trafficmp.com.9686d0fb";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt:\trafficmp.com.68c25758";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt:\trafficmp.com.625265aa";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt:\trafficmp.com.1ad5be0d";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt";"Found Tracking cookie.Trafficmp";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\GTVUJO3A.txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\GTVUJO3A.txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\GTVUJO3A.txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\GTVUJO3A.txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\GTVUJO3A.txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\GTVUJO3A.txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\GTVUJO3A.txt";"Found Tracking cookie.Yieldmanager";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\G4074UCB.txt:\2o7.net.f1069e42";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\G4074UCB.txt";"Found Tracking cookie.2o7";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\EHQDT7MC.txt:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\EHQDT7MC.txt";"Found Tracking cookie.Burstnet";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\BP67DUDE.txt:\adbrite.com.f796fd05";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\BP67DUDE.txt:\adbrite.com.e1f04284";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\BP67DUDE.txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\BP67DUDE.txt:\adbrite.com.775ee79c";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\BP67DUDE.txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\BP67DUDE.txt:\adbrite.com.37283d89";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\BP67DUDE.txt";"Found Tracking cookie.Adbrite";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\A49NNBU9.txt:\ru4.com.5a5e0633";"Found Tracking cookie.Ru4";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\A49NNBU9.txt";"Found Tracking cookie.Ru4";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\9P3GXFA1.txt:\ru4.com.5a5e0633";"Found Tracking cookie.Ru4";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9P3GXFA1.txt";"Found Tracking cookie.Ru4";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\9EPGL7NG.txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9EPGL7NG.txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9EPGL7NG.txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9EPGL7NG.txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9EPGL7NG.txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9EPGL7NG.txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9EPGL7NG.txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9EPGL7NG.txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9EPGL7NG.txt";"Found Tracking cookie.Yieldmanager";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\9510W4QM.txt:\serving-sys.com.db46cecc";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9510W4QM.txt:\serving-sys.com.bb39fa8c";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9510W4QM.txt:\serving-sys.com.3c465e6e";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9510W4QM.txt:\serving-sys.com.176b0dad";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\9510W4QM.txt";"Found Tracking cookie.Serving-sys";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\855H9M1N.txt:\smartadserver.com.c5827141";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\855H9M1N.txt:\smartadserver.com.bf8b766";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\855H9M1N.txt:\smartadserver.com.af3b05a6";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\855H9M1N.txt:\smartadserver.com.5550c4ed";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\855H9M1N.txt:\smartadserver.com.321a5cf8";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\855H9M1N.txt";"Found Tracking cookie.Smartadserver";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\7SBK6QEV.txt:\atdmt.com.f4b86dca";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\7SBK6QEV.txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\7SBK6QEV.txt:\atdmt.com.83bf5d5c";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\7SBK6QEV.txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\7SBK6QEV.txt";"Found Tracking cookie.Atdmt";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\75Q412B1.txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\75Q412B1.txt:\ad.yieldmanager.com.eec26c3e";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\75Q412B1.txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\75Q412B1.txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\75Q412B1.txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\75Q412B1.txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\75Q412B1.txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\75Q412B1.txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\75Q412B1.txt";"Found Tracking cookie.Yieldmanager";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\6IVCDBWL.txt:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\6IVCDBWL.txt:\overture.com.bbef524a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\6IVCDBWL.txt:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\6IVCDBWL.txt";"Found Tracking cookie.Overture";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\6ITC39FR.txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\6ITC39FR.txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\6ITC39FR.txt";"Found Tracking cookie.Atdmt";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\4GJQT22H.txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\4GJQT22H.txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\4GJQT22H.txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\4GJQT22H.txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\4GJQT22H.txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\4GJQT22H.txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\4GJQT22H.txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\4GJQT22H.txt";"Found Tracking cookie.Yieldmanager";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\4BSWYPRE.txt:\weborama.fr.30104bcb";"Found Tracking cookie.Weborama";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\4BSWYPRE.txt";"Found Tracking cookie.Weborama";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\3RCM42P3.txt:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\3RCM42P3.txt";"Found Tracking cookie.Adtech";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\3EJS9FAF.txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\3EJS9FAF.txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\3EJS9FAF.txt";"Found Tracking cookie.Atdmt";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\2Y8EM2RH.txt:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\2Y8EM2RH.txt";"Found Tracking cookie.Adtech";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\26FR1V0N.txt:\searchportal.information.com.db04e944";"Found Tracking cookie.Information";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\26FR1V0N.txt:\searchportal.information.com.6e59e45d";"Found Tracking cookie.Information";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\26FR1V0N.txt:\searchportal.information.com.65c64401";"Found Tracking cookie.Information";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\26FR1V0N.txt:\searchportal.information.com.44e78b2";"Found Tracking cookie.Information";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\26FR1V0N.txt:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\26FR1V0N.txt";"Found Tracking cookie.Information";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\1ACABVKO.txt:\revsci.net.c375ee1d";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\1ACABVKO.txt:\revsci.net.c1de9806";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\1ACABVKO.txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\1ACABVKO.txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\1ACABVKO.txt:\revsci.net.18a1d1b2";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\1ACABVKO.txt";"Found Tracking cookie.Revsci";"Healed"
"";"C:\Documents and Settings\NetworkService\Cookies\0FKIQW2X.txt:\247realmedia.com.ef906bac";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\0FKIQW2X.txt:\247realmedia.com.e14be39e";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\0FKIQW2X.txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\0FKIQW2X.txt:\247realmedia.com.67d5399d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\0FKIQW2X.txt:\247realmedia.com.125a868c";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\NetworkService\Cookies\0FKIQW2X.txt";"Found Tracking cookie.247realmedia";"Healed"

____________________________________________________________

Contents of Virus Vault


scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Thu Sep 08, 2011 12:22 pm

"Infection";"Trojan horse SHeur3.CNEN";"C:\WINDOWS\ja2nsxpr.dll";"N/A";"09/08/2011, 15:06:58"
"Infection";"Trojan horse SHeur3.CNEN";"C:\WINDOWS\ja2nsxpr.dll";"N/A";"09/08/2011, 15:07:00"
"Infection";"Trojan horse SHeur3.CNEN";"C:\WINDOWS\ja2nsxpr.dll";"N/A";"09/08/2011, 15:07:16"
"Infection";"Trojan horse SHeur3.CNEN";"C:\WINDOWS\ja2nsxpr.dll";"N/A";"09/08/2011, 15:07:22"
"Infection";"Trojan horse SHeur3.CNEN";"C:\WINDOWS\ja2nsxpr.dll";"N/A";"09/08/2011, 15:07:24"
"Warning";"Found registry key with reference to infected file C:\WINDOWS\ja2nsxpr.dll";"HKU\S-1-5-21-545504692-997205589-1577464367-500\Software\Microsoft\Windows\CurrentVersion\Run\\Cnaxojehu";"N/A";"09/08/2011, 15:07:25"
"Infection";"Trojan horse SHeur3.CNEN";"C:\WINDOWS\ja2nsxpr.dll";"N/A";"09/08/2011, 15:07:27"
"Infection";"Trojan horse SHeur3.CNEN";"C:\WINDOWS\ja2nsxpr.dll";"N/A";"09/08/2011, 15:07:35"
"Infection";"Virus identified Win32/Zbot.G";"c:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3axw25ly.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll";"N/A";"09/08/2011, 15:51:21"
"Infection";"Trojan horse SHeur3.CNEN";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1068\A0136691.dll";"N/A";"09/08/2011, 16:47:58"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\msvcp80.dll";"N/A";"10/08/2011, 09:20:13"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\msvcr80.dll";"N/A";"10/08/2011, 09:20:13"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\80\tools\binn\sqldmo.dll";"N/A";"10/08/2011, 09:20:14"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\system32\atl80.dll";"N/A";"10/08/2011, 09:20:14"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\system32\ansi\atl80.dll";"N/A";"10/08/2011, 09:20:15"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80.dll";"N/A";"10/08/2011, 09:20:15"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80u.dll";"N/A";"10/08/2011, 09:20:15"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\system32\msvcr80.dll";"N/A";"10/08/2011, 09:20:16"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\system32\msvcp80.dll";"N/A";"10/08/2011, 09:20:16"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8\mfc80.dll";"N/A";"10/08/2011, 09:20:16"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8\mfc80u.dll";"N/A";"10/08/2011, 09:20:17"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\hwfvlhtq.lm8\atl80.dll";"N/A";"10/08/2011, 09:20:17"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\jwfvlhtq.lm8\atl80.dll";"N/A";"10/08/2011, 09:20:17"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\mfc80.dll";"N/A";"10/08/2011, 09:20:17"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\mfc80u.dll";"N/A";"10/08/2011, 09:20:18"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8\msvcp80.dll";"N/A";"10/08/2011, 09:20:18"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8\msvcr80.dll";"N/A";"10/08/2011, 09:20:19"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\msvcp80.dll";"N/A";"10/08/2011, 09:20:19"
"Infection";"Virus identified Win32/Zbot.G";"C:\69960d0db7b36acb352a\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\msvcr80.dll";"N/A";"10/08/2011, 09:20:19"
"Infection";"Virus identified Win32/Zbot.G";"C:\904ee71eaa5529fe40\msvcp80.dll";"N/A";"10/08/2011, 09:20:20"
"Infection";"Virus identified Win32/Zbot.G";"C:\904ee71eaa5529fe40\msvcr80.dll";"N/A";"10/08/2011, 09:20:20"
"Infection";"Virus identified Win32/Zbot.G";"C:\a2e97c764e82e9ff75876d\msvcp80.dll";"N/A";"10/08/2011, 09:20:21"
"Infection";"Virus identified Win32/Zbot.G";"C:\a2e97c764e82e9ff75876d\msvcr80.dll";"N/A";"10/08/2011, 09:20:21"
"Infection";"Trojan horse Cryptic.BGF";"C:\COMPAQ\Audio\Alcmtr.exe";"N/A";"10/08/2011, 09:20:21"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\ChCfg.exe";"N/A";"10/08/2011, 09:21:03"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\AlcWzrd.exe";"N/A";"10/08/2011, 09:21:03"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\MicCal.exe";"N/A";"10/08/2011, 09:21:04"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\SetCDfmt.exe";"N/A";"10/08/2011, 09:21:04"
"Infection";"Trojan horse Cryptic.BGF";"C:\COMPAQ\Audio\Realtek\WDM\Alcmtr.exe";"N/A";"10/08/2011, 09:21:04"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\RtlExUpd.dll";"N/A";"10/08/2011, 09:21:05"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\WDM\MicCal.exe";"N/A";"10/08/2011, 09:21:05"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\WDM\RTCOMDLL.dll";"N/A";"10/08/2011, 09:21:05"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\WDM\AlcWzrd.exe";"N/A";"10/08/2011, 09:21:06"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\WDM\RtlCPAPI.dll";"N/A";"10/08/2011, 09:21:07"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\WDM\RtlUpd.exe";"N/A";"10/08/2011, 09:21:07"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\WDM\SoundMan.exe";"N/A";"10/08/2011, 09:21:07"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\RTCOMDLL.dll";"N/A";"10/08/2011, 09:21:08"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\WDM\SkyTel.exe";"N/A";"10/08/2011, 09:21:08"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\RtlCPAPI.dll";"N/A";"10/08/2011, 09:21:09"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\WDM\RTLCPL.exe";"N/A";"10/08/2011, 09:21:09"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\RtlUpd.exe";"N/A";"10/08/2011, 09:21:10"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\Realtek\WDM\RTHDCPL.exe";"N/A";"10/08/2011, 09:21:13"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\RTLCPL.exe";"N/A";"10/08/2011, 09:21:15"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\SoundMan.exe";"N/A";"10/08/2011, 09:21:18"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\SkyTel.exe";"N/A";"10/08/2011, 09:21:19"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\ACCMGR.DLL";"N/A";"10/08/2011, 09:21:19"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\CDMGR.DLL";"N/A";"10/08/2011, 09:21:20"
"Infection";"Virus found DNSChanger";"C:\COMPAQ\DotNet\CMNRES.DLL";"N/A";"10/08/2011, 09:21:20"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\DEFHELP.DLL";"N/A";"10/08/2011, 09:21:20"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\DELTEMP.EXE";"N/A";"10/08/2011, 09:21:21"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\DEPMGR.DLL";"N/A";"10/08/2011, 09:21:21"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\DFCHGFLD.DLL";"N/A";"10/08/2011, 09:21:21"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\DFFACT.DLL";"N/A";"10/08/2011, 09:21:22"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\DFDEPUI.DLL";"N/A";"10/08/2011, 09:21:22"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\DISKMGR.DLL";"N/A";"10/08/2011, 09:21:22"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\HTMLLITE.DLL";"N/A";"10/08/2011, 09:21:22"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\GENCOMP.DLL";"N/A";"10/08/2011, 09:21:23"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\MSVCR70.DLL";"N/A";"10/08/2011, 09:21:23"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\REBOOTST.EXE";"N/A";"10/08/2011, 09:21:23"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\MSVCP70.DLL";"N/A";"10/08/2011, 09:21:25"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Audio\RTHDCPL.exe";"N/A";"10/08/2011, 09:21:25"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\SUITE.DLL";"N/A";"10/08/2011, 09:21:26"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\SETUPDB.DLL";"N/A";"10/08/2011, 09:21:26"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\SETLOG.DLL";"N/A";"10/08/2011, 09:21:26"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\SVRGRMGR.DLL";"N/A";"10/08/2011, 09:21:27"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\SITSETUP.DLL";"N/A";"10/08/2011, 09:21:27"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\UIMGR.DLL";"N/A";"10/08/2011, 09:21:27"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\TEMPLMGR.DLL";"N/A";"10/08/2011, 09:21:28"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\VALIDATE.DLL";"N/A";"10/08/2011, 09:21:28"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\XPSPREQS.DLL";"N/A";"10/08/2011, 09:21:28"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\XPSPSCEN.DLL";"N/A";"10/08/2011, 09:21:28"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\DotNet\XPSPUI.DLL";"N/A";"10/08/2011, 09:21:29"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\HP Documentation\autorun.exe";"N/A";"10/08/2011, 09:21:29"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\HPBackup\SBCheck.dll";"N/A";"10/08/2011, 09:21:29"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\HP Documentation\QuickLnk.exe";"N/A";"10/08/2011, 09:21:30"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\HPBackup\SBCheck.exe";"N/A";"10/08/2011, 09:21:30"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\HPBackup\update\DRIVERS\STORAGE\idecoi.dll";"N/A";"10/08/2011, 09:21:30"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\HPBackup\update\SMINST\CD_Struct\I386\SYSTEM32\TruncVol.dll";"N/A";"10/08/2011, 09:21:31"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\HPBackup\update\SMINST\CD_Struct\I386\SYSTEM32\TruncVol.exe";"N/A";"10/08/2011, 09:21:32"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\HPBackup\update\SMINST\CD_Struct\I386\SYSTEM32\TruncVol_d.dll";"N/A";"10/08/2011, 09:21:32"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Modem\agrscoin.dll";"N/A";"10/08/2011, 09:21:32"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Modem\agrsmsvc.exe";"N/A";"10/08/2011, 09:21:33"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\NIC\nvconrm.dll";"N/A";"10/08/2011, 09:21:33"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Modem\agsetup1.dll";"N/A";"10/08/2011, 09:21:33"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Modem\agsetup2.dll";"N/A";"10/08/2011, 09:21:34"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\NIC\fdco1.dll";"N/A";"10/08/2011, 09:21:34"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Safety_Comfort_Guide\QuickLnk.exe";"N/A";"10/08/2011, 09:21:35"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\NIC\nvunrm.exe";"N/A";"10/08/2011, 09:21:35"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Video\nvudisp.exe";"N/A";"10/08/2011, 09:21:53"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\Virtual_Browser\QuickLnk.exe";"N/A";"10/08/2011, 09:21:54"
"Infection";"Virus identified Win32/Zbot.G";"C:\COMPAQ\WinDvD\Viasetup.dll";"N/A";"10/08/2011, 09:21:54"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Application Data\Business Objects\Crystal Reports Viewer 2008\configuration\org.eclipse.osgi\bundles\424\1\.cp\swt-gdip-win32-3449.dll";"N/A";"10/08/2011, 09:21:55"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Application Data\Business Objects\Crystal Reports Viewer 2008\configuration\org.eclipse.osgi\bundles\424\1\.cp\swt-win32-3449.dll";"N/A";"10/08/2011, 09:21:55"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3axw25ly.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko19.dll";"N/A";"10/08/2011, 09:22:43"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_11\lzma.dll";"N/A";"10/08/2011, 09:22:43"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_12\lzma.dll";"N/A";"10/08/2011, 09:22:44"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Application Data\U3\temp\cleanup.exe";"N/A";"10/08/2011, 09:22:44"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe";"N/A";"10/08/2011, 09:22:45"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Desktop\CD\TYRE FITMENT\AUTORUN.EXE";"N/A";"10/08/2011, 09:23:33"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip\Codecs\7zAes.dll";"N/A";"10/08/2011, 09:25:23"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip\Codecs\LZMA.dll";"N/A";"10/08/2011, 09:25:24"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip\Formats\7z.dll";"N/A";"10/08/2011, 09:25:25"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Local Settings\Temp\ct2645238\components\RadioWMPCore.dll";"N/A";"10/08/2011, 09:25:25"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Local Settings\Temp\ct2645238\components\RadioWMPCoreGecko19.dll";"N/A";"10/08/2011, 09:25:25"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Administrator\Local Settings\Temp\ffunzip.exe";"N/A";"10/08/2011, 09:25:26"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgui.exe";"N/A";"10/08/2011, 09:29:13"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\All Users\Application Data\MFAData\pack\HtmLayout.dll";"N/A";"10/08/2011, 09:30:03"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgui.exe";"N/A";"10/08/2011, 09:30:04"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\HtmLayout.dll";"N/A";"10/08/2011, 09:30:05"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe";"N/A";"10/08/2011, 09:30:05"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Default User\Local Settings\Application Data\Seven Zip\Codecs\7zAes.dll";"N/A";"10/08/2011, 09:30:06"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Default User\Local Settings\Application Data\Seven Zip\Codecs\LZMA.dll";"N/A";"10/08/2011, 09:30:06"
"Infection";"Virus identified Win32/Zbot.G";"C:\Documents and Settings\Default User\Local Settings\Application Data\Seven Zip\Formats\7z.dll";"N/A";"10/08/2011, 09:30:07"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\LocalService\Cookies\system@247realmedia[2].txt";"N/A";"10/08/2011, 09:30:07"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt";"N/A";"10/08/2011, 09:30:08"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt";"N/A";"10/08/2011, 09:30:08"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\LocalService\Cookies\system@adtech[2].txt";"N/A";"10/08/2011, 09:30:09"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\LocalService\Cookies\system@adviva[1].txt";"N/A";"10/08/2011, 09:30:09"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt";"N/A";"10/08/2011, 09:30:10"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt";"N/A";"10/08/2011, 09:30:10"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt";"N/A";"10/08/2011, 09:30:11"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\LocalService\Cookies\system@mediaplex[2].txt";"N/A";"10/08/2011, 09:30:11"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt";"N/A";"10/08/2011, 09:30:12"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\LocalService\Cookies\system@pro-market[1].txt";"N/A";"10/08/2011, 09:30:12"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\LocalService\Cookies\system@revsci[2].txt";"N/A";"10/08/2011, 09:30:13"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\LocalService\Cookies\system@ru4[1].txt";"N/A";"10/08/2011, 09:30:13"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt";"N/A";"10/08/2011, 09:30:14"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\LocalService\Cookies\system@smartadserver[1].txt";"N/A";"10/08/2011, 09:30:14"
"Warning";"Found Tracking cookie.Webtrendslive";"C:\Documents and Settings\LocalService\Cookies\system@statse.webtrendslive[2].txt";"N/A";"10/08/2011, 09:30:14"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt";"N/A";"10/08/2011, 09:30:15"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\LocalService\Cookies\system@zedo[2].txt";"N/A";"10/08/2011, 09:30:15"
"Infection";"Trojan horse SHeur3.CNHF";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\4af09aa5-42dbea0f";"N/A";"10/08/2011, 09:31:23"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt";"N/A";"10/08/2011, 09:31:23"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt";"N/A";"10/08/2011, 09:31:24"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[3].txt";"N/A";"10/08/2011, 09:31:25"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[4].txt";"N/A";"10/08/2011, 09:31:25"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[4].txt";"N/A";"10/08/2011, 09:31:26"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt";"N/A";"10/08/2011, 09:31:27"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[3].txt";"N/A";"10/08/2011, 09:31:27"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[5].txt";"N/A";"10/08/2011, 09:31:30"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[6].txt";"N/A";"10/08/2011, 09:31:30"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\system@adtech[1].txt";"N/A";"10/08/2011, 09:31:31"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\system@adtech[2].txt";"N/A";"10/08/2011, 09:31:31"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\system@adtech[3].txt";"N/A";"10/08/2011, 09:31:32"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\system@adtech[4].txt";"N/A";"10/08/2011, 09:31:32"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\system@adtech[6].txt";"N/A";"10/08/2011, 09:31:32"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\system@advertising[3].txt";"N/A";"10/08/2011, 09:31:33"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\system@adviva[1].txt";"N/A";"10/08/2011, 09:31:33"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\system@adviva[3].txt";"N/A";"10/08/2011, 09:31:34"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\system@adviva[4].txt";"N/A";"10/08/2011, 09:31:35"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\system@adviva[5].txt";"N/A";"10/08/2011, 09:31:35"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\system@adviva[6].txt";"N/A";"10/08/2011, 09:31:36"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt";"N/A";"10/08/2011, 09:31:36"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt";"N/A";"10/08/2011, 09:31:37"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\system@atdmt[4].txt";"N/A";"10/08/2011, 09:31:38"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\system@atdmt[5].txt";"N/A";"10/08/2011, 09:31:38"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt";"N/A";"10/08/2011, 09:31:39"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[2].txt";"N/A";"10/08/2011, 09:31:40"
"Warning";"Found Tracking cookie.Clickbank";"C:\Documents and Settings\NetworkService\Cookies\system@clickbank[2].txt";"N/A";"10/08/2011, 09:31:40"
"Warning";"Found Tracking cookie.Enhance";"C:\Documents and Settings\NetworkService\Cookies\system@enhance[2].txt";"N/A";"10/08/2011, 09:31:41"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt";"N/A";"10/08/2011, 09:31:42"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt";"N/A";"10/08/2011, 09:31:42"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\system@fastclick[3].txt";"N/A";"10/08/2011, 09:31:43"
"Warning";"Found Tracking cookie.Liveperson";"C:\Documents and Settings\NetworkService\Cookies\system@liveperson[1].txt";"N/A";"10/08/2011, 09:31:43"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt";"N/A";"10/08/2011, 09:31:44"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[3].txt";"N/A";"10/08/2011, 09:31:44"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[4].txt";"N/A";"10/08/2011, 09:31:45"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[5].txt";"N/A";"10/08/2011, 09:31:45"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\system@overture[2].txt";"N/A";"10/08/2011, 09:31:46"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\NetworkService\Cookies\system@pro-market[2].txt";"N/A";"10/08/2011, 09:31:47"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\NetworkService\Cookies\system@pro-market[3].txt";"N/A";"10/08/2011, 09:31:47"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\NetworkService\Cookies\system@pro-market[4].txt";"N/A";"10/08/2011, 09:31:48"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt";"N/A";"10/08/2011, 09:31:48"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[4].txt";"N/A";"10/08/2011, 09:31:49"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt";"N/A";"10/08/2011, 09:31:49"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt";"N/A";"10/08/2011, 09:31:50"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\system@revsci[3].txt";"N/A";"10/08/2011, 09:31:50"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\system@revsci[4].txt";"N/A";"10/08/2011, 09:31:51"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\system@revsci[5].txt";"N/A";"10/08/2011, 09:31:51"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt";"N/A";"10/08/2011, 09:31:52"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt";"N/A";"10/08/2011, 09:31:52"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\system@ru4[3].txt";"N/A";"10/08/2011, 09:31:53"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\system@ru4[4].txt";"N/A";"10/08/2011, 09:31:53"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\NetworkService\Cookies\system@searchportal.information[2].txt";"N/A";"10/08/2011, 09:31:54"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt";"N/A";"10/08/2011, 09:31:54"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt";"N/A";"10/08/2011, 09:31:55"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt";"N/A";"10/08/2011, 09:31:55"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[4].txt";"N/A";"10/08/2011, 09:31:56"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[5].txt";"N/A";"10/08/2011, 09:31:56"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\system@smartadserver[2].txt";"N/A";"10/08/2011, 09:31:57"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\system@smartadserver[1].txt";"N/A";"10/08/2011, 09:31:57"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\system@smartadserver[4].txt";"N/A";"10/08/2011, 09:31:57"
"Warning";"Found Tracking cookie.Tradedoubler";"C:\Documents and Settings\NetworkService\Cookies\system@tradedoubler[1].txt";"N/A";"10/08/2011, 09:31:58"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt";"N/A";"10/08/2011, 09:31:58"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[4].txt";"N/A";"10/08/2011, 09:31:59"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt";"N/A";"10/08/2011, 09:31:59"
"Infection";"Trojan horse SHeur3.CNHF";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\ykewpwgl\hqvjaapc.exe";"N/A";"10/08/2011, 09:32:00"
"Infection";"Trojan horse SHeur3.CNHF";"C:\WINDOWS\system32\0.1206261956166973.exe";"N/A";"10/08/2011, 09:51:38"
"Infection";"Trojan horse SHeur3.CNHF";"C:\WINDOWS\system32\0.04173209857007276.exe";"N/A";"10/08/2011, 09:51:38"
"Infection";"Trojan horse SHeur3.CNHF";"C:\WINDOWS\system32\0.8088371704212524.exe";"N/A";"10/08/2011, 09:51:38"
"Infection";"Trojan horse SHeur3.CNHF";"C:\WINDOWS\system32\0.20694629860541336.exe";"N/A";"10/08/2011, 09:51:39"
"Infection";"Trojan horse SHeur3.CNHF";"C:\WINDOWS\system32\0.2692636441613139.exe";"N/A";"10/08/2011, 09:51:39"
"Infection";"Trojan horse SHeur3.CNHF";"C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\hqvjaapc.exe";"N/A";"10/08/2011, 09:52:23"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[6].txt";"N/A";"10/08/2011, 11:06:06"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt";"N/A";"10/08/2011, 11:06:07"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\system@adtech[5].txt";"N/A";"10/08/2011, 11:06:07"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\system@atdmt[6].txt";"N/A";"10/08/2011, 11:06:07"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[2].txt";"N/A";"10/08/2011, 11:06:08"
"Warning";"Found Tracking cookie.Clickbank";"C:\Documents and Settings\NetworkService\Cookies\system@clickbank[2].txt";"N/A";"10/08/2011, 11:06:08"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt";"N/A";"10/08/2011, 11:06:09"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[6].txt";"N/A";"10/08/2011, 11:06:09"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\system@overture[1].txt";"N/A";"10/08/2011, 11:06:09"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\system@revsci[5].txt";"N/A";"10/08/2011, 11:06:09"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\NetworkService\Cookies\system@searchportal.information[1].txt";"N/A";"10/08/2011, 11:06:10"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[4].txt";"N/A";"10/08/2011, 11:06:10"
"Warning";"Corrupted executable file";"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4UZZ1OVU\atbpi-RON_iq-1.0[1].exe";"N/A";"10/08/2011, 11:06:11"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\system@adtech[5].txt";"N/A";"10/08/2011, 12:30:25"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[6].txt";"N/A";"10/08/2011, 12:30:26"
"Infection";"Virus identified Win32/Zbot.G";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137800.dll";"N/A";"11/08/2011, 11:24:02"
"Infection";"Virus identified Win32/Zbot.G";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137801.dll";"N/A";"11/08/2011, 14:24:51"
"Infection";"Virus identified Win32/Zbot.G";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137802.dll";"N/A";"11/08/2011, 15:50:03"
"Infection";"Virus identified Win32/Zbot.G";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137803.dll";"N/A";"12/08/2011, 10:18:49"
"Infection";"Virus identified Win32/Zbot.G";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137804.dll";"N/A";"12/08/2011, 11:24:08"
"Infection";"Virus identified Win32/Zbot.G";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137805.dll";"N/A";"12/08/2011, 12:52:25"
"Infection";"Trojan horse Cryptic.BGF";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137806.exe";"N/A";"12/08/2011, 14:05:07"
"Infection";"Virus identified Win32/Zbot.G";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137807.exe";"N/A";"12/08/2011, 14:23:17"
"Infection";"Virus identified Win32/Zbot.G";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137808.exe";"N/A";"12/08/2011, 15:22:49"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Administrator\Cookies\FK8KM2NS.txt";"N/A";"12/08/2011, 15:53:08"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Administrator\Cookies\KWY5ICCB.txt";"N/A";"12/08/2011, 15:53:08"
"Warning";"Found Tracking cookie.Tradedoubler";"C:\Documents and Settings\Administrator\Cookies\V0D4DSIQ.txt";"N/A";"12/08/2011, 15:53:08"
"Warning";"Found Tracking cookie.Admarketplace";"C:\Documents and Settings\Administrator\Cookies\ZHQ6WT3Y.txt";"N/A";"12/08/2011, 15:53:09"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\LocalService\Cookies\6C9U7CG3.txt";"N/A";"12/08/2011, 16:02:37"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\LocalService\Cookies\GA3H85DE.txt";"N/A";"12/08/2011, 16:02:38"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\LocalService\Cookies\QO7BBLD4.txt";"N/A";"12/08/2011, 16:02:39"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\LocalService\Cookies\XZEMS5C9.txt";"N/A";"12/08/2011, 16:02:40"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\4RYD5C8A.txt";"N/A";"12/08/2011, 16:04:07"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\5WBL12Y3.txt";"N/A";"12/08/2011, 16:04:08"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\8FC9RQRG.txt";"N/A";"12/08/2011, 16:04:08"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\CWM4GQJF.txt";"N/A";"12/08/2011, 16:04:08"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\EU7BNWW5.txt";"N/A";"12/08/2011, 16:04:09"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\EDNOCPB5.txt";"N/A";"12/08/2011, 16:04:11"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\L7GRGGK7.txt";"N/A";"12/08/2011, 16:04:11"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\NetworkService\Cookies\NHR6ANI8.txt";"N/A";"12/08/2011, 16:04:12"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\ORI1RU7D.txt";"N/A";"12/08/2011, 16:04:12"
"Warning";"Found Tracking cookie.Clickbank";"C:\Documents and Settings\NetworkService\Cookies\QDUNUY7N.txt";"N/A";"12/08/2011, 16:04:12"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\system@adtech[5].txt";"N/A";"12/08/2011, 16:04:13"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\system@atdmt[6].txt";"N/A";"12/08/2011, 16:04:13"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt";"N/A";"12/08/2011, 16:04:14"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\NetworkService\Cookies\VZTL55XZ.txt";"N/A";"12/08/2011, 16:04:14"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\W1JGWTBK.txt";"N/A";"12/08/2011, 16:04:15"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\YZOB8IO5.txt";"N/A";"12/08/2011, 16:04:15"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\ZAT4QZ42.txt";"N/A";"12/08/2011, 16:04:16"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\NetworkService\Cookies\ZIN5140H.txt";"N/A";"12/08/2011, 16:04:16"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\ZKB1EXD4.txt";"N/A";"12/08/2011, 16:04:17"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\Administrator\Cookies\0M453PD3.txt";"N/A";"13/08/2011, 17:33:31"
"Warning";"Found Tracking cookie.7search";"C:\Documents and Settings\Administrator\Cookies\35LB86Q4.txt";"N/A";"13/08/2011, 17:33:31"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Administrator\Cookies\AIYX9RLL.txt";"N/A";"13/08/2011, 17:33:31"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Administrator\Cookies\HRQM4OHX.txt";"N/A";"13/08/2011, 17:34:00"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Administrator\Cookies\PAASDPEU.txt";"N/A";"13/08/2011, 17:34:01"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\Administrator\Cookies\SQG3A91V.txt";"N/A";"13/08/2011, 17:34:01"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\LocalService\Cookies\0Z0AQU1E.txt";"N/A";"13/08/2011, 17:42:00"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\LocalService\Cookies\AG9V2UED.txt";"N/A";"13/08/2011, 17:42:00"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\LocalService\Cookies\B1I38843.txt";"N/A";"13/08/2011, 17:42:01"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\LocalService\Cookies\DQDWUMKE.txt";"N/A";"13/08/2011, 17:42:01"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\LocalService\Cookies\IGVELOBV.txt";"N/A";"13/08/2011, 17:42:01"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\LocalService\Cookies\IQOD0W6V.txt";"N/A";"13/08/2011, 17:42:01"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\LocalService\Cookies\RA57BENQ.txt";"N/A";"13/08/2011, 17:42:02"
"Warning";"Found Tracking cookie.Tradedoubler";"C:\Documents and Settings\NetworkService\Cookies\00N75WD1.txt";"N/A";"13/08/2011, 17:44:30"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\5CU2HUS5.txt";"N/A";"13/08/2011, 17:44:31"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\6SO3TYM5.txt";"N/A";"13/08/2011, 17:44:31"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\C14NXHRQ.txt";"N/A";"13/08/2011, 17:44:31"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\EDCHLMGE.txt";"N/A";"13/08/2011, 17:44:31"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\EM1C9R9Y.txt";"N/A";"13/08/2011, 17:44:31"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\F5LMNU0K.txt";"N/A";"13/08/2011, 17:44:32"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\OH96PADS.txt";"N/A";"13/08/2011, 17:44:32"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\NetworkService\Cookies\Q6QDH1V8.txt";"N/A";"13/08/2011, 17:44:32"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\RZAV5W1P.txt";"N/A";"13/08/2011, 17:44:33"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\NetworkService\Cookies\UODL13BZ.txt";"N/A";"13/08/2011, 17:45:00"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\NetworkService\Cookies\UYNN5MHT.txt";"N/A";"13/08/2011, 17:45:01"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\WP8KGKUU.txt";"N/A";"13/08/2011, 17:45:01"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\XS0XHGKH.txt";"N/A";"13/08/2011, 17:45:01"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\NetworkService\Cookies\ZFIEBW2F.txt";"N/A";"13/08/2011, 17:45:02"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1068\A0134627.exe";"N/A";"13/08/2011, 18:02:00"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1068\A0134626.exe";"N/A";"13/08/2011, 18:02:01"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1068\A0134629.exe";"N/A";"13/08/2011, 18:02:01"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1068\A0136710.exe";"N/A";"13/08/2011, 18:02:01"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1068\A0136709.exe";"N/A";"13/08/2011, 18:02:01"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137810.exe";"N/A";"13/08/2011, 18:03:00"
"Infection";"Trojan horse Cryptic.BGF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137811.exe";"N/A";"13/08/2011, 18:03:01"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137812.dll";"N/A";"13/08/2011, 18:03:01"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137809.exe";"N/A";"13/08/2011, 18:03:01"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137814.dll";"N/A";"13/08/2011, 18:03:02"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137813.exe";"N/A";"13/08/2011, 18:03:02"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137816.dll";"N/A";"13/08/2011, 18:03:02"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137815.exe";"N/A";"13/08/2011, 18:03:03"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137818.exe";"N/A";"13/08/2011, 18:03:03"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137817.exe";"N/A";"13/08/2011, 18:03:03"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137819.dll";"N/A";"13/08/2011, 18:03:03"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137821.dll";"N/A";"13/08/2011, 18:03:04"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137820.exe";"N/A";"13/08/2011, 18:03:04"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137823.exe";"N/A";"13/08/2011, 18:03:05"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137822.exe";"N/A";"13/08/2011, 18:03:05"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137824.exe";"N/A";"13/08/2011, 18:03:06"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137826.exe";"N/A";"13/08/2011, 18:03:08"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137825.exe";"N/A";"13/08/2011, 18:03:09"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137827.exe";"N/A";"13/08/2011, 18:03:11"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137828.DLL";"N/A";"13/08/2011, 18:03:11"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137829.DLL";"N/A";"13/08/2011, 18:03:11"
"Infection";"Virus found DNSChanger";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137830.DLL";"N/A";"13/08/2011, 18:03:11"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137831.DLL";"N/A";"13/08/2011, 18:03:12"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137832.EXE";"N/A";"13/08/2011, 18:03:12"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137833.DLL";"N/A";"13/08/2011, 18:03:12"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137834.DLL";"N/A";"13/08/2011, 18:03:13"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137835.DLL";"N/A";"13/08/2011, 18:03:13"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137836.DLL";"N/A";"13/08/2011, 18:03:14"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137837.DLL";"N/A";"13/08/2011, 18:03:14"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137838.DLL";"N/A";"13/08/2011, 18:03:14"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137839.DLL";"N/A";"13/08/2011, 18:03:14"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137840.DLL";"N/A";"13/08/2011, 18:03:15"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137841.EXE";"N/A";"13/08/2011, 18:03:15"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137842.DLL";"N/A";"13/08/2011, 18:03:15"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137844.DLL";"N/A";"13/08/2011, 18:03:16"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137845.DLL";"N/A";"13/08/2011, 18:03:16"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137846.DLL";"N/A";"13/08/2011, 18:03:16"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137847.DLL";"N/A";"13/08/2011, 18:03:17"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137848.DLL";"N/A";"13/08/2011, 18:03:17"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137849.DLL";"N/A";"13/08/2011, 18:03:17"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137850.DLL";"N/A";"13/08/2011, 18:03:17"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137851.DLL";"N/A";"13/08/2011, 18:03:18"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137852.DLL";"N/A";"13/08/2011, 18:03:18"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137853.DLL";"N/A";"13/08/2011, 18:03:18"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137854.DLL";"N/A";"13/08/2011, 18:03:19"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137855.exe";"N/A";"13/08/2011, 18:03:19"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137856.dll";"N/A";"13/08/2011, 18:03:19"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137843.exe";"N/A";"13/08/2011, 18:03:20"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137857.exe";"N/A";"13/08/2011, 18:03:21"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137858.exe";"N/A";"13/08/2011, 18:03:21"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137859.dll";"N/A";"13/08/2011, 18:03:22"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137860.dll";"N/A";"13/08/2011, 18:03:22"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137861.exe";"N/A";"13/08/2011, 18:03:22"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137863.dll";"N/A";"13/08/2011, 18:03:23"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137862.dll";"N/A";"13/08/2011, 18:03:23"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137865.dll";"N/A";"13/08/2011, 18:03:24"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137864.exe";"N/A";"13/08/2011, 18:03:24"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137867.dll";"N/A";"13/08/2011, 18:03:24"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137866.dll";"N/A";"13/08/2011, 18:03:25"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137869.exe";"N/A";"13/08/2011, 18:03:25"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137868.dll";"N/A";"13/08/2011, 18:03:26"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137870.exe";"N/A";"13/08/2011, 18:03:26"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137871.exe";"N/A";"13/08/2011, 18:03:26"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137872.exe";"N/A";"13/08/2011, 18:03:27"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137873.dll";"N/A";"13/08/2011, 18:03:27"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137874.dll";"N/A";"13/08/2011, 18:03:27"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137875.dll";"N/A";"13/08/2011, 18:03:30"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137876.dll";"N/A";"13/08/2011, 18:03:31"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137877.dll";"N/A";"13/08/2011, 18:03:31"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137878.dll";"N/A";"13/08/2011, 18:03:31"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137879.exe";"N/A";"13/08/2011, 18:03:31"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137881.EXE";"N/A";"13/08/2011, 18:03:32"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137882.dll";"N/A";"13/08/2011, 18:03:32"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137883.dll";"N/A";"13/08/2011, 18:03:32"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137884.dll";"N/A";"13/08/2011, 18:03:32"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137880.exe";"N/A";"13/08/2011, 18:03:33"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137886.dll";"N/A";"13/08/2011, 18:03:33"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137885.exe";"N/A";"13/08/2011, 18:03:34"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137888.dll";"N/A";"13/08/2011, 18:03:34"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137887.exe";"N/A";"13/08/2011, 18:03:35"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137889.exe";"N/A";"13/08/2011, 18:03:35"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137890.dll";"N/A";"13/08/2011, 18:03:36"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137891.dll";"N/A";"13/08/2011, 18:03:36"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137893.exe";"N/A";"13/08/2011, 18:03:36"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137892.dll";"N/A";"13/08/2011, 18:03:37"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137909.exe";"N/A";"13/08/2011, 18:03:37"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137910.exe";"N/A";"13/08/2011, 18:03:37"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137911.exe";"N/A";"13/08/2011, 18:03:38"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137912.exe";"N/A";"13/08/2011, 18:03:38"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137913.exe";"N/A";"13/08/2011, 18:03:38"
"Infection";"Trojan horse SHeur3.CNHF";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137914.exe";"N/A";"13/08/2011, 18:03:39"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137957.dll";"N/A";"13/08/2011, 18:03:39"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137958.dll";"N/A";"13/08/2011, 18:03:39"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137959.dll";"N/A";"13/08/2011, 18:03:40"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137956.dll";"N/A";"13/08/2011, 18:03:40"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137961.dll";"N/A";"13/08/2011, 18:03:41"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137960.dll";"N/A";"13/08/2011, 18:03:41"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137962.dll";"N/A";"13/08/2011, 18:03:42"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137964.dll";"N/A";"13/08/2011, 18:03:43"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137963.dll";"N/A";"13/08/2011, 18:03:43"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137965.dll";"N/A";"13/08/2011, 18:03:43"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137966.dll";"N/A";"13/08/2011, 18:03:44"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137967.dll";"N/A";"13/08/2011, 18:03:44"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137968.dll";"N/A";"13/08/2011, 18:03:44"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137969.dll";"N/A";"13/08/2011, 18:03:45"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137970.dll";"N/A";"13/08/2011, 18:03:45"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137971.dll";"N/A";"13/08/2011, 18:03:46"
"Infection";"Virus identified Win32/Zbot.G";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1069\A0137972.dll";"N/A";"13/08/2011, 18:03:46"
"Infection";"Trojan horse SHeur3.COCH";"c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\hqvjaapc.exe";"N/A";"16/08/2011, 13:22:37"
"Infection";"Trojan horse SHeur3.COCH";"c:\Documents and Settings\LocalService\Local Settings\Application Data\ykewpwgl\hqvjaapc.exe";"N/A";"17/08/2011, 17:16:45"
"Infection";"Trojan horse SHeur3.COCH";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1073\A0141965.exe";"N/A";"19/08/2011, 14:07:21"
"Infection";"Trojan horse SHeur3.COCH";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1075\A0145091.exe";"N/A";"20/08/2011, 14:47:31"
"Warning";"Found registry key with reference to infected file C:\Documents and Settings\Administrator\Application Data\Ofcuap\eqiduf.exe";"HKU\S-1-5-21-545504692-997205589-1577464367-500\Software\Microsoft\Windows\CurrentVersion\Run\\{284A0DEE-64B8-B7F4-C8E4-85548A2C12B3}";"N/A";"23/08/2011, 09:10:02"
"Infection";"Trojan horse PSW.Generic9.ISD";"c:\Documents and Settings\Administrator\Application Data\Ofcuap\eqiduf.exe";"N/A";"23/08/2011, 09:10:03"
"Infection";"Trojan horse PSW.Generic9.ISD";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1079\A0150224.exe";"N/A";"23/08/2011, 13:44:04"
"Infection";"Trojan horse PSW.Generic9.LWT";"C:\syte821.bin\E112498133B.exe";"N/A";"26/08/2011, 11:32:42"
"Warning";"Found registry key with reference to infected file C:\syte821.bin\E112498133B.exe";"HKU\S-1-5-21-545504692-997205589-1577464367-500\Software\Microsoft\Windows\CurrentVersion\Run\\0D6ZYB3E1GUXZXZAECCD";"N/A";"26/08/2011, 11:32:42"
"Infection";"Trojan horse PSW.Generic9.LWT";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1083\A0154651.exe";"N/A";"27/08/2011, 12:28:51"
"Infection";"Trojan horse Generic24.BFIA";"c:\WINDOWS\system32\0.005946201809485574.exe";"N/A";"31/08/2011, 11:46:29"
"Infection";"Trojan horse Agent3.AFTC";"c:\Documents and Settings\NetworkService\Local Settings\Application Data\ykewpwgl\hqvjaapc.exe";"N/A";"31/08/2011, 11:46:29"
"Infection";"Trojan horse Generic24.BFIA";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1086\A0159933.exe";"N/A";"01/09/2011, 10:34:15"
"Infection";"Trojan horse Agent3.AFTC";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1086\A0159934.exe";"N/A";"01/09/2011, 12:13:04"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Administrator\Cookies\4VBCSUJ3.txt";"N/A";"01/09/2011, 17:33:01"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Administrator\Cookies\8H0QWKNT.txt";"N/A";"01/09/2011, 17:33:01"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Administrator\Cookies\9XLAKMOO.txt";"N/A";"01/09/2011, 17:33:02"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Administrator\Cookies\KEE92N76.txt";"N/A";"01/09/2011, 17:33:02"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Administrator\Cookies\XHOYFXC3.txt";"N/A";"01/09/2011, 17:33:30"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Administrator\Cookies\YJEUH3QH.txt";"N/A";"01/09/2011, 17:33:31"
"Infection";"Trojan horse PSW.Generic9.ISD";"C:\Documents and Settings\Default User\Start Menu\Programs\Startup\orxoe.exe";"N/A";"01/09/2011, 17:40:45"
"Infection";"Trojan horse PSW.Generic9.MHV";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\12\6120584c-547336fc";"N/A";"01/09/2011, 17:40:46"

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Thu Sep 08, 2011 12:23 pm

"Infection";"Trojan horse Java/Downloader.CP";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\27\2ad0b69b-3459f7fe";"N/A";"01/09/2011, 17:40:46"
"Infection";"Trojan horse Agent3.ADHY";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\25\47f9e259-1989d1f3";"N/A";"01/09/2011, 17:40:47"
"Infection";"Trojan horse SHeur3.COCH";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\29\5f5d2e1d-243b10fe";"N/A";"01/09/2011, 17:40:47"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\LocalService\Cookies\0LGV7T0P.txt";"N/A";"01/09/2011, 17:40:47"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\LocalService\Cookies\2ICD3FYY.txt";"N/A";"01/09/2011, 17:40:48"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\LocalService\Cookies\2U3LQGW2.txt";"N/A";"01/09/2011, 17:40:48"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\LocalService\Cookies\6FV4HCSE.txt";"N/A";"01/09/2011, 17:40:48"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\LocalService\Cookies\87MYT7LF.txt";"N/A";"01/09/2011, 17:40:49"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\LocalService\Cookies\8IX8V9X6.txt";"N/A";"01/09/2011, 17:40:49"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\LocalService\Cookies\9DW07F3Q.txt";"N/A";"01/09/2011, 17:40:49"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\LocalService\Cookies\AKQ6EUXS.txt";"N/A";"01/09/2011, 17:40:50"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\LocalService\Cookies\B3Z14VUK.txt";"N/A";"01/09/2011, 17:40:50"
"Warning";"Found Tracking cookie.Liveperson";"C:\Documents and Settings\LocalService\Cookies\CBHGHTF3.txt";"N/A";"01/09/2011, 17:40:50"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\LocalService\Cookies\CX8XZKSI.txt";"N/A";"01/09/2011, 17:40:51"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\LocalService\Cookies\E257M1EQ.txt";"N/A";"01/09/2011, 17:40:51"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\LocalService\Cookies\FMRT35B6.txt";"N/A";"01/09/2011, 17:40:52"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\LocalService\Cookies\GPI0MVQY.txt";"N/A";"01/09/2011, 17:40:52"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\LocalService\Cookies\HWFK06R0.txt";"N/A";"01/09/2011, 17:40:53"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\LocalService\Cookies\IEELJM0Z.txt";"N/A";"01/09/2011, 17:40:53"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\LocalService\Cookies\KA66L22V.txt";"N/A";"01/09/2011, 17:40:54"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\LocalService\Cookies\NW8R1YFS.txt";"N/A";"01/09/2011, 17:40:54"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\LocalService\Cookies\R8JQK3V6.txt";"N/A";"01/09/2011, 17:40:55"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\LocalService\Cookies\S5ME82BO.txt";"N/A";"01/09/2011, 17:40:55"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\LocalService\Cookies\SPXYZJQN.txt";"N/A";"01/09/2011, 17:40:56"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\LocalService\Cookies\SZYHVOFC.txt";"N/A";"01/09/2011, 17:40:56"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\LocalService\Cookies\VJPCCUPV.txt";"N/A";"01/09/2011, 17:40:56"
"Warning";"Found Tracking cookie.Tradedoubler";"C:\Documents and Settings\LocalService\Cookies\VKX5A5HM.txt";"N/A";"01/09/2011, 17:40:57"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\LocalService\Cookies\W5FFUEA0.txt";"N/A";"01/09/2011, 17:40:57"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\LocalService\Cookies\YHXGDQCV.txt";"N/A";"01/09/2011, 17:40:57"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\LocalService\Cookies\ZBYTJMKT.txt";"N/A";"01/09/2011, 17:40:57"
"Infection";"Trojan horse PSW.Generic9.LWT";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\12\6120584c-24fe34ea";"N/A";"01/09/2011, 17:41:30"
"Infection";"Trojan horse Java/Downloader.CP";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\27\2ad0b69b-5c072bff";"N/A";"01/09/2011, 17:41:31"
"Infection";"Trojan horse Agent3.AFTC";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\36\30756824-374f620e";"N/A";"01/09/2011, 17:41:31"
"Infection";"Trojan horse PSW.Generic9.MKG";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\53\5aa7f675-4691320f";"N/A";"01/09/2011, 17:41:31"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\01VAH6TV.txt";"N/A";"01/09/2011, 17:41:31"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\0F7F2NZR.txt";"N/A";"01/09/2011, 17:41:33"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\NetworkService\Cookies\0KMDEJPS.txt";"N/A";"01/09/2011, 17:41:34"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\0V0CS1IV.txt";"N/A";"01/09/2011, 17:41:34"
"Infection";"Trojan horse Generic24.BFIA";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\12\6120584c-6a0f1017";"N/A";"01/09/2011, 17:41:34"
"Warning";"Found Tracking cookie.Pointroll";"C:\Documents and Settings\NetworkService\Cookies\148RO0F0.txt";"N/A";"01/09/2011, 17:41:35"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\1ELNV3YI.txt";"N/A";"01/09/2011, 17:41:35"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\1IG0TORP.txt";"N/A";"01/09/2011, 17:41:35"
"Warning";"Found Tracking cookie.Tradedoubler";"C:\Documents and Settings\NetworkService\Cookies\1JOG3T7M.txt";"N/A";"01/09/2011, 17:41:36"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\20DE6D79.txt";"N/A";"01/09/2011, 17:41:36"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\NetworkService\Cookies\29UXB87K.txt";"N/A";"01/09/2011, 17:41:36"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\NetworkService\Cookies\2BXV6NWV.txt";"N/A";"01/09/2011, 17:41:36"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\2KB58KXX.txt";"N/A";"01/09/2011, 17:41:37"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\NetworkService\Cookies\2PC0Z8KW.txt";"N/A";"01/09/2011, 17:41:37"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\33343NJT.txt";"N/A";"01/09/2011, 17:41:37"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\38YIG5XW.txt";"N/A";"01/09/2011, 17:41:37"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\3E4L59AY.txt";"N/A";"01/09/2011, 17:41:39"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\3F0WETVM.txt";"N/A";"01/09/2011, 17:41:39"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\3JW44DQ6.txt";"N/A";"01/09/2011, 17:41:40"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\3SL2J38X.txt";"N/A";"01/09/2011, 17:41:40"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\442FRLZ9.txt";"N/A";"01/09/2011, 17:41:40"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\4J5K9U1C.txt";"N/A";"01/09/2011, 17:41:40"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\NetworkService\Cookies\56LSINUX.txt";"N/A";"01/09/2011, 17:41:41"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\58S09GRG.txt";"N/A";"01/09/2011, 17:41:41"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\NetworkService\Cookies\62LH32EM.txt";"N/A";"01/09/2011, 17:41:41"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\69ATBPNX.txt";"N/A";"01/09/2011, 17:41:41"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\6B435VG7.txt";"N/A";"01/09/2011, 17:41:42"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\6BTZW2H0.txt";"N/A";"01/09/2011, 17:41:42"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\6E8EAEGH.txt";"N/A";"01/09/2011, 17:41:42"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\6OI2PMDS.txt";"N/A";"01/09/2011, 17:41:43"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\6UAXL9VL.txt";"N/A";"01/09/2011, 17:41:43"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\NetworkService\Cookies\75L5B35S.txt";"N/A";"01/09/2011, 17:41:43"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\76OB6M5G.txt";"N/A";"01/09/2011, 17:41:43"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\7F0W4GC2.txt";"N/A";"01/09/2011, 17:41:44"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\7K28KDDG.txt";"N/A";"01/09/2011, 17:41:45"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\NetworkService\Cookies\83N0D11I.txt";"N/A";"01/09/2011, 17:41:45"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\877IPSTH.txt";"N/A";"01/09/2011, 17:41:46"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\8BSNZ9RX.txt";"N/A";"01/09/2011, 17:41:46"
"Warning";"Found Tracking cookie.Liveperson";"C:\Documents and Settings\NetworkService\Cookies\8CRAH4HD.txt";"N/A";"01/09/2011, 17:41:47"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\8QLMM7ZK.txt";"N/A";"01/09/2011, 17:41:47"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\8V363FVS.txt";"N/A";"01/09/2011, 17:41:48"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\910I5EUM.txt";"N/A";"01/09/2011, 17:41:48"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\932ICJRR.txt";"N/A";"01/09/2011, 17:41:49"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\99FV7YSZ.txt";"N/A";"01/09/2011, 17:41:49"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\9DME3ZXQ.txt";"N/A";"01/09/2011, 17:41:49"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\NetworkService\Cookies\9N4MQ2UY.txt";"N/A";"01/09/2011, 17:41:50"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\9P7F9434.txt";"N/A";"01/09/2011, 17:41:50"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\9URFD3XY.txt";"N/A";"01/09/2011, 17:41:51"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\9YJKR364.txt";"N/A";"01/09/2011, 17:41:51"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\9ZHK2OKI.txt";"N/A";"01/09/2011, 17:41:52"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\AOJXJ2WO.txt";"N/A";"01/09/2011, 17:41:52"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\NetworkService\Cookies\BE4651OC.txt";"N/A";"01/09/2011, 17:41:53"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\NetworkService\Cookies\BFSFU5BM.txt";"N/A";"01/09/2011, 17:41:53"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\NetworkService\Cookies\BL4SK1I7.txt";"N/A";"01/09/2011, 17:41:53"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\BPHVEOLP.txt";"N/A";"01/09/2011, 17:41:53"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\BYZBNJOE.txt";"N/A";"01/09/2011, 17:41:54"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\C1LSOADB.txt";"N/A";"01/09/2011, 17:41:54"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\C5CC22NR.txt";"N/A";"01/09/2011, 17:41:54"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\C969PB08.txt";"N/A";"01/09/2011, 17:41:55"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\CJA6B218.txt";"N/A";"01/09/2011, 17:41:55"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\CKHPLY9D.txt";"N/A";"01/09/2011, 17:41:55"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\CL61ADMW.txt";"N/A";"01/09/2011, 17:41:56"
"Warning";"Found Tracking cookie.Liveperson";"C:\Documents and Settings\NetworkService\Cookies\CTZRR2PB.txt";"N/A";"01/09/2011, 17:41:56"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\NetworkService\Cookies\DH8UC47F.txt";"N/A";"01/09/2011, 17:41:56"
"Warning";"Found Tracking cookie.Tradedoubler";"C:\Documents and Settings\NetworkService\Cookies\DL4P4WQ1.txt";"N/A";"01/09/2011, 17:41:57"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\DWR3Z3LP.txt";"N/A";"01/09/2011, 17:42:00"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\DWWXYGOA.txt";"N/A";"01/09/2011, 17:42:00"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\EC5TD6VH.txt";"N/A";"01/09/2011, 17:42:01"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\EGSR0QGC.txt";"N/A";"01/09/2011, 17:42:01"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\ENH2HDJP.txt";"N/A";"01/09/2011, 17:42:01"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\NetworkService\Cookies\EQOKJKW2.txt";"N/A";"01/09/2011, 17:42:02"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\FDEOFGF0.txt";"N/A";"01/09/2011, 17:42:02"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\NetworkService\Cookies\FJRX0UU0.txt";"N/A";"01/09/2011, 17:42:03"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\FN7VBMSH.txt";"N/A";"01/09/2011, 17:42:03"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\FRLU95UL.txt";"N/A";"01/09/2011, 17:42:03"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\FX3NAA03.txt";"N/A";"01/09/2011, 17:42:04"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\G6RS7I6O.txt";"N/A";"01/09/2011, 17:42:04"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\GE4KQK82.txt";"N/A";"01/09/2011, 17:42:04"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\GF43INIB.txt";"N/A";"01/09/2011, 17:42:05"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\GF5E0TNC.txt";"N/A";"01/09/2011, 17:42:05"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\GK9GUA9C.txt";"N/A";"01/09/2011, 17:42:06"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\NetworkService\Cookies\GMZ6595H.txt";"N/A";"01/09/2011, 17:42:06"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\GTREAQWH.txt";"N/A";"01/09/2011, 17:42:07"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\H033UMDM.txt";"N/A";"01/09/2011, 17:42:07"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\HALSA635.txt";"N/A";"01/09/2011, 17:42:08"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\HEO38WRX.txt";"N/A";"01/09/2011, 17:42:08"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\ISQQDNSA.txt";"N/A";"01/09/2011, 17:42:09"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\ITH2CB07.txt";"N/A";"01/09/2011, 17:42:09"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\IX901WW0.txt";"N/A";"01/09/2011, 17:42:10"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\IX5R8BB7.txt";"N/A";"01/09/2011, 17:42:11"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\JHCOBTTY.txt";"N/A";"01/09/2011, 17:42:11"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\JI7WVIUP.txt";"N/A";"01/09/2011, 17:42:11"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\JP94E3L0.txt";"N/A";"01/09/2011, 17:42:12"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\JQU5Z8C2.txt";"N/A";"01/09/2011, 17:42:12"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\NetworkService\Cookies\JXIFHI6C.txt";"N/A";"01/09/2011, 17:42:13"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\NetworkService\Cookies\JY8KDRYF.txt";"N/A";"01/09/2011, 17:42:13"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\K92IPCTX.txt";"N/A";"01/09/2011, 17:42:14"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\KHF61W69.txt";"N/A";"01/09/2011, 17:42:14"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\KTJQSXIN.txt";"N/A";"01/09/2011, 17:42:15"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\L6WOAC22.txt";"N/A";"01/09/2011, 17:42:16"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\LOMFKKP8.txt";"N/A";"01/09/2011, 17:42:16"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\LSIZ0E6P.txt";"N/A";"01/09/2011, 17:42:16"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\M2FY7HV2.txt";"N/A";"01/09/2011, 17:42:17"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\MI66SKXM.txt";"N/A";"01/09/2011, 17:42:17"
"Warning";"Found Tracking cookie.Tradedoubler";"C:\Documents and Settings\NetworkService\Cookies\MK7QTL51.txt";"N/A";"01/09/2011, 17:42:18"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\MMY28MR5.txt";"N/A";"01/09/2011, 17:42:18"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\MO1GNH9L.txt";"N/A";"01/09/2011, 17:42:18"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\MYONYZTG.txt";"N/A";"01/09/2011, 17:42:19"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\NGA287FV.txt";"N/A";"01/09/2011, 17:42:19"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\NGS6K8OZ.txt";"N/A";"01/09/2011, 17:42:20"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\NI5GG5QX.txt";"N/A";"01/09/2011, 17:42:20"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\NNMND341.txt";"N/A";"01/09/2011, 17:42:21"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\NTZAITYN.txt";"N/A";"01/09/2011, 17:42:21"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\NRHC5BPH.txt";"N/A";"01/09/2011, 17:42:22"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\NVNIDG7O.txt";"N/A";"01/09/2011, 17:42:22"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\NetworkService\Cookies\O4DHQLBD.txt";"N/A";"01/09/2011, 17:42:23"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\NetworkService\Cookies\O69UQ3AR.txt";"N/A";"01/09/2011, 17:42:23"
"Warning";"Found Tracking cookie.Clickbank";"C:\Documents and Settings\NetworkService\Cookies\OBZX250C.txt";"N/A";"01/09/2011, 17:42:23"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\OK266VIC.txt";"N/A";"01/09/2011, 17:42:23"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\OLL6G641.txt";"N/A";"01/09/2011, 17:42:24"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\OLODB1L9.txt";"N/A";"01/09/2011, 17:42:24"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\OS0HA1X7.txt";"N/A";"01/09/2011, 17:42:24"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\NetworkService\Cookies\OUEBYPIO.txt";"N/A";"01/09/2011, 17:42:24"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\OX2BDBY6.txt";"N/A";"01/09/2011, 17:42:25"
"Warning";"Found Tracking cookie.Tradedoubler";"C:\Documents and Settings\NetworkService\Cookies\PGWGQHRV.txt";"N/A";"01/09/2011, 17:42:25"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\PHY2YOWK.txt";"N/A";"01/09/2011, 17:42:25"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\NetworkService\Cookies\Q0L1CL74.txt";"N/A";"01/09/2011, 17:42:25"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\QDGSAKQ1.txt";"N/A";"01/09/2011, 17:42:26"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\QTUNE8U2.txt";"N/A";"01/09/2011, 17:42:26"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\QTFY750E.txt";"N/A";"01/09/2011, 17:42:26"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\QVP6AR6L.txt";"N/A";"01/09/2011, 17:42:27"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\R7XBMLZN.txt";"N/A";"01/09/2011, 17:42:29"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\R8ZZ8PFH.txt";"N/A";"01/09/2011, 17:42:29"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\RDL9AU5U.txt";"N/A";"01/09/2011, 17:42:29"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\RFUS0C1W.txt";"N/A";"01/09/2011, 17:42:29"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\RJQS8TWH.txt";"N/A";"01/09/2011, 17:42:30"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\RLPF7CY2.txt";"N/A";"01/09/2011, 17:42:30"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\RQ1M9FD5.txt";"N/A";"01/09/2011, 17:42:30"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\RXMB1TKM.txt";"N/A";"01/09/2011, 17:42:30"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\NetworkService\Cookies\SBVJ94HK.txt";"N/A";"01/09/2011, 17:42:30"
"Warning";"Found Tracking cookie.Clickbank";"C:\Documents and Settings\NetworkService\Cookies\SWP70VR4.txt";"N/A";"01/09/2011, 17:42:31"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\T0STQFFC.txt";"N/A";"01/09/2011, 17:42:31"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\T42TJF42.txt";"N/A";"01/09/2011, 17:42:31"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\T5R11X0A.txt";"N/A";"01/09/2011, 17:42:32"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\NetworkService\Cookies\TLQQTF7V.txt";"N/A";"01/09/2011, 17:42:32"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\TO1I8IJH.txt";"N/A";"01/09/2011, 17:42:32"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\TSCD8E9M.txt";"N/A";"01/09/2011, 17:42:32"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\U0YRN5NG.txt";"N/A";"01/09/2011, 17:42:32"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\U83CB4P4.txt";"N/A";"01/09/2011, 17:42:33"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\NetworkService\Cookies\U983AFLB.txt";"N/A";"01/09/2011, 17:42:33"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\UE3RFHB9.txt";"N/A";"01/09/2011, 17:42:33"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\UPMOWKGM.txt";"N/A";"01/09/2011, 17:42:33"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\VB9UGE8D.txt";"N/A";"01/09/2011, 17:42:34"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\VFFTOKL7.txt";"N/A";"01/09/2011, 17:42:34"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\VQLD7GVV.txt";"N/A";"01/09/2011, 17:42:34"
"Warning";"Found Tracking cookie.Clickbank";"C:\Documents and Settings\NetworkService\Cookies\VTBVFPFV.txt";"N/A";"01/09/2011, 17:42:34"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\NetworkService\Cookies\W5E2J9DS.txt";"N/A";"01/09/2011, 17:42:34"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\WB0AKRWZ.txt";"N/A";"01/09/2011, 17:42:34"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\WQV4DXDE.txt";"N/A";"01/09/2011, 17:42:35"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\WU6IXCOR.txt";"N/A";"01/09/2011, 17:42:35"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\NetworkService\Cookies\WUO16PNT.txt";"N/A";"01/09/2011, 17:42:35"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\NetworkService\Cookies\WZ4A1F86.txt";"N/A";"01/09/2011, 17:42:35"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\X3K3G8B8.txt";"N/A";"01/09/2011, 17:42:35"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\XD8LNNXA.txt";"N/A";"01/09/2011, 17:42:36"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\NetworkService\Cookies\XUQ2MH35.txt";"N/A";"01/09/2011, 17:42:36"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\XVX2VP79.txt";"N/A";"01/09/2011, 17:42:36"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\XXP0NG5J.txt";"N/A";"01/09/2011, 17:42:36"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\YE10EVXR.txt";"N/A";"01/09/2011, 17:42:36"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\YL8UGF0V.txt";"N/A";"01/09/2011, 17:42:36"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\YMVV7YYF.txt";"N/A";"01/09/2011, 17:42:37"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\YSBYEOZH.txt";"N/A";"01/09/2011, 17:42:37"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\Z1DLQN8P.txt";"N/A";"01/09/2011, 17:42:37"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\Z2BYMILQ.txt";"N/A";"01/09/2011, 17:42:37"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\Z3TUCC2J.txt";"N/A";"01/09/2011, 17:42:37"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\ZET237N4.txt";"N/A";"01/09/2011, 17:42:37"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\ZI705GYH.txt";"N/A";"01/09/2011, 17:42:37"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\ZLZ73TXV.txt";"N/A";"01/09/2011, 17:42:38"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\ZRJ24CV6.txt";"N/A";"01/09/2011, 17:42:38"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\ZUX55QGU.txt";"N/A";"01/09/2011, 17:42:38"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\ZWJRS120.txt";"N/A";"01/09/2011, 17:42:38"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\ZXI6RCTY.txt";"N/A";"01/09/2011, 17:42:38"
"Infection";"Trojan horse PSW.Generic9.ISD";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1074\A0143909.exe";"N/A";"02/09/2011, 09:06:28"
"Infection";"Trojan horse PSW.Generic9.ISD";"C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1087\A0163951.exe";"N/A";"02/09/2011, 09:06:58"
"Infection";"Trojan horse SHeur4.OB";"C:\WINDOWS\system32\ALSndMgrd.exe";"N/A";"02/09/2011, 09:09:58"
"Infection";"Trojan horse SHeur4.OB";"C:\WINDOWS\Temp\yhhrhy\setup.exe";"N/A";"02/09/2011, 09:10:28"
"Infection";"Trojan horse SHeur4.OB";"c:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1087\A0163964.exe";"N/A";"02/09/2011, 11:16:42"
"Infection";"Trojan horse Java/Agent.ET";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\43\7c55146b-385d181d";"N/A";"08/09/2011, 12:55:03"
"Infection";"Trojan horse Java/Agent.EP";"C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\57\d869ef9-717baba2";"N/A";"08/09/2011, 12:55:04"
"Infection";"Trojan horse Java/Agent.EY";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\8dac151-76423600";"N/A";"08/09/2011, 12:56:03"
"Infection";"Trojan horse Java/Agent.EP";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\5\7ff4f845-7d60cb63";"N/A";"08/09/2011, 12:56:03"
"Infection";"Trojan horse Java/Agent.FN";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\54\1cb50536-7ee0c129";"N/A";"08/09/2011, 12:56:03"
"Infection";"Trojan horse Java/Agent.EY";"C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\29eb13fa-18da81f9";"N/A";"08/09/2011, 12:56:03"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\0FKIQW2X.txt";"N/A";"08/09/2011, 12:56:03"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\1ACABVKO.txt";"N/A";"08/09/2011, 12:56:05"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\NetworkService\Cookies\26FR1V0N.txt";"N/A";"08/09/2011, 12:56:06"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\2Y8EM2RH.txt";"N/A";"08/09/2011, 12:56:06"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\3EJS9FAF.txt";"N/A";"08/09/2011, 12:56:06"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\3RCM42P3.txt";"N/A";"08/09/2011, 12:56:06"
"Warning";"Found Tracking cookie.Weborama";"C:\Documents and Settings\NetworkService\Cookies\4BSWYPRE.txt";"N/A";"08/09/2011, 12:56:07"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\4GJQT22H.txt";"N/A";"08/09/2011, 12:56:07"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\6ITC39FR.txt";"N/A";"08/09/2011, 12:56:07"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\6IVCDBWL.txt";"N/A";"08/09/2011, 12:56:07"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\75Q412B1.txt";"N/A";"08/09/2011, 12:56:08"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\7SBK6QEV.txt";"N/A";"08/09/2011, 12:56:08"
"Warning";"Found Tracking cookie.Smartadserver";"C:\Documents and Settings\NetworkService\Cookies\855H9M1N.txt";"N/A";"08/09/2011, 12:56:08"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\9510W4QM.txt";"N/A";"08/09/2011, 12:56:10"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\9EPGL7NG.txt";"N/A";"08/09/2011, 12:56:10"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\9P3GXFA1.txt";"N/A";"08/09/2011, 12:56:11"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\A49NNBU9.txt";"N/A";"08/09/2011, 12:56:11"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\BP67DUDE.txt";"N/A";"08/09/2011, 12:56:33"
"Warning";"Found Tracking cookie.Burstnet";"C:\Documents and Settings\NetworkService\Cookies\EHQDT7MC.txt";"N/A";"08/09/2011, 12:56:33"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\NetworkService\Cookies\G4074UCB.txt";"N/A";"08/09/2011, 12:56:34"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\GTVUJO3A.txt";"N/A";"08/09/2011, 12:56:34"
"Warning";"Found Tracking cookie.Trafficmp";"C:\Documents and Settings\NetworkService\Cookies\HIV9MH0B.txt";"N/A";"08/09/2011, 12:56:34"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\NetworkService\Cookies\I7AP5LEN.txt";"N/A";"08/09/2011, 12:56:35"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\J6CBV4TA.txt";"N/A";"08/09/2011, 12:56:36"
"Warning";"Found Tracking cookie.Trafficmp";"C:\Documents and Settings\NetworkService\Cookies\JSDSCETC.txt";"N/A";"08/09/2011, 12:56:36"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\NetworkService\Cookies\L9E8U2BO.txt";"N/A";"08/09/2011, 12:56:37"
"Warning";"Found Tracking cookie.Tradedoubler";"C:\Documents and Settings\NetworkService\Cookies\ML5Y15YY.txt";"N/A";"08/09/2011, 12:56:37"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\NetworkService\Cookies\PGN2CGG1.txt";"N/A";"08/09/2011, 12:56:37"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\NetworkService\Cookies\PUJZT2L2.txt";"N/A";"08/09/2011, 12:56:38"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\Q5KM3AJR.txt";"N/A";"08/09/2011, 12:56:38"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\NetworkService\Cookies\R2PACCXE.txt";"N/A";"08/09/2011, 12:56:39"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\R4D3O4MW.txt";"N/A";"08/09/2011, 12:56:39"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\RZZJW322.txt";"N/A";"08/09/2011, 12:56:40"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\NetworkService\Cookies\TOIQFOQF.txt";"N/A";"08/09/2011, 12:56:40"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\NetworkService\Cookies\UMZGYRG4.txt";"N/A";"08/09/2011, 12:56:41"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\NetworkService\Cookies\VNB3D311.txt";"N/A";"08/09/2011, 12:56:41"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\VW10I7YM.txt";"N/A";"08/09/2011, 12:56:42"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\NetworkService\Cookies\WW9DT306.txt";"N/A";"08/09/2011, 12:56:42"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\NetworkService\Cookies\X3APDXA0.txt";"N/A";"08/09/2011, 12:56:43"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\NetworkService\Cookies\XA5BAKZ3.txt";"N/A";"08/09/2011, 12:56:43"
"Warning";"Found Tracking cookie.Weborama";"C:\Documents and Settings\NetworkService\Cookies\XHIS1XW1.txt";"N/A";"08/09/2011, 12:56:44"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\XQQCLNUI.txt";"N/A";"08/09/2011, 12:56:44"
"Warning";"Found Tracking cookie.Adviva";"C:\Documents and Settings\NetworkService\Cookies\YA4PEIPJ.txt";"N/A";"08/09/2011, 12:56:45"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\NetworkService\Cookies\YWGUSTKX.txt";"N/A";"08/09/2011, 12:56:46"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\YY59R479.txt";"N/A";"08/09/2011, 12:56:46"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\NetworkService\Cookies\ZS7K7O7Y.txt";"N/A";"08/09/2011, 12:56:46"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\NetworkService\Cookies\ZTJRAIZ4.txt";"N/A";"08/09/2011, 12:56:47"
"Malware";"Unknown";"C:\WINDOWS\SYSTEM32\0.4609631050202895.EXE";"N/A";"25/08/2011, 16:54:17"
"Malware";"Spyware.Passwords.XGen";"C:\WINDOWS\SYSTEM32\0.584362028904144.EXE";"N/A";"26/08/2011, 13:51:58"
"Malware";"Trojan.Agent";"C:\WINDOWS\SYSTEM32\0.06657870090111229.EXE";"N/A";"31/08/2011, 11:46:22"

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by Belahzur on Thu Sep 08, 2011 4:39 pm

Hi,


Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Fri Sep 09, 2011 9:37 am

ComboFix 11-09-09.01 - Administrator 09/09/2011 9:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2219 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\PCHelpForum.exe.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Adobe\plugs
c:\documents and settings\Administrator\Application Data\Adobe\shed
c:\documents and settings\Administrator\Local Settings\Application Data\{0495D2E7-89EA-4353-9F37-D8E1B18024C0}
c:\documents and settings\Administrator\Local Settings\Application Data\{0495D2E7-89EA-4353-9F37-D8E1B18024C0}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{0495D2E7-89EA-4353-9F37-D8E1B18024C0}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{0495D2E7-89EA-4353-9F37-D8E1B18024C0}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{0495D2E7-89EA-4353-9F37-D8E1B18024C0}\install.rdf
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\PrepsLicence02.exe.daf64863.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\PrestigeV2.exe.b2f46b6.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLA7.tmp.1f5fa9ff.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\STLMSettingsUI2.exe.d1783d9e.ini
c:\documents and settings\Administrator\Start Menu\Internet Explorer.lnk
c:\documents and settings\LocalService\Local Settings\Application Data\brjrmwhp.log
c:\documents and settings\LocalService\Local Settings\Application Data\jidrwvcx.log
c:\documents and settings\LocalService\Local Settings\Application Data\kivhudfo.log
c:\documents and settings\LocalService\Local Settings\Application Data\nbtydrls.log
c:\documents and settings\LocalService\Local Settings\Application Data\ukwfuodo.log
c:\documents and settings\LocalService\Local Settings\Application Data\wdqchnkr.log
c:\documents and settings\NetworkService\Local Settings\Application Data\brjrmwhp.log
c:\documents and settings\NetworkService\Local Settings\Application Data\iryebyub.log
c:\documents and settings\NetworkService\Local Settings\Application Data\jidrwvcx.log
c:\documents and settings\NetworkService\Local Settings\Application Data\kivhudfo.log
c:\documents and settings\NetworkService\Local Settings\Application Data\nbtydrls.log
c:\documents and settings\NetworkService\Local Settings\Application Data\ukwfuodo.log
c:\documents and settings\NetworkService\Local Settings\Application Data\wdqchnkr.log
C:\syte821.bin
c:\syte821.bin\470907E28A30970
c:\windows\itububobogebute.dll
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\1320404779.dat
c:\windows\system32\comct332.ocx
c:\windows\system32\old18.tmp
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAPHOSTPORTEMULATORV2
-------\Service_EapHostPortEmulatorV2
.
.
((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-08 14:40 . 2011-09-08 14:40 -------- d-----w- c:\program files\Common Files\Java
2011-09-08 14:40 . 2011-09-08 14:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-08 14:40 . 2011-09-08 14:40 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-08 14:40 . 2011-09-08 14:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-08 14:40 . 2011-09-08 14:40 -------- d-----w- c:\program files\Java
2011-09-03 10:17 . 2011-09-03 10:17 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-08-22 09:34 . 2011-08-22 09:34 -------- d-----w- C:\5cbedd17a2f1fcd62e1dffac1c
2011-08-22 09:32 . 2011-08-22 09:33 -------- d-----w- C:\09c084b657cfdfaa2fd0
2011-08-18 15:11 . 2011-09-09 08:30 0 ----a-w- c:\windows\Iyawavina.bin
2011-08-17 07:58 . 2011-08-23 08:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ofcuap
2011-08-17 07:58 . 2011-08-17 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tyeggei
2011-08-16 16:15 . 2011-08-16 16:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Axux
2011-08-16 16:15 . 2011-08-16 16:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hasuwoo
2011-08-16 16:09 . 2011-08-16 16:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Idv
2011-08-16 16:09 . 2011-08-16 16:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Icdy
2011-08-12 15:55 . 2011-08-17 16:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ykewpwgl
2011-08-10 15:00 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-10 15:00 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-08 09:20 . 2011-06-24 08:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-03 10:17 . 2006-02-28 02:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2006-02-28 02:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-02-28 02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52 . 2011-02-04 11:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-02-04 11:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2006-02-28 02:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-02-28 02:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2006-02-28 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2006-02-28 02:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-02-28 02:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-02-28 02:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-09-08 09:18 . 2011-06-17 07:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 10:33 2495816 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-04 8466432]
"nwiz"="nwiz.exe" [2007-09-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-04 81920]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-25 68592]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-10-17 1086768]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 297168]
R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [11/07/2008 23:44 191872]
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [10/02/2009 12:32 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [10/02/2009 12:32 62080]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [15/02/2011 16:25 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [15/02/2011 16:25 488952]
R2 OKI OPHJ DCS Loader;OKI OPHJ DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHJLDCS.EXE [29/01/2010 12:56 24576]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [27/11/2008 11:07 576024]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 27216]
S2 0146971232374505mcinstcleanup;McAfee Application Installer Cleanup (0146971232374505);c:\docume~1\ADMINI~1\LOCALS~1\Temp\014697~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\014697~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 10:21 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [12/05/2011 19:48 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 10:21 135664]
S3 PortEmulatorV2;Port Emulator V2 (Star);c:\program files\StarMicronics\VirtualPortEmulator\Software\portemu_umdf.exe [20/05/2009 20:38 114688]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [10/02/2011 14:24 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [10/02/2011 14:24 53312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 04:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 09:21]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 09:21]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-545504692-997205589-1577464367-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-22 07:58]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-545504692-997205589-1577464367-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-22 07:58]
.
2011-09-09 c:\windows\Tasks\User_Feed_Synchronization-{735CC627-E268-460A-9438-D4E5F97414AC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3axw25ly.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Mfisana - c:\windows\itububobogebute.dll
AddRemove-Number Plate Printing Software_is1 - h:\printer\Number Plate Printing Software\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-09 10:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-545504692-997205589-1577464367-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,50,a3,18,24,b6,10,40,91,0e,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,fc,ed,b7,2c,a0,57,4b,b1,5f,fe,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,50,a3,18,24,b6,10,40,91,0e,ed,\
.
[HKEY_USERS\S-1-5-21-545504692-997205589-1577464367-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3978F718-AA06-FAF5-FF57-D07CE63807E2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialeakcoicjnnlfghk"=hex:62,61,6e,6b,00,b1
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wudfhost.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-09 10:20:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-09 09:20
.
Pre-Run: 416,500,207,616 bytes free
Post-Run: 417,455,955,968 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 41D4F720056F9732FE9A54BC904E602D

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by Belahzur on Fri Sep 09, 2011 9:19 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\windows\Iyawavina.bin

    Folder::
    c:\documents and settings\Administrator\Application Data\Ofcuap
    c:\documents and settings\Administrator\Application Data\Tyeggei
    c:\documents and settings\Administrator\Application Data\Axux
    2c:\documents and settings\Administrator\Application Data\Hasuwoo
    c:\documents and settings\Administrator\Application Data\Idv
    2c:\documents and settings\Administrator\Application Data\Icdy
    c:\documents and settings\LocalService\Local Settings\Application Data\ykewpwgl

    RegNull::
    [HKEY_USERS\S-1-5-21-545504692-997205589-1577464367-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3978F718-AA06-FAF5-FF57-D07CE63807E2}*]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Sun Sep 11, 2011 7:26 am

Hello Belahzur, I'm am currently away from the PC infected and will respond with the required information on Tuesday. Thank you for your continued help.

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Tue Sep 13, 2011 9:14 am

Wow, had to try that twice, the first time I did it I got a report, copied and pasted it into here and at the bottom of the page its said characters left - 900000 + ???

Code:
ComboFix 11-09-12.05 - Administrator 13/09/2011  9:59.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2942.2173 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ANTI_V\PCHelpForum.exe.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\ANTI_V\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\Iyawavina.bin"
.
.
(((((((((((((((((((((((((  Files Created from 2011-08-13 to 2011-09-13  )))))))))))))))))))))))))))))))
.
.
2011-09-08 14:40 . 2011-09-08 14:40   --------   d-----w-   c:\program files\Common Files\Java
2011-09-08 14:40 . 2011-09-08 14:40   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-09-08 14:40 . 2011-09-08 14:40   476904   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-08 14:40 . 2011-09-08 14:40   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-09-08 14:40 . 2011-09-08 14:40   --------   d-----w-   c:\program files\Java
2011-09-03 10:17 . 2011-09-03 10:17   599040   ------w-   c:\windows\system32\dllcache\crypt32.dll
2011-08-22 09:34 . 2011-08-22 09:34   --------   d-----w-   C:\5cbedd17a2f1fcd62e1dffac1c
2011-08-22 09:32 . 2011-08-22 09:33   --------   d-----w-   C:\09c084b657cfdfaa2fd0
2011-08-16 16:15 . 2011-08-16 16:15   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Hasuwoo
2011-08-16 16:09 . 2011-08-16 16:09   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Icdy
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-08 09:20 . 2011-06-24 08:00   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-03 10:17 . 2006-02-28 02:00   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2006-02-28 02:00   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-02-28 02:00   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2011-07-06 18:52 . 2011-02-04 11:24   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-02-04 11:24   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2006-02-28 02:00   139656   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-02-28 02:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2006-02-28 02:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2006-02-28 02:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-02-28 02:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-02-28 02:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-09-08 09:18 . 2011-06-17 07:53   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22   176936   ----a-w-   c:\program files\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 10:33   2495816   ----a-w-   c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-04 8466432]
"nwiz"="nwiz.exe" [2007-09-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-04 81920]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-25 68592]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-10-17 1086768]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 297168]
R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [11/07/2008 23:44 191872]
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [10/02/2009 12:32 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [10/02/2009 12:32 62080]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [15/02/2011 16:25 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [15/02/2011 16:25 488952]
R2 OKI OPHJ DCS Loader;OKI OPHJ DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHJLDCS.EXE [29/01/2010 12:56 24576]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [27/11/2008 11:07 576024]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 27216]
S2 0146971232374505mcinstcleanup;McAfee Application Installer Cleanup (0146971232374505);c:\docume~1\ADMINI~1\LOCALS~1\Temp\014697~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\014697~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 10:21 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [12/05/2011 19:48 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 10:21 135664]
S3 PortEmulatorV2;Port Emulator V2 (Star);c:\program files\StarMicronics\VirtualPortEmulator\Software\portemu_umdf.exe [20/05/2009 20:38 114688]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [10/02/2011 14:24 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [10/02/2011 14:24 53312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ     getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 04:32   128512   ----a-w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 09:21]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 09:21]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-545504692-997205589-1577464367-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-22 07:58]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-545504692-997205589-1577464367-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-22 07:58]
.
2011-09-13 c:\windows\Tasks\User_Feed_Synchronization-{735CC627-E268-460A-9438-D4E5F97414AC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3axw25ly.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb8136e&v=7.007.026.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 10:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-545504692-997205589-1577464367-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,50,a3,18,24,b6,10,40,91,0e,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,fc,ed,b7,2c,a0,57,4b,b1,5f,fe,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,50,a3,18,24,b6,10,40,91,0e,ed,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(940)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1004)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(1168)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-13  10:06:01
ComboFix-quarantined-files.txt  2011-09-13 09:05
.
Pre-Run: 417,272,373,248 bytes free
Post-Run: 417,255,206,912 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C2E168E50E854D5E2B8918EBB2C3883F

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by Belahzur on Fri Sep 16, 2011 1:13 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Fri Sep 16, 2011 3:50 pm

Cannot get it to run on IE, page took a long time to load then when I got the pop up and install the ActiveX I then got this...

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

going to try it on Chrome as it said on page that supports other browsers

"System Requirements
Operating Systems: Microsoft Windows 7/Vista/XP/2000/NT
Internet Browsers: Microsoft Internet Explorer 5.0 or later (with ActiveX turned on), Support for non-IE browsers (Firefox, Opera, Netscape, Chrome, Safari and others)
Memory: 32 MB
Disk Space: Minimal 15 MB, Optimal 30 MB
User Permissions: Administrator rights are required to run ESET Online Scanner"

Still cannot get it to run, same message as IE with chrome Sad tearing what am I doing wrong?

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Sat Sep 17, 2011 11:12 am

Ok, so tried it today with Firefox and it worked Big Grin

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

so here it is

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c4dfb847508d864a91faa6a76f4392e6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-17 10:44:45
# local_time=2011-09-17 11:44:45 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777173 100 97 3020 73927598 0 0
# compatibility_mode=8192 67108863 100 0 63797 63797 0 0
# compatibility_mode=9217 16777214 100 74 691046 89663618 0 0
# scanned=92159
# found=6
# cleaned=6
# scan_time=6741
C:\Documents and Settings\Administrator\Application Data\AVG\Rescue\PC Tuneup 2011\101124112940031.rsc   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\66f8fe61-3db79a3d   a variant of Win32/Kryptik.SHV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL   Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL   a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1109\A0174538.DLL   Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1109\A0174539.DLL   a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by Belahzur on Wed Sep 21, 2011 12:41 am

Looks good, hows the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Wed Sep 21, 2011 9:31 am

Everything seems back to normal. Haven't noticed any high CPU usage, browser hasn't been redirecting to different sites.
Firewall hasn't been flagging up random requests and AVG hasn't warned me about Identity Protection either.

So thank you very much, I think it's all back to normal. Your help was greatly appreciated.

Thank You!

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by scottmurray on Wed Sep 21, 2011 12:43 pm

Also an observation I never mentioned before.

When shutting down the PC, it used to say after clicking on Turn Off, it would say 'windows is preparing to stand by'. It now says 'windows is shutting down'. Was this something to do with the virus keeping the PC accessible to the internet? The router was switched off as well, so hopefully all is good.

scottmurray
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2011-02-04
OS : MICROSOFT WINDOWS XP PROFESSIONAL VERSION 2002 SERVICE PACK 3
Points : 21598
# Likes : 0

View user profile

Back to top Go down

Solved Re: Win32/Zbot.G Trojan SHeur3.CNHF DNSChanger Cryptic.BGF

Post by Belahzur on Sat Sep 24, 2011 6:04 pm

Not sure, it was probably a setting that got changed back to normal by our tools, all should be good unless you notice something that definitely doesn't seem right.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum