 Google searches redirect to ad websites[Re-Opened], Re-opened + Merged ~Extremeboy |
  |
 May 10 2010, 02:44 AM
Post
#1
|
|
|
Member  Group: Member+ Posts: 13 Joined: 10-May 10 Member No.: 10,224  |
Hello,
My google search results lead to random websites with ads in them and I would appreciate any help you may be able to offer. I have followed all the instructions in the pinned thread "BEFORE YOU POST !!" except for Gmer, which would crash a few seconds after opening the file with the "gmer.exe has encountered a problem and needs to close" error. I tried renaming the file to 'test.exe' but still encountered the same problem. The other log files are pasted below in the following order: OTL's otl.txt then extras.txt; MBAM; Rooter; LockSearch; CKScanner. Thank you for your help! The Leviathan =========================================================== OTL logfile created on: 5/9/2010 3:26:05 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\TheLeviathan\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19.13 Gb Total Space | 1.08 Gb Free Space | 5.63% Space Free | Partition Type: NTFS Drive D: | 7.87 Gb Total Space | 0.99 Gb Free Space | 12.56% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 465.76 Gb Total Space | 303.47 Gb Free Space | 65.16% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive L: | 149.05 Gb Total Space | 1.48 Gb Free Space | 0.99% Space Free | Partition Type: NTFS Drive M: | 74.53 Gb Total Space | 2.37 Gb Free Space | 3.18% Space Free | Partition Type: NTFS Drive P: | 149.04 Gb Total Space | 4.47 Gb Free Space | 3.00% Space Free | Partition Type: NTFS Computer Name: TheLeviathan Current User Name: TheLeviathan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/05/09 15:24:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TheLeviathan\Desktop\OTL.exe PRC - [2010/05/07 03:26:00 | 001,285,864 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/05/07 03:26:00 | 000,834,248 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010/03/21 21:30:02 | 002,909,696 | ---- | M] (SoftPerfect Research) -- C:\Program Files\NetWorx\networx.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008/11/24 04:51:57 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/11/15 14:28:04 | 000,085,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2005/11/15 14:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2005/11/15 14:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2005/10/04 13:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe PRC - [2005/10/04 13:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe ========== Modules (SafeList) ========== MOD - [2010/05/09 15:24:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TheLeviathan\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/05/07 03:26:00 | 001,285,864 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2008/11/24 04:51:57 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess) SRV - [2008/11/23 12:29:10 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2005/11/15 14:27:56 | 000,169,200 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2005/11/15 14:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2005/11/15 14:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2005/10/19 18:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2005/10/04 13:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2005/10/04 13:42:48 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc) SRV - [2005/10/04 13:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2005/03/30 22:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) ========== Driver Services (SafeList) ========== DRV - [2010/03/28 22:57:46 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42) DRV - [2010/02/16 05:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100508.003\NAVEX15.SYS -- (NAVEX15) DRV - [2010/02/16 05:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100508.003\NAVENG.SYS -- (NAVENG) DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/11/20 16:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901) DRV - [2009/11/16 11:11:12 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009/11/16 11:11:12 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008/04/13 13:45:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GcKernel.sys -- (GcKernel) DRV - [2007/11/20 18:35:48 | 000,049,792 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2007/04/18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL) DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL) DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL) DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL) DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL) DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL) DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL) DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL) DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL) DRV - [2007/04/12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL) DRV - [2007/04/12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL) DRV - [2007/04/10 07:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2007/04/10 06:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k) DRV - [2007/04/10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2007/04/10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2007/04/10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2007/04/10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2007/04/10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2007/04/10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2007/04/10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2006/10/22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005/10/19 18:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2005/10/19 18:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2005/09/17 01:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2005/08/26 15:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL) DRV - [2005/08/26 15:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT) DRV - [2005/03/30 22:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt) DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus) DRV - [2003/10/30 23:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid) DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd) DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame) DRV - [2001/08/17 10:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT) DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC) DRV - [2001/07/30 11:34:28 | 000,585,840 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2001/07/16 12:17:30 | 000,076,610 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2) DRV - [2001/07/16 12:16:58 | 000,539,917 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124) DRV - [2001/07/15 19:05:54 | 000,067,222 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample) DRV - [2001/07/03 18:42:30 | 000,017,776 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cnxtdiag.sys -- (Cnxtdiag) DRV - [2001/06/24 18:16:36 | 000,427,215 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56) DRV - [2001/06/24 18:16:08 | 000,124,189 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks) DRV - [2001/06/24 18:15:20 | 000,215,195 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax) DRV - [2001/06/24 18:14:18 | 000,059,375 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones) DRV - [2001/06/24 18:13:56 | 000,308,403 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 O1 HOSTS File: ([2010/05/06 02:49:50 | 000,393,109 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 13577 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1227441747655 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1227451822000 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop BackupWallPaper: C:\Documents and Settings\TheLeviathan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/11/23 07:33:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{71ef8876-23e8-11df-9865-0050da29b0ad}\Shell\AutoRun\command - "" = J:\slacker.synclauncher.exe -- File not found O33 - MountPoints2\{71ef8876-23e8-11df-9865-0050da29b0ad}\Shell\slacker\command - "" = J:\slacker.synclauncher.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/11/23 02:15:11 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe File not found MsConfig - StartUpReg: ccApp - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) MsConfig - StartUpReg: chkeilor - hkey= - key= - C:\Documents and Settings\TheLeviathan\Local Settings\Application Data\mejrju\qgqisysguard.exe File not found MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found MsConfig - StartUpReg: CTHelper - hkey= - key= - File not found MsConfig - StartUpReg: CTxfiHlp - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe File not found MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: nwiz - hkey= - key= - File not found MsConfig - StartUpReg: pqxduivu - hkey= - key= - C:\Documents and Settings\TheLeviathan\Local Settings\Application Data\cuykgf\ocsnsysguard.exe File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) MsConfig - StartUpReg: ypetnpgj - hkey= - key= - C:\Documents and Settings\TheLeviathan\Local Settings\Application Data\nxemvp\qvnhsysguard.exe File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdpdd.sys - C:\WINDOWS\system32\rdpdd.cpo () SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {77D921A1-8271-E407-E91A-B868F2F1B700} - NetShow ActiveX: {7B4B3D63-E7C6-1DE0-43E6-F2973C88CCC7} - IE7 Uninstall Stub ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {AE6FCF2B-21B5-088B-2F0E-CCAE5A9C4349} - Browser Customizations ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17465059307421696) ========== Files/Folders - Created Within 90 Days ========== [2010/05/09 15:24:42 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TheLeviathan\Desktop\OTL.exe [2010/05/09 02:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Application Data\Malwarebytes [2010/05/09 02:02:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/05/09 02:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/05/09 02:02:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/05/09 02:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/09 01:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Desktop\Malware removal [2010/05/09 01:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities [2010/05/07 03:26:44 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/05/07 03:26:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010/05/07 03:26:35 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/05/07 03:24:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010/05/07 03:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010/05/07 03:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010/05/06 02:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/05/06 02:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/05/05 00:01:46 | 000,156,672 | ---- | C] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe [2010/05/05 00:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Local Settings\Application Data\mdnslib [2010/05/04 23:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Local Settings\Application Data\FLVService [2010/05/04 23:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Replay Media Catcher [2010/05/04 23:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Application Data\DonationCoder [2010/05/04 23:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader [2010/05/04 22:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/05/04 21:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/05/01 03:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Desktop\Return [2010/05/01 00:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\FreeVPN [2010/04/25 16:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Desktop\Bills [2010/04/25 01:20:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010/04/25 01:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/04/25 01:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/04/25 01:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/04/25 01:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Application Data\Sun [2010/04/18 22:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2010/04/18 22:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010/04/18 22:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/04/16 02:59:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2010/04/10 17:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Desktop\Orbit Downloads [2010/04/10 17:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Application Data\GrabPro [2010/04/10 17:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Application Data\Orbit [2010/03/30 21:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl [2010/03/28 22:57:46 | 000,038,976 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys [2010/03/28 22:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect [2010/03/28 22:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\NetWorx [2010/03/28 22:21:34 | 000,025,984 | ---- | C] (The OpenVPN Project) -- C:\WINDOWS\System32\drivers\tap0901.sys [2010/03/26 00:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Desktop\youtube [2010/03/25 21:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Desktop\BB backup [2010/02/22 00:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\DELL [2010/02/21 23:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Local Settings\Application Data\Deployment [2010/02/17 15:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010/02/15 09:48:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TheLeviathan\Recent [2010/02/15 09:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\eXpress TimeStamp Toucher [2010/02/14 02:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Desktop\DeviantART [2010/02/13 19:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010/02/10 04:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TheLeviathan\Local Settings\Application Data\Identities [2008/11/23 10:18:17 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2008/11/23 10:18:17 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [2007/04/09 13:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll ========== Files - Modified Within 90 Days ========== [2010/05/09 15:24:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TheLeviathan\Desktop\OTL.exe [2010/05/09 15:19:41 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/05/09 15:19:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/09 15:18:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/05/09 15:16:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/09 15:16:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/09 08:01:18 | 014,680,064 | -H-- | M] () -- C:\Documents and Settings\TheLeviathan\NTUSER.DAT [2010/05/09 08:01:17 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000C-00001102-00000004-00511102}.rfx [2010/05/09 08:01:17 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000C-00001102-00000004-00511102}.rfx [2010/05/09 08:01:17 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000C-00001102-00000004-00511102}.rfx [2010/05/09 08:01:17 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000C-00001102-00000004-00511102}.rfx [2010/05/09 08:01:17 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000C-00001102-00000004-00511102}.rfx [2010/05/09 08:01:00 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\TheLeviathan\ntuser.ini [2010/05/09 06:48:48 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/09 02:22:14 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\YouTube - Marvel Ultimate Alliance part 35 Pitfall Wolverine.url [2010/05/08 04:33:50 | 000,000,292 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\factorydirect.url [2010/05/07 03:26:20 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/05/07 03:26:19 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2010/05/07 03:05:13 | 000,000,227 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News.url [2010/05/07 03:05:13 | 000,000,195 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Past Podcasts Podcasts CBC Radio.url [2010/05/07 01:32:49 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\factorydirect1.url [2010/05/06 02:49:50 | 000,393,109 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/05/06 02:06:55 | 000,393,109 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-024950.backup [2010/05/06 02:06:01 | 000,393,109 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-020654.backup [2010/05/05 03:05:52 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Malcolm Gladwell - Outliers (book) - Wikipedia.url [2010/05/05 03:05:51 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Low self-discharge NiMH battery - Wikipedia, the free encyclopedia.url [2010/05/05 03:05:51 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Wall Street (1987 film) - Wikipedia, the free encyclopedia.url [2010/05/05 03:05:51 | 000,000,195 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\The Wealthy Barber.url [2010/05/05 00:05:58 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe [2010/05/05 00:05:57 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2010/05/04 23:46:44 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat [2010/05/04 23:46:38 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1 [2010/05/04 23:36:44 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Orbit.lnk [2010/05/04 19:00:39 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\HDH Invitational #1.url [2010/05/04 18:18:54 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\YouTube - HuskyStarcraft's Channel.url [2010/05/04 02:52:34 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Consumer Life.url [2010/05/04 02:52:34 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Consumer Life-.url [2010/05/04 01:59:49 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\YouTube - HDstarcraft's Channel.url [2010/05/02 16:33:51 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Hello.doc [2010/05/02 05:33:13 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\HDH Invitational - Liquipedia Starcraft 2 Wiki.url [2010/05/01 00:10:05 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FreeVPN.lnk [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/28 15:23:22 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Schedule 2010.doc [2010/04/28 03:57:51 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin [2010/04/28 03:14:54 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\The U.S. Military's War On PowerPoint - Powerpoint - Gizmodo.url [2010/04/25 15:32:03 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\De' Longhi Customer Care.url [2010/04/25 14:51:45 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\HowardForums Your Mobile Phone Community & Resource - GSM vs AWS.url [2010/04/25 14:51:40 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\tilt photography.url [2010/04/25 14:51:39 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Turn Your XBMC Media Center into a Video Game Console - Xbmc - Lifehacker.url [2010/04/25 06:51:28 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Marvel Games Wolverine MRD Escape.url [2010/04/25 05:47:27 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\De'Longhi Accessories.url [2010/04/25 05:32:46 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\The Globe and Mail.url [2010/04/25 05:31:36 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Broadcaster - Canada's Communications Magazine.url [2010/04/25 05:29:32 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Money.url [2010/04/25 05:03:27 | 000,000,255 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Calgary.url [2010/04/25 05:03:27 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Technology & Scien.url [2010/04/25 05:03:27 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Cana.url [2010/04/25 04:45:30 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\XBMC.url [2010/04/25 04:40:14 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\top-10-hard-drive-upgrades-and-fixes.url [2010/04/25 03:45:29 | 000,000,188 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\imgur The Simple Image Sharer Image Gallery.url [2010/04/25 03:05:01 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\GSM Classic Mobile Cellular.url [2010/04/25 02:27:32 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Tati LCD - Christopher Bradshaw's Project Bin.url [2010/04/25 00:50:37 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Worldline.ca - Unlimited Call the World - NOW OVER 50 COUNTRIES Low Cost Calls.url [2010/04/25 00:44:03 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\1011295.com - Rates.url [2010/04/25 00:39:24 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\how-it-works.url [2010/04/25 00:27:08 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\RedFlagDeals.url [2010/04/24 18:50:04 | 000,000,243 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\League of Legends.url [2010/04/24 18:09:38 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Find a Costco warehouse.url [2010/04/24 16:51:20 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Costco - Houseware.url [2010/04/24 15:51:55 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\BlackBerry OS 6.0 screenshots, details! « Boy Genius Report.url [2010/04/24 06:32:45 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Dell Lightning, Flash, Thunder and Smoke leak out « Boy Genius Report.url [2010/04/23 00:40:21 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\imjkyhgres.url [2010/04/22 05:15:05 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\January 2010 Covers.url [2010/04/22 05:00:05 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\imgremjns.url [2010/04/22 03:24:36 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Comic Related - Hot Shot of the Week.url [2010/04/19 23:32:02 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\YouTube - galleyuk's Channel.url [2010/04/19 23:31:54 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\A Dangerous Man Lawrence After Arabia - Wikipedia, the free encyclopedia.url [2010/04/19 14:20:57 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\sandbox app - Google Search.url [2010/04/19 04:14:57 | 000,000,801 | ---- | M] () -- C:\WINDOWS\win.ini [2010/04/19 04:14:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/04/19 04:14:57 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010/04/18 19:19:42 | 000,000,210 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\NationStates • View topic - Official Factbook of the Sagittarian Navy (Done).url [2010/04/18 03:14:25 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\K-7 14.6 MP Digital SLR Bundle with Shake Reduction, 720p HD Video and DA 18-55mm f-3.5-5.6 AL Weather Resistant Lens Digital Cameras & Digital Camcorders Dell Canada.url [2010/04/15 03:34:29 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Build your own “Super OTA TV Antenna” Digital Home.url [2010/04/14 05:28:46 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010/04/14 05:28:46 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010/04/13 00:33:52 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\UT99.org - Unreal Tournament GOTY » Forum » View topic - TUTORIAL Tweak your UT graphics to the maximum.url [2010/04/04 06:21:44 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Sales Application.doc [2010/04/04 06:15:06 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Sales Application1.doc [2010/04/04 03:10:11 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Normal-Tanks game official site.url [2010/03/30 21:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl [2010/03/29 02:59:13 | 005,867,828 | -H-- | M] () -- C:\Documents and Settings\TheLeviathan\Local Settings\Application Data\IconCache.db [2010/03/28 22:57:46 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys [2010/03/25 20:41:14 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk [2010/03/25 12:17:02 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Degree.doc [2010/03/25 12:16:30 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Degree1.doc [2010/03/21 14:07:50 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Aviation Document Booklet (New Licence Booklet) - Flight Crew Licensing - General Aviation - Aviation Safety - Air Transportation - Transport Canada.url [2010/03/14 19:05:01 | 000,464,860 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/03/14 19:05:01 | 000,397,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/03/14 19:05:01 | 000,059,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/03/12 02:47:45 | 000,000,219 | ---- | M] () -- C:\Documents and Settings\TheLeviathan\Desktop\Extreme™ 3D Pro.url ========== Files Created - No Company Name ========== [2010/05/07 03:59:01 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010/05/07 03:28:22 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/05/07 02:35:52 | 000,000,227 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News.url [2010/05/05 14:25:25 | 000,000,195 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Past Podcasts Podcasts CBC Radio.url [2010/05/05 00:01:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2010/05/04 23:46:44 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat [2010/05/04 23:46:38 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1 [2010/05/04 23:36:44 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Orbit.lnk [2010/05/02 16:18:54 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Hello.doc [2010/05/02 05:35:24 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\HDH Invitational #1.url [2010/05/02 05:33:13 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\HDH Invitational - Liquipedia Starcraft 2 Wiki.url [2010/05/01 00:10:05 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FreeVPN.lnk [2010/04/28 15:23:07 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Summer 2010.doc [2010/04/28 03:14:53 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\copy to word document The U.S. Military's War On PowerPoint - Powerpoint - Gizmodo.url [2010/04/27 00:15:07 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Consumer Life.url [2010/04/27 00:12:54 | 000,000,207 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Consumer Life-.url [2010/04/25 06:51:28 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Marvel Games Wolverine MRD Escape.url [2010/04/25 05:51:13 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Wall Street (1987 film) - Wikipedia, the free encyclopedia.url [2010/04/25 05:47:27 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\De'Longhi Accessories.url [2010/04/25 05:32:46 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\The Globe and Mail.url [2010/04/25 05:31:36 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Broadcaster - Canada's Communications Magazine.url [2010/04/25 05:29:32 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Money -.url [2010/04/25 04:45:49 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Turn Your XBMC Media Center into a Video Game Console - Xbmc - Lifehacker.url [2010/04/25 04:45:30 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\XBMC.url [2010/04/25 04:40:14 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\top-10-hard-drive-upgrades-and-fixes.url [2010/04/25 04:05:34 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\tilt photography.url [2010/04/25 03:45:28 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\imgur The Simple Image Sharer Image Gallery.url [2010/04/25 03:35:18 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\HowardForums Your Mobile Phone Community & Resource - GSM vs AWS.url [2010/04/25 03:05:01 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\GSM Classic Mobile Cellular Retro Vintage Brick Phone.url [2010/04/25 02:27:32 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Tati LCD - Christopher Bradshaw's Project Bin.url [2010/04/25 00:44:03 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\1011295.com - Rates.url [2010/04/25 00:42:18 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Worldline.ca - Unlimited Call the World - NOW OVER 50 COUNTRIES Low Cost Calls.url [2010/04/25 00:39:24 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\how-it-works.url [2010/04/25 00:29:01 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Low self-discharge NiMH battery - Wikipedia, the free encyclopedia.url [2010/04/25 00:27:08 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\RedFlagDeals.url [2010/04/24 18:50:04 | 000,000,243 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\League of Legends.url [2010/04/24 18:09:29 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Find a Costco warehouse.url [2010/04/24 17:56:11 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\De' Longhi Customer Care.url [2010/04/24 06:36:59 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\BlackBerry OS 6.0 screenshots, details! « Boy Genius Report.url [2010/04/24 06:32:45 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Dell Lightning, Flash, Thunder and Smoke leak out « Boy Genius Report.url [2010/04/24 05:23:27 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Costco - Housewares.url [2010/04/23 14:59:11 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Calgary.url [2010/04/22 05:15:05 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\January 2010 Covers.url [2010/04/22 05:00:05 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\imgremjns.url [2010/04/22 05:00:05 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\imjkyhgres.url [2010/04/22 03:24:36 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Comic Related - Hot Shot of the Week.url [2010/04/19 23:36:58 | 000,000,195 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\The Wealthy Barber - borrow from Cherry.url [2010/04/19 23:34:08 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Malcolm Gladwell - Outliers (book) - Wikipedia.url [2010/04/19 14:31:42 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Canada -.url [2010/04/19 14:20:57 | 000,000,285 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\sandbox app - Google Search.url [2010/04/19 14:04:26 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\CBC News - Technology & Science -.url [2010/04/18 19:19:42 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\NationStates • View topic - Official Factbook of the Sagittarian Navy (Done).url [2010/04/17 05:39:40 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\A Dangerous Man Lawrence After Arabia - Wikipedia, the free encyclopedia.url [2010/04/17 03:40:10 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\K-7 14.6 MP Digital SLR Bundle with Shake Reduction, 720p HD Video and DA 18-55mm f-3.5-5.6 AL Weather Resistant Lens Digital Cameras & Digital Camcorders Dell Canada.url [2010/04/15 03:34:29 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Build your own “Super OTA TV Antenna” Digital Home.url [2010/04/13 00:33:52 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\UT99.org - Unreal Tournament GOTY » Forum » View topic - TUTORIAL Tweak your UT graphics to the maximum.url [2010/04/11 23:44:55 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\YouTube - galleyuk's Channel.url [2010/04/07 00:00:22 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\YouTube - HuskyStarcraft's Channel.url [2010/04/06 23:51:27 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\YouTube - HDstarcraft's Channel.url [2010/04/04 16:38:31 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\factorydirect.url [2010/04/04 06:07:41 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Sales Application.doc [2010/04/04 03:10:11 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Normal-Tanks game official site.url [2010/04/02 15:32:51 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\factorydirect1.url [2010/03/25 20:41:14 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk [2010/03/25 12:17:02 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Degree.doc [2010/03/25 12:16:30 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Degree2.doc [2010/03/14 22:10:44 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\YouTube - Marvel Ultimate Alliance part 35 Pitfall Wolverine.url [2010/03/03 14:48:42 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Aviation Document Booklet (New Licence Booklet) - Flight Crew Licensing - General Aviation - Aviation Safety - Air Transportation - Transport Canada.url [2010/03/02 02:18:10 | 000,000,219 | ---- | C] () -- C:\Documents and Settings\TheLeviathan\Desktop\Extreme™ 3D Pro.url [2010/02/22 00:05:10 | 000,000,766 | ---- | C] () -- C:\WINDOWS\Uninstall.ico [2010/02/22 00:04:41 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe [2010/02/22 00:04:41 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe [2010/02/22 00:04:41 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll [2010/02/22 00:04:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll [2010/02/22 00:04:39 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL [2010/02/22 00:04:39 | 000,000,533 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.SMT [2009/12/07 01:41:34 | 000,000,126 | ---- | C] () -- C:\WINDOWS\kaillera.ini [2009/11/22 03:56:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2009/11/22 03:39:35 | 000,000,043 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/06/14 08:58:18 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2008/12/05 13:23:07 | 000,000,635 | ---- | C] () -- C:\WINDOWS\ef.INI [2008/11/24 02:09:50 | 000,004,841 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008/11/24 02:09:47 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008/11/23 10:31:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll [2007/04/09 13:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2007/04/09 13:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2007/04/09 13:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/10/02 10:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini [2005/06/16 11:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll [2004/08/22 18:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2010/01/29 16:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion [2010/03/28 22:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect [2010/05/07 03:24:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010/01/29 17:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TheLeviathan\Application Data\Blackberry Desktop [2010/05/04 23:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TheLeviathan\Application Data\DonationCoder [2010/04/10 17:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TheLeviathan\Application Data\GrabPro [2008/11/24 04:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TheLeviathan\Application Data\Netscape [2010/05/04 23:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TheLeviathan\Application Data\Orbit [2008/11/24 04:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TheLeviathan\Application Data\Photodex [2010/01/29 16:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TheLeviathan\Application Data\Research In Motion [2010/05/09 15:18:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/05/09 15:15:52 | 000,001,822 | ---- | M] () -- C:\aaw7boot.log [2008/11/23 07:33:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/04/19 04:14:57 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2008/11/23 07:33:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008/11/23 07:33:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008/11/23 07:33:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/11/23 08:24:27 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/11/23 09:25:16 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/05/09 15:16:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2008/11/24 04:52:11 | 000,001,761 | ---- | M] () -- C:\photodex-presenter-install.log < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/08/26 03:24:28 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2008/08/26 03:24:28 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [2007/08/13 19:54:10 | 000,191,488 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/11/23 02:17:14 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008/11/23 02:17:14 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008/11/23 02:17:13 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\drivers\*.sys /90 > [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2010/03/28 22:57:46 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\system32\drivers\pssdk42.sys [2010/05/07 03:26:20 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys < %PROGRAMFILES%\*. > [2009/11/02 15:53:25 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2009/11/24 21:44:15 | 000,000,000 | ---D | M] -- C:\Program Files\CDisplay [2010/04/25 01:20:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2008/11/23 07:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications [2008/11/23 09:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT [2008/11/23 10:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\D-Tools [2010/02/22 00:04:29 | 000,000,000 | ---D | M] -- C:\Program Files\DELL [2010/04/18 22:32:10 | 000,000,000 | ---D | M] -- C:\Program Files\DivX [2010/02/15 09:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\eXpress TimeStamp Toucher [2010/05/08 04:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\FreeVPN [2010/02/22 00:05:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2010/01/29 16:40:34 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2010/04/25 01:20:00 | 000,000,000 | ---D | M] -- C:\Program Files\Java [2010/05/07 03:24:50 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft [2010/05/09 02:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/11/23 10:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync [2008/11/23 07:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage [2009/06/18 10:46:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2009/10/18 08:04:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Rich Tools [2010/02/13 19:23:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2008/11/23 09:30:00 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker [2009/06/18 10:45:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache [2008/11/23 07:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSN [2008/11/23 07:28:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone [2008/12/05 13:41:01 | 000,000,000 | ---D | M] -- C:\Program Files\Nero [2008/11/23 09:27:22 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting [2010/03/28 22:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\NetWorx [2008/11/23 07:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services [2010/05/04 23:36:44 | 000,000,000 | ---D | M] -- C:\Program Files\Orbitdownloader [2008/11/23 09:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express [2008/11/24 04:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\Photodex [2008/11/24 04:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Photodex Presenter [2009/04/08 21:24:04 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime [2010/01/29 16:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion [2008/11/24 04:54:20 | 000,000,000 | ---D | M] -- C:\Program Files\Soundslides [2010/05/06 03:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy [2009/11/22 03:47:15 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec [2010/05/09 15:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus [2008/11/23 07:38:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2008/11/24 02:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\VIA [2008/11/24 23:58:36 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN [2008/11/23 10:02:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2 [2008/11/23 10:02:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2008/11/23 09:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT [2008/12/05 13:39:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar [2008/11/23 07:49:25 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate [2008/11/24 23:59:10 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR [2008/11/23 07:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\xerox < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > OTL Extras logfile created on: 5/9/2010 3:26:05 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\TheLeviathan\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19.13 Gb Total Space | 1.08 Gb Free Space | 5.63% Space Free | Partition Type: NTFS Drive D: | 7.87 Gb Total Space | 0.99 Gb Free Space | 12.56% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 465.76 Gb Total Space | 303.47 Gb Free Space | 65.16% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive L: | 149.05 Gb Total Space | 1.48 Gb Free Space | 0.99% Space Free | Partition Type: NTFS Drive M: | 74.53 Gb Total Space | 2.37 Gb Free Space | 3.18% Space Free | Partition Type: NTFS Drive P: | 149.04 Gb Total Space | 4.47 Gb Free Space | 3.00% Space Free | Partition Type: NTFS Computer Name: THELEVIATHAN Current User Name: TheLeviathan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "2382:TCP" = 2382:TCP:*:Enabled:Services "1941:TCP" = 1941:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "2102:TCP" = 2102:TCP:*:Enabled:Services "2704:TCP" = 2704:TCP:*:Enabled:Services "4509:TCP" = 4509:TCP:*:Enabled:Services "7518:TCP" = 7518:TCP:*:Enabled:Services [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "2382:TCP" = 2382:TCP:*:Enabled:Services "1941:TCP" = 1941:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "2102:TCP" = 2102:TCP:*:Enabled:Services "2704:TCP" = 2704:TCP:*:Enabled:Services "4509:TCP" = 4509:TCP:*:Enabled:Services "7518:TCP" = 7518:TCP:*:Enabled:Services ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "M:\Microsoft Games\Flight Simulator 9\fs9.exe" = M:\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation) "C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation) "L:\Microsoft Games\Flight Simulator 9\fs9.exe" = L:\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation) "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20 "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime "{3b340a5d-8adf-4379-8edd-871acef5687b}" = Nero 9 "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools "{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express "{86F4F32B-77C7-4951-B33C-05D41A8190C1}" = Microsoft RichCopy 4.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B7618997-1B89-4680-A39B-342BBEF8E0D6}_is1" = FreeVPN v3.22 "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1 "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1 "CDisplay_is1" = CDisplay 1.8 "CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_201314F1" = SoftK56 Data Fax "Dell Laser Printer 1110" = Dell Laser Printer 1110 Software Uninstall "DivX Setup.divx.com" = DivX Setup "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime "InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NetWorx_is1" = NetWorx 5.1 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Orbit_is1" = Orbit Downloader "Photodex Presenter" = Photodex Presenter "ProShow Gold" = ProShow Gold "Soundslides" = Soundslides "VLC media player" = VLC media player 0.9.6 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinImage" = WinImage "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "eXpress TimeStamp Toucher" = eXpress TimeStamp Toucher ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/8/2010 12:23:11 AM | Computer Name = THELEVIATHAN | Source = Symantec AntiVirus | ID = 16711685 Description = Threat Found!Threat: Trojan.ByteVerify in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2e95c8bf-4adddc82.zip>>Dun.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Threat Found!Threat: in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-2e95c8bf-4adddc82.zip by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Threat Found!Threat: Trojan.ByteVerify in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-30b9e234-16d4d616.zip>>BnnnnBaa.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Error - 5/8/2010 12:23:11 AM | Computer Name = THELEVIATHAN | Source = Symantec AntiVirus | ID = 16711685 Description = Threat Found!Threat: Trojan Horse in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-30b9e234-16d4d616.zip>>VaannnaaBaa.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Threat Found!Threat: Trojan Horse in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-30b9e234-16d4d616.zip>>Dnnny.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Threat Found!Threat: Trojan.ByteVerify in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-30b9e234-16d4d616.zip>>Bnnnnn.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Error - 5/8/2010 12:23:12 AM | Computer Name = THELEVIATHAN | Source = Symantec AntiVirus | ID = 16711685 Description = Threat Found!Threat: Trojan Horse in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-30b9e234-16d4d616.zip>>Den.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Threat Found!Threat: Trojan.ByteVerify in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-30b9e234-16d4d616.zip>>Din.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Threat Found!Threat: Trojan.ByteVerify in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-30b9e234-16d4d616.zip>>Dun.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Error - 5/8/2010 12:24:11 AM | Computer Name = THELEVIATHAN | Source = Symantec AntiVirus | ID = 16711685 Description = Threat Found!Threat: in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-30b9e234-16d4d616.zip by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Threat Found!Threat: Downloader in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-2e802fa5.zip>>vmain.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Threat Found!Threat: in File: P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-2e802fa5.zip by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Error - 5/8/2010 1:11:50 AM | Computer Name = THELEVIATHAN | Source = Symantec AntiVirus | ID = 16711685 Description = Threat Found!Threat: Trojan Horse in File: P:\comp backup\Backup May 3 2009\jars\Java Games\DigitalRed Shuffleboard v20\b-shuff2.zip>>Shuffleboard.2.00.7650.exe by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Threat Found!Threat: in File: P:\comp backup\Backup May 3 2009\jars\Java Games\DigitalRed Shuffleboard v20\b-shuff2.zip by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Threat Found!Threat: Trojan Horse in File: P:\New Folder\New Folder\Backup May 3 2009\jars\Java Games\DigitalRed Shuffleboard v20\b-shuff2.zip>>Shuffleboard.2.00.7650.exe by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. [ System Events ] Error - 5/9/2010 1:50:54 AM | Computer Name = THELEVIATHAN | Source = Service Control Manager | ID = 7034 Description = The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). Error - 5/9/2010 1:50:54 AM | Computer Name = THELEVIATHAN | Source = Service Control Manager | ID = 7034 Description = The Symantec AntiVirus Definition Watcher service terminated unexpectedly. It has done this 1 time(s). Error - 5/9/2010 1:50:54 AM | Computer Name = THELEVIATHAN | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 5/9/2010 1:50:54 AM | Computer Name = THELEVIATHAN | Source = Service Control Manager | ID = 7031 Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error - 5/9/2010 1:50:54 AM | Computer Name = THELEVIATHAN | Source = Service Control Manager | ID = 7034 Description = The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). Error - 5/9/2010 1:50:54 AM | Computer Name = THELEVIATHAN | Source = Service Control Manager | ID = 7034 Description = The ScsiAccess service terminated unexpectedly. It has done this 1 time(s). Error - 5/9/2010 1:56:57 AM | Computer Name = THELEVIATHAN | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 5/9/2010 1:56:57 AM | Computer Name = THELEVIATHAN | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 5/9/2010 3:16:33 PM | Computer Name = THELEVIATHAN | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 5/9/2010 3:16:33 PM | Computer Name = THELEVIATHAN | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. < End of report > Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4080 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/9/2010 2:08:45 AM mbam-log-2010-05-09 (02-08-45).txt Scan type: Quick scan Objects scanned: 124542 Time elapsed: 5 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP . (5.1.2600) Service Pack 3 [32_bits] - x86 Family 15 Model 47 Stepping 0, AuthenticAMD . [wscsvc] (Security Center) RUNNING (state:4) [SharedAccess] RUNNING (state:4) Windows Firewall -> Enabled . Internet Explorer 7.0.5730.13 . A:\ [Removable] C:\ [Fixed-NTFS] .. ( Total:19 Go - Free:1 Go ) D:\ [Fixed-NTFS] .. ( Total:7 Go - Free:0 Go ) E:\ [CD_Rom] F:\ [Fixed-NTFS] .. ( Total:465 Go - Free:303 Go ) I:\ [CD_Rom] L:\ [Fixed-NTFS] .. ( Total:149 Go - Free:1 Go ) M:\ [Fixed-NTFS] .. ( Total:74 Go - Free:2 Go ) P:\ [Fixed-NTFS] .. ( Total:149 Go - Free:4 Go ) . Scan : 15:34.01 Path : C:\Documents and Settings\TheLeviathan\Desktop\Rooter.exe User : TheLeviathan ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (688) ______ \??\C:\WINDOWS\system32\csrss.exe (748) ______ \??\C:\WINDOWS\system32\winlogon.exe (788) ______ C:\WINDOWS\system32\services.exe (864) ______ C:\WINDOWS\system32\lsass.exe (876) ______ C:\WINDOWS\system32\svchost.exe (1080) ______ C:\WINDOWS\system32\svchost.exe (1188) ______ C:\WINDOWS\System32\svchost.exe (1252) ______ C:\WINDOWS\System32\svchost.exe (1516) ______ C:\WINDOWS\System32\svchost.exe (1632) ______ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (1688) ______ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (1724) ______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (1832) ______ C:\WINDOWS\system32\spoolsv.exe (1908) ______ C:\Program Files\Symantec AntiVirus\DefWatch.exe (2016) ______ C:\Program Files\Java\jre6\bin\jqs.exe (208) ______ C:\WINDOWS\system32\nvsvc32.exe (240) ______ C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe (276) ______ C:\Program Files\Symantec AntiVirus\Rtvscan.exe (380) ______ C:\WINDOWS\System32\wbem\unsecapp.exe (732) ______ C:\WINDOWS\System32\alg.exe (904) ______ C:\WINDOWS\System32\wbem\wmiprvse.exe (1536) ______ C:\WINDOWS\system32\wscntfy.exe (2720) ______ C:\WINDOWS\Explorer.EXE (2916) ______ C:\PROGRA~1\SYMANT~1\VPTray.exe (3216) ______ C:\Program Files\NetWorx\networx.exe (3540) ______ C:\WINDOWS\system32\ctfmon.exe (3548) ______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (3564) ______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (3984) ______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (220) ______ C:\Documents and Settings\TheLeviathan\Desktop\Rooter.exe (3316) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:8447330304) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\SA.DAT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 15:34.21 . C:\Rooter$\Rooter_1.txt - (09/05/2010 | 15:34.21) LockSearch by jpshortstuff (05.11.09.1) Log created at 15:35 on 09/05/2010 (TheLeviathan) Scanning C:\ C:\pagefile.sys ------------------------- -=E.O.F=- CKScanner - Additional Security Risks - These are not necessarily bad scanner sequence 3.RP.11 ----- EOF ----- |
 |
 
|
|
May 10 2010, 11:14 AM
Post
#2
|
|
 Advanced Member Group: Global Moderator Posts: 4,604 Joined: 17-September 07 Member No.: 3,506 |
Please run the MGA Diagnostic Tool and post back the report it shall produce:
Run OTL
Please download HelpAsst_mebroot_fix.exe and save it to your desktop. Close out all other open programs and windows. Double click the file to run it and follow any prompts. If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer. Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter. helpasst -mbrt Make sure you leave a space between helpasst and -mbrt ! When it completes, a log will open. Please post the contents of that log. *In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter. mbr -f Now, please do the Start>Run>mbr -f command a second time. Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up. Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter. helpasst -mbrt Make sure you leave a space between helpasst and -mbrt ! When it completes, a log will open. Please post the contents of that log. **Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended). -------------------- By the power of truth, I, while living, have conquered the universe.
~Scratch~ My help is always free, but if you want to donate to help me continue my fight against malware then click here  |
|
|
|
|
May 11 2010, 12:48 AM
Post
#3
|
|
|
Member Group: Member+ Posts: 13 Joined: 10-May 10 Member No.: 10,224 |
Hi,
Thanks for the reply. My logs are pasted below. The Leviathan ======================== Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Status: Genuine Validation Code: 0 Cached Validation Code: N/A Windows Product Key: *****-*****-3PD68-WGMPW-TCPFD Windows Product Key Hash: fajyGXEWwCfTwK3ESAMyEQ5xFW8= Windows Product ID: 55274-640-8778937-23662 Windows Product ID Type: 1 Windows License Type: Volume Windows OS version: 5.1.2600.2.00010100.3.0.pro ID: {D46477CB-607F-4026-B719-4DF74670B971}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: Registered, 1.8.31.9 Signed By: Microsoft Product Name: N/A Architecture: N/A Build lab: N/A TTS Error: N/A Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005 Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A Version: N/A Windows XP Notifications Data--> Cached Result: 0 File Exists: Yes Version: 1.8.31.9 WgaTray.exe Signed By: Microsoft WgaLogon.dll Signed By: Microsoft OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 114 Blocked VLK 2 Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2 OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-230-1 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32) Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{D46477CB-607F-4026-B719-4DF74670B971}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TCPFD</PKey><PID>55274-640-8778937-23662</PID><PIDType>1</PIDType><SID>S-1-5-21-1409082233-1532298954-839522115</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1010.003</Version><SMBIOSVersion major="2" minor="3"/><Date>20050126000000.000000+000</Date></BIOS><HWID>7EE93B0701842077</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.8.31.9"/><File Name="WgaLogon.dll" Version="1.8.31.9"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57668</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults> Licensing Data--> N/A Windows Activation Technologies--> N/A HWID Data--> N/A OEM Activation 1.0 Data--> BIOS string matches: yes Marker string from BIOS: 1A298:Quantum Microponents Ltd Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005 OEM Activation 2.0 Data--> N/A VirSCAN.org Scanned Report : Scanned time : 2010/05/10 18:34:31 (CDT) Scanner results: Scanners did not find malware! File Name : rdpdd.cpo File Size : 4653 byte File Type : data MD5 : 360f6c294cf5d5bc674a243b931f7c3a SHA1 : 913225c4a3f4d8a05ba0a104a41c975e3c4a032e Online report : http://virscan.org/report/866ca4ba7c47b927...0fa5edc6be.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20100508053127 2010-05-08 5.21 - AhnLab V3 2010.05.11.00 2010.05.11 2010-05-11 1.08 - AntiVir 8.2.1.236 7.10.7.84 2010-05-10 0.24 - Antiy 2.0.18 20100510.4348349 2010-05-10 0.12 - Arcavir 2009 201005101630 2010-05-10 0.02 - Authentium 5.1.1 201005100922 2010-05-10 1.26 - AVAST! 4.7.4 100510-1 2010-05-10 0.00 - AVG 8.5.793 271.1.1/2866 2010-05-11 0.22 - BitDefender 7.81008.5859271 7.31603 2010-05-11 3.73 - ClamAV 0.95.3 10955 2010-05-10 0.01 - Comodo 3.13.579 4819 2010-05-10 0.88 - CP Secure 1.3.0.5 2010.05.10 2010-05-10 0.01 - Dr.Web 5.0.2.3300 2010.05.11 2010-05-11 7.04 - F-Prot 4.4.4.56 20100510 2010-05-10 1.26 - F-Secure 7.02.73807 2010.05.10.10 2010-05-10 10.94 - Fortinet 4.0.14 11.925 2010-05-10 0.14 - GData 21.126/21.44 20100510 2010-05-10 6.79 - ViRobot 20100510 2010.05.10 2010-05-10 0.41 - Ikarus T3.1.01.84 2010.05.10.75826 2010-05-10 6.25 - JiangMin 13.0.900 2010.05.10 2010-05-10 1.17 - Kaspersky 5.5.10 2010.05.10 2010-05-10 0.03 - KingSoft 2009.2.5.15 2010.5.10.18 2010-05-10 0.63 - McAfee 5400.1158 5978 2010-05-10 0.02 - Microsoft 1.5703 2010.05.11 2010-05-11 6.50 - Norman 6.04.12 6.04.00 2010-05-10 6.01 - Panda 9.05.01 2010.05.10 2010-05-10 1.64 - Trend Micro 9.120-1004 7.158.14 2010-05-10 0.03 - Quick Heal 10.00 2010.05.10 2010-05-10 1.52 - Rising 20.0 22.47.00.04 2010-05-10 0.28 - Sophos 3.07.1 4.53 2010-05-11 3.24 - Sunbelt 3.9.2421.2 6288 2010-05-10 6.07 - Symantec 1.3.0.24 20100510.002 2010-05-10 0.04 - nProtect 20100510.01 8224986 2010-05-10 7.50 - The Hacker 6.5.2.0 v00278 2010-05-09 0.43 - VBA32 3.12.12.4 20100506.1333 2010-05-06 2.45 - VirusBuster 4.5.11.10 10.126.23/2048291 2010-05-10 2.35 - All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71ef8876-23e8-11df-9865-0050da29b0ad}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71ef8876-23e8-11df-9865-0050da29b0ad}\ not found. File J:\slacker.synclauncher.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71ef8876-23e8-11df-9865-0050da29b0ad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71ef8876-23e8-11df-9865-0050da29b0ad}\ not found. File J:\slacker.synclauncher.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\chkeilor\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\pqxduivu\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ypetnpgj\ deleted successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully. ========== FILES ========== C:\WINDOWS\system32\rdpdd.cpo moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: TheLeviathan ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 597188511 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 3781 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: HelpAssistant ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 4382660 bytes ->Flash cache emptied: 2716 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2676171 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 2046336 bytes Total Files Cleaned = 578.00 mb [EMPTYFLASH] User: All Users User: TheLeviathan ->Flash cache emptied: 0 bytes User: Default User User: HelpAssistant ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb Restore point Set: OTL Restore Point (0) OTL by OldTimer - Version 3.2.4.1 log created on 05102010_193822 Files\Folders moved on Reboot... C:\Documents and Settings\TheLeviathan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully. File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot. Registry entries deleted on Reboot... C:\Documents and Settings\TheLeviathan\Desktop\HelpAsst_mebroot_fix.exe Mon 05/10/2010 at 20:00:54.03 HelpAssistant account is Active ~ attempting to de-activate Account active Yes Local Group Memberships *Administrators HelpAssistant successfully set Inactive ~~ Checking for termsrv32.dll ~~ termsrv32.dll present! ~ attempting to remove Remove on reboot: C:\WINDOWS\system32\termsrv32.dll ~~ Checking firewall ports ~~ backing up DomainProfile\GloballyOpenPorts\List registry key closing rogue ports HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list "65533:TCP"=- "52344:TCP"=- "2382:TCP"=- "1941:TCP"=- "2102:TCP"=- "2704:TCP"=- "4509:TCP"=- "7518:TCP"=- "7415:TCP"=- "7416:TCP"=- "3389:TCP"=- backing up StandardProfile\GloballyOpenPorts\List registry key closing rogue ports HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list "65533:TCP"=- "52344:TCP"=- "2382:TCP"=- "1941:TCP"=- "2102:TCP"=- "2704:TCP"=- "4509:TCP"=- "7518:TCP"=- "7415:TCP"=- "7416:TCP"=- "3389:TCP"=- ~~ Checking profile list ~~ HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-1409082233-1532298954-839522115-1000 HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove ~ All C:\Documents and Settings\HelpAssistant files successfully removed ~ ~~ Checking mbr ~~ mbr infection detected! ~ running mbr -f Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully detected MBR rootkit hooks: \Driver\ACPI -> 0x8a3042d0 \Driver\atapi -> 0x8a310de0 NDIS: 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) -> SendCompleteHandler -> 0x8978f5c0 Warning: possible MBR rootkit infection ! copy of MBR has been found in sector 0x0FBC043 malicious code @ sector 0x0FBC046 ! PE file found in sector at 0x0FBC05C ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. original MBR restored successfully ! Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully detected MBR rootkit hooks: \Driver\ACPI -> 0x8a3042d0 \Driver\atapi -> 0x8a310de0 NDIS: 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) -> SendCompleteHandler -> 0x8978f5c0 Warning: possible MBR rootkit infection ! user & kernel MBR OK copy of MBR has been found in sector 0x0FBC043 malicious code @ sector 0x0FBC046 ! PE file found in sector at 0x0FBC05C ! Use "Recovery Console" command "fixmbr" to clear infection ! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Status check on Mon 05/10/2010 at 20:20:37.37 Account active No Local Group Memberships ~~ Checking mbr ~~ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x896D93C8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\ACPI -> 0x896d93c8 \Driver\atapi -> 0x89f902d0 NDIS: 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) -> SendCompleteHandler -> 0x897965c0 Warning: possible MBR rootkit infection ! user & kernel MBR OK copy of MBR has been found in sector 0x0FBC043 malicious code @ sector 0x0FBC046 ! PE file found in sector at 0x0FBC05C ! Use "Recovery Console" command "fixmbr" to clear infection ! ~~ Checking for termsrv32.dll ~~ termsrv32.dll not found HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll ~~ Checking profile list ~~ No HelpAssistant profile in registry ~~ Checking for HelpAssistant directories ~~ none found ~~ Checking firewall ports ~~ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List] "65533:TCP"=65533:TCP:*:Enabled:Services "52344:TCP"=52344:TCP:*:Enabled:Services "7415:TCP"=7415:TCP:*:Enabled:Services "7416:TCP"=7416:TCP:*:Enabled:Services [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"=65533:TCP:*:Enabled:Services "52344:TCP"=52344:TCP:*:Enabled:Services "7415:TCP"=7415:TCP:*:Enabled:Services "7416:TCP"=7416:TCP:*:Enabled:Services ~~ EOF ~~ |
|
|
|
|
May 11 2010, 01:02 PM
Post
#4
|
|
|
Advanced Member Group: Global Moderator Posts: 4,604 Joined: 17-September 07 Member No.: 3,506 |
Download ComboFix here : Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply. -------------------- By the power of truth, I, while living, have conquered the universe.
~Scratch~ My help is always free, but if you want to donate to help me continue my fight against malware then click here |
|
|
|
|
May 12 2010, 12:13 AM
Post
#5
|
|
|
Member Group: Member+ Posts: 13 Joined: 10-May 10 Member No.: 10,224 |
Thanks again for the reply and your help!
Any idea how serious this issue is? I remember perusing another thread, possibly on another forum, where someone had the Rustock rootkit and they were advised to contact their financial institutions to keep an eye out for identity theft. Should I be as vigilant with this MBR rootkit? My logs are attached below. The Leviathan ====================== Windows Validation Check Log Created On: 1856_11-05-2010 ------------------------ WVCheck's Registry Dump ----------------------- Auto-Update Option: Do not download or install updates automatically. ------------------------------ Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found. WVCheck's File Dump ------------------- WVCheck found no files. WVCheck's HOSTS File Check ------------------- WVCheck found no bad lines in the hosts file. -------- End of File, program close at 1902_11-05-2010 -------- ComboFix 10-05-10.05 - TheLeviathan 05/11/2010 19:35:45.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1042 [GMT -4:00] Running from: c:\documents and settings\TheLeviathan\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected Restored copy from - Kitty had a snack  . ((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 ))))))))))))))))))))))))))))))) . 2010-05-11 23:33 . 2010-05-11 23:40 -------- d-----w- c:\documents and settings\HelpAssistant 2010-05-11 21:19 . 2010-05-11 21:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-05-11 21:18 . 2010-05-11 21:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-05-11 00:00 . 2010-05-11 00:01 -------- d-----w- C:\HelpAsst_backup 2010-05-10 23:38 . 2010-05-10 23:38 -------- d-----w- C:\_OTL 2010-05-09 22:16 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys 2010-05-09 19:34 . 2010-05-09 19:34 -------- d-----w- C:\Rooter$ 2010-05-09 06:02 . 2010-05-09 06:02 -------- d-----w- c:\documents and settings\TheLeviathan\Application Data\Malwarebytes 2010-05-09 06:02 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-09 06:02 . 2010-05-09 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-09 06:02 . 2010-05-09 06:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-09 06:02 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-07 07:59 . 2010-05-07 07:26 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-05-07 07:26 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-05-07 07:26 . 2010-05-07 07:26 -------- dc----w- c:\windows\system32\DRVSTORE 2010-05-07 07:26 . 2010-05-07 07:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-07 07:24 . 2010-05-07 07:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-07 07:24 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-05-07 07:24 . 2010-05-07 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-07 07:24 . 2010-05-07 07:24 -------- d-----w- c:\program files\Lavasoft 2010-05-06 06:02 . 2010-05-06 07:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-06 06:02 . 2010-05-06 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-05 04:01 . 2010-05-05 04:05 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe 2010-05-05 04:01 . 2010-05-05 04:05 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll 2010-05-05 04:01 . 2010-05-05 04:01 -------- d-----w- c:\documents and settings\TheLeviathan\Local Settings\Application Data\mdnslib 2010-05-05 03:59 . 2010-05-05 03:59 -------- d-----w- c:\documents and settings\TheLeviathan\Local Settings\Application Data\FLVService 2010-05-05 03:59 . 2010-05-05 03:59 -------- d-----w- c:\windows\Replay Media Catcher 2010-05-05 03:46 . 2010-05-05 03:46 46 ----a-w- c:\windows\system32\DonationCoder_urlsnooper_InstallInfo.dat 2010-05-05 03:46 . 2010-05-05 03:46 -------- d-----w- c:\documents and settings\TheLeviathan\Application Data\DonationCoder 2010-05-05 03:36 . 2010-05-05 03:36 -------- d-----w- c:\program files\Orbitdownloader 2010-05-01 04:10 . 2010-05-10 22:53 -------- d-----w- c:\program files\FreeVPN 2010-04-16 06:59 . 2010-04-16 07:00 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-11 23:33 . 2009-11-22 07:46 -------- d-----w- c:\program files\Symantec AntiVirus 2010-05-05 03:58 . 2010-04-10 21:20 -------- d-----w- c:\documents and settings\TheLeviathan\Application Data\Orbit 2010-04-28 07:57 . 2010-01-29 20:48 256 ----a-w- c:\windows\system32\pool.bin 2010-04-25 05:20 . 2010-04-25 05:20 -------- d-----w- c:\program files\Common Files\Java 2010-04-25 05:20 . 2010-04-25 05:20 503808 ----a-w- c:\documents and settings\TheLeviathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e67d4cd-n\msvcp71.dll 2010-04-25 05:20 . 2010-04-25 05:20 499712 ----a-w- c:\documents and settings\TheLeviathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e67d4cd-n\jmc.dll 2010-04-25 05:20 . 2010-04-25 05:20 348160 ----a-w- c:\documents and settings\TheLeviathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e67d4cd-n\msvcr71.dll 2010-04-25 05:20 . 2010-04-25 05:20 61440 ----a-w- c:\documents and settings\TheLeviathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3415ad37-n\decora-sse.dll 2010-04-25 05:20 . 2010-04-25 05:20 12800 ----a-w- c:\documents and settings\TheLeviathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3415ad37-n\decora-d3d.dll 2010-04-25 05:20 . 2010-04-25 05:20 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-25 05:20 . 2010-04-25 05:20 -------- d-----w- c:\program files\Java 2010-04-10 21:27 . 2010-04-10 21:20 -------- d-----w- c:\documents and settings\TheLeviathan\Application Data\GrabPro 2010-03-29 02:57 . 2010-03-29 02:57 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys 2010-03-29 02:57 . 2010-03-29 02:57 -------- d-----w- c:\program files\NetWorx 2010-03-29 02:57 . 2010-03-29 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SoftPerfect . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-09 155648] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536] "NetWorx"="c:\program files\NetWorx\networx.exe" [2010-03-22 2909696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2005-10-04 17:42 48752 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] 2007-04-09 17:32 19456 ------w- c:\windows\system32\CtHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] 2007-04-09 17:32 19968 ------w- c:\windows\system32\Ctxfihlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-10-22 17:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-10-22 17:22 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-10-22 17:22 1622016 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-04-09 01:23 155648 ------w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "m:\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "l:\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "7415:TCP"= 7415:TCP:Services "7416:TCP"= 7416:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/23/2008 10:18 AM 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/23/2008 10:18 AM 5248] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/7/2010 3:26 AM 64288] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11/24/2008 2:10 AM 77312] R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [3/28/2010 10:57 PM 38976] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1285864] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/22/2009 3:53 AM 102448] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200] . Contents of the 'Scheduled Tasks' folder 2010-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 07:26] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe AddRemove-Soundslides - c:\program files\Soundslides\uninstall.exe \u ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-11 19:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x899B8388]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28 \Driver\ACPI -> 0x899b8388 \Driver\atapi -> 0x89ff59d8 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) -> SendCompleteHandler -> 0x898105c0 PacketIndicateHandler -> NDIS.sys @ 0xb9dd9a21 SendHandler -> NDIS.sys @ 0xb9dce949 Warning: possible MBR rootkit infection ! user & kernel MBR OK copy of MBR has been found in sector 0x0FBC043 malicious code @ sector 0x0FBC046 ! PE file found in sector at 0x0FBC05C ! ************************************************************************** . Completion time: 2010-05-11 19:46:07 ComboFix-quarantined-files.txt 2010-05-11 23:46 Pre-Run: 1,475,059,712 bytes free Post-Run: 1,200,979,968 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - 25BC13B302BE489CBEDEC7CCE4C8B9A1 |
|
|
|
|
May 12 2010, 03:18 AM
Post
#6
|
|
|
Member Group: Member+ Posts: 13 Joined: 10-May 10 Member No.: 10,224 |
Just an update, my Norton Corporate/Symantec antivirus found the following infected file(s) on auto-protect mode, here is the log:
====== Risk Backdoor.Tidserv!inf Backdoor.Tidserv!inf Action Partial Partial Count 4 4 Filename A0033904.sys A0033904.sys Threat Type File File Original Location C:\System Volume Information\_restore{2EAA3C7C-1452-452A-8E4B-A6AE4367A720}\RP365\ C:\System Volume Information\_restore{2EAA3C7C-1452-452A-8E4B-A6AE4367A720}\RP365\ Computer THELEVIATHAN THELEVIATHAN User THELEVIATHAN\SYSTEM THELEVIATHAN\SYSTEM Status Infected Infected Current Location C:\System Volume Information\_restore{2EAA3C7C-1452-452A-8E4B-A6AE4367A720}\RP365\ C:\System Volume Information\_restore{2EAA3C7C-1452-452A-8E4B-A6AE4367A720}\RP365\ Primary Action Clean security risk Clean security risk Secondary Action Quarantine Quarantine Logged By Auto-Protect scan Auto-Protect scan Action Description Quarantine was partially successful. Quarantine was partially successful. Date 5/11/2010 22:22 5/11/2010 21:24 ====== The action was partial because in both instances it successfully deleted a 'Browser Cache Remediation'. I tried forcing quarantine and delete without any success. Also, when I shut down I know get six separate error windows for SpyBot's TeaTimer.exe which may be related to its disabling during the ComboFix process above, as it only started happening after reactivating it. The errors say the same thing, appear twice each, and only have the [OK] and [X] button available to press. The first set of errors say this: [/indent]ErrorAccess violation at address 0425A64B. Write of address 00000400 SpyBot then needs to be 'End Tasked' in order to resume shutdown process. ====== Again, many thanks for your continued help; The Leviathan |
|
|
|
|
May 12 2010, 12:05 PM
Post
#7
|
|
|
Advanced Member Group: Global Moderator Posts: 4,604 Joined: 17-September 07 Member No.: 3,506 |
wont hurt to change your passwords
Please download OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: Folder:: c:\documents and settings\HelpAssistant Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"=- MBR:: Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe  Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. -------------------- By the power of truth, I, while living, have conquered the universe.
~Scratch~ My help is always free, but if you want to donate to help me continue my fight against malware then click here |
|
|
|
|
May 15 2010, 10:45 AM
Post
#8
|
|
|
Member Group: Member+ Posts: 13 Joined: 10-May 10 Member No.: 10,224 |
Thank you for the password change advice.
I am sorry for the late reply; my logs are listed below. Regards, The Leviathan ================ All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== c:\documents and settings\HelpAssistant\UserData\YPX00AA2 folder moved successfully. c:\documents and settings\HelpAssistant\UserData\XDVVPD9O folder moved successfully. c:\documents and settings\HelpAssistant\UserData\X4THNU5V folder moved successfully. c:\documents and settings\HelpAssistant\UserData\QC4FRZBG folder moved successfully. c:\documents and settings\HelpAssistant\UserData folder moved successfully. c:\documents and settings\HelpAssistant\Templates folder moved successfully. c:\documents and settings\HelpAssistant\Start Menu\Programs\WinRAR folder moved successfully. c:\documents and settings\HelpAssistant\Start Menu\Programs\Startup folder moved successfully. c:\documents and settings\HelpAssistant\Start Menu\Programs\eXpress TimeStamp Toucher folder moved successfully. c:\documents and settings\HelpAssistant\Start Menu\Programs\Accessories\System Tools folder moved successfully. c:\documents and settings\HelpAssistant\Start Menu\Programs\Accessories\Entertainment folder moved successfully. c:\documents and settings\HelpAssistant\Start Menu\Programs\Accessories\Accessibility folder moved successfully. c:\documents and settings\HelpAssistant\Start Menu\Programs\Accessories folder moved successfully. c:\documents and settings\HelpAssistant\Start Menu\Programs folder moved successfully. c:\documents and settings\HelpAssistant\Start Menu folder moved successfully. c:\documents and settings\HelpAssistant\SendTo folder moved successfully. c:\documents and settings\HelpAssistant\Recent folder moved successfully. c:\documents and settings\HelpAssistant\PrintHood folder moved successfully. c:\documents and settings\HelpAssistant\NetHood\My Web Sites on MSN folder moved successfully. c:\documents and settings\HelpAssistant\NetHood folder moved successfully. c:\documents and settings\HelpAssistant\My Documents\My Videos\DivX Movies folder moved successfully. c:\documents and settings\HelpAssistant\My Documents\My Videos folder moved successfully. c:\documents and settings\HelpAssistant\My Documents\My Pictures folder moved successfully. c:\documents and settings\HelpAssistant\My Documents\My Music folder moved successfully. c:\documents and settings\HelpAssistant\My Documents\Flight Simulator Files folder moved successfully. c:\documents and settings\HelpAssistant\My Documents folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\II4W8K27 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\ETQNA5WO folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\4ERQV9SJ folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\3TJLEK7B folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\AntiPhishing folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Temp\WPDNSE folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Temp\RarSFX0 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Temp folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\History\History.IE5\MSHist012010051120100512 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\History\History.IE5\MSHist012010051020100511 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\History\History.IE5\MSHist012010050320100510 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\History\History.IE5\MSHist012010041820100419 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\History\History.IE5 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\History folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Apps\2.0\Z8MLAQWP.W85\1KGXAZMC.BP3\manifests folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Apps\2.0\Z8MLAQWP.W85\1KGXAZMC.BP3 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Apps\2.0\Z8MLAQWP.W85 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Apps\2.0\Data\89J235P4.7G1\N560924J.X8O folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Apps\2.0\Data\89J235P4.7G1 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Apps\2.0\Data folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Apps\2.0 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Apps folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Symantec folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\nxemvp folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\temp folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows NT\NTBackup folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows NT folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows Media\9.0 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows Media\11.0 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows Media folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Windows folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is\3sfzpffo.kjg\eizehace.ao5\1\s\mblaj4qqffg1hhhww2sljrugc2b4hoqjzu20u5jkbe3krigsbcaaacfa\f folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is\3sfzpffo.kjg\eizehace.ao5\1\s\mblaj4qqffg1hhhww2sljrugc2b4hoqjzu20u5jkbe3krigsbcaaacfa folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is\3sfzpffo.kjg\eizehace.ao5\1\s\fg55llasblzekh4g3lxdq2bycsmihi3znlh3fmbjx5pakfxnx1aaagea\f folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is\3sfzpffo.kjg\eizehace.ao5\1\s\fg55llasblzekh4g3lxdq2bycsmihi3znlh3fmbjx5pakfxnx1aaagea folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is\3sfzpffo.kjg\eizehace.ao5\1\s folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is\3sfzpffo.kjg\eizehace.ao5\1\l folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is\3sfzpffo.kjg\eizehace.ao5\1\g\05tegpd0e531u3m3g2kuvwhcozhjk101i2vrknwtwduez2rkdyaaagfa folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is\3sfzpffo.kjg\eizehace.ao5\1\g folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is\3sfzpffo.kjg\eizehace.ao5\1 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is\3sfzpffo.kjg\eizehace.ao5 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is\3sfzpffo.kjg folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight\is folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Silverlight folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Portable Devices folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Outlook folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\OFFICE\ONetConfig folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\OFFICE\12.0 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\OFFICE folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Media Player\Transcoded Files Cache folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Media Player\Sync Generated Playlists folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Media Player\Sync Downloads folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Media Player\Art Cache\LocalMLS folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Media Player\Art Cache folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Media Player folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Internet Explorer folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\HelpCtr folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\FORMS folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Feeds Cache\ZMOI2RTA folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Feeds Cache\YG8M82C2 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Feeds Cache\S4BWXZ8S folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Feeds Cache\O10PLQHA folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Feeds Cache folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~ folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Feeds folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1409082233-1532298954-839522115-1003 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1409082233-1532298954-839522115-1000 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\Credentials folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft\CD Burning folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\mejrju folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\mdnslib folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Identities\{967BD4D9-58A1-4D95-B3EB-1FF13349B933}\Microsoft\Outlook Express folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Identities\{967BD4D9-58A1-4D95-B3EB-1FF13349B933}\Microsoft folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Identities\{967BD4D9-58A1-4D95-B3EB-1FF13349B933} folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Identities folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Help folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\FLVService\lib folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\FLVService folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Deployment folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\cuykgf folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\14 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\07 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\06 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\14 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\09 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\06 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\03 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\11\07 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\11\05 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\11 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\13 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\09 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\13 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\02 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\08 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\15 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\04 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\02 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03\14 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03\10 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\15 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\12 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\15 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\12 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\09 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\00\05 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads\00 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime\downloads folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer\QuickTime folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\Updater6\Install folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\Updater6\Data\UpdateAvailable\pselements7-en_US folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\Updater6\Data\UpdateAvailable folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\Updater6\Data folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\Updater6 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\TypeSupport folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\Fonts folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\ESD folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\Color folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\Acrobat\7.0 folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe\Acrobat folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings\Application Data folder moved successfully. c:\documents and settings\HelpAssistant\Local Settings folder moved successfully. c:\documents and settings\HelpAssistant\Favorites\Microsoft Websites folder moved successfully. c:\documents and settings\HelpAssistant\Favorites\Links folder moved successfully. c:\documents and settings\HelpAssistant\Favorites folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\youtube folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Canon Pictures folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Slide Show folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Bills folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Pictures 1 folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Pictures\Tea folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Pictures folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Orbit Downloads\New Folder (2) folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Orbit Downloads\CBC - The Current\Robert Fisk folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Orbit Downloads\CBC - The Current folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Orbit Downloads folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\New Folder folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Slideshow\Slideshow Photos\Original folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Slideshow\Slideshow Photos\Edited folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Slideshow\Slideshow Photos folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Slideshow\Pictures folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Slideshow\Music folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Slideshow\Background folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Slideshow folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal\SysRestorePoint_v13 folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal\Rooter folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal\OTL folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal\LockSearch folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal\erunt\Backup\5-9-2010\Users\00000002 folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal\erunt\Backup\5-9-2010\Users\00000001 folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal\erunt\Backup\5-9-2010\Users folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal\erunt\Backup\5-9-2010 folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal\erunt\Backup folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal\erunt folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal\CKScanner folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Malware removal folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Finished\Top 50 folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Finished\Pictures folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Finished\File Lists folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Finished\Edited Top 50 folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Finished folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\DeviantART folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Canon Pictures 2 folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\BB backup folder moved successfully. c:\documents and settings\HelpAssistant\Desktop\Tax folder moved successfully. c:\documents and settings\HelpAssistant\Desktop folder moved successfully. c:\documents and settings\HelpAssistant\Cookies folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\WinRAR folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\vlc\art\title\Addiction (Radio) folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\vlc\art\title folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\vlc\art\artistalbum\Royksopp\The Understanding folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\vlc\art\artistalbum\Royksopp folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\vlc\art\artistalbum folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\vlc\art folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\vlc folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\jre1.6.0_20 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\tmp\si folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\tmp folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\9 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\8 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\7 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\63 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\62 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\61 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\60 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\6 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\59 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\58 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\57 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\56 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\55 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e67d4cd-n folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\53 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\52 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\51 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\50 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\5 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\49 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\48 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\47 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\46 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\45 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\44 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\43 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\42 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\41 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\40 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\4 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\39 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\38 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\37 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\36 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\35 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\34 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\33 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\32 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\31 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\30 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\3 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\29 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\28 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\27 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\26 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\25 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\24 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\23 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\22 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\21 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\20 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\2 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\19 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\18 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3415ad37-n folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\16 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\15 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\14 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\13 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\12 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\11 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\10 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\1 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0\0 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache\6.0 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\SystemCache folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\security folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\log folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\ext folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment\cache folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\Deployment folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java\AU folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun\Java folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Sun folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Updates folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Loader History folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Loader Cache\ebb063f0583e757ce35970273a5a5db448b62c2d\UMTS folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Loader Cache\ebb063f0583e757ce35970273a5a5db448b62c2d\Java folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Loader Cache\ebb063f0583e757ce35970273a5a5db448b62c2d folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Loader Cache\dae2b5a3587e6ac33bf1d3eb90b2ee889df44b5b folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Loader Cache\01748d6d5c6fd795ce842c6fa2a3523c46eca1ab\Java folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Loader Cache\01748d6d5c6fd795ce842c6fa2a3523c46eca1ab folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Loader Cache folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Intellisync\2554B2B0 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Intellisync\21CB02E3 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Intellisync\2094D375 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\Intellisync folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry\DesktopInstallerFiles folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion\BlackBerry folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Research In Motion folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Photodex\Proshow Producer folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Photodex\ProShow Gold folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Photodex folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Orbit\flink folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Orbit folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Netscape\Plugins folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Netscape folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Nero\OnlineServices folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Nero\Nero 9\Nero Burning ROM folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Nero\Nero 9 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Nero folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Mozilla\Plugins folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Mozilla folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Word\STARTUP folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Word folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Windows\Themes folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Windows folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Templates folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\SystemCertificates\My\CTLs folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\SystemCertificates\My\CRLs folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\SystemCertificates\My\Certificates folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\SystemCertificates\My folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\SystemCertificates folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Speech\Files\UserLexicons folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Speech\Files folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Speech folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Protect\S-1-5-21-1409082233-1532298954-839522115-1003 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Protect folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Proof folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\PowerPoint folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Office\Recent folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Office folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\MMC folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Media Player\Skins folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Media Player folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Internet Explorer\Quick Launch folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Internet Explorer folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\HTML Help folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\SceneryCache folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\Facilities folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\Wright_Flyer folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\Vickers_Vimy folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\Spirit_of_StLouis folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\schweizr folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\Robinson_R22 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\Piper_J3Cub folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\pa28_180 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\mooney_bravo folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\md_83 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\Lockheed_Vega folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\lockheed-martinsr-71ablackbird folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\lear45 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\Ford_Trimotor folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\F-16NY folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\extra300 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\Douglas_DC3 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\dh_dash8_100 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\DeHavilland_Comet folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\Curtiss_Jenny folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\C208B folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\C208 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\c182 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\c172 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\bell206b folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\beech_king_air_350 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\beech_baron_58 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\b777_300 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\b747_400 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT\b737_400 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9\AIRCRAFT folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\FS9 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Forms folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Excel\XLSTART folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Excel folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1409082233-1532298954-839522115-1003 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Crypto\RSA folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Crypto folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\CryptnetUrlCache\MetaData folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\CryptnetUrlCache\Content folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\CryptnetUrlCache folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Credentials\S-1-5-21-1409082233-1532298954-839522115-1003 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Credentials\S-1-5-21-1409082233-1532298954-839522115-1000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Credentials folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\Address Book folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft\AddIns folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Microsoft folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Malwarebytes folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextXtra folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextAsset folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWA folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundControl folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\Shockwave3dAsset folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MacroMix folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\Havok folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontXtra folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontAsset folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FlashAsset folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\DirectSound folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras\download folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\xtras folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\Prefs\ZKCGCLYT folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player\Prefs folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Shockwave Player folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.cbc.ca folder moved successfully/ c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player\macromedia.com\support folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player\macromedia.com folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\ML4GXU3S\www.cbc.ca\video\swf\UberPlayer.swf folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\ML4GXU3S\www.cbc.ca\video\swf folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\ML4GXU3S\www.cbc.ca\video folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\ML4GXU3S\www.cbc.ca folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\ML4GXU3S folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia\Flash Player folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Macromedia folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Identities\{967BD4D9-58A1-4D95-B3EB-1FF13349B933} folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Identities folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Help folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\GrabPro folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\TRAINING_DAY-2002021909053900-1bf2f47507 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\OCEANS_THIRTEEN-2007082903522600-01b071e40c folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\KISS_KISS_BANG_BANG-2006031523521400-1bf2f47507 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\GOODFELLAS_4X3_NA_PT2-1997022001295500-1bf1cf271b folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\GOODFELLAS_4X3LB_NA-1997021923075700-d58c7323e0 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\F-00000349000002dc-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\c-0000034300000343-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\b-000003340000038b-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\a-36887b34bac8f7ff-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\9-0000035500000367-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\9-000002c4000002f5-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\4_-1ed51128ea6d9a49-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\4-e79d53adcee14eab-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\.-0000033300000321-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-a71946f3aae6a784-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-6461746100000001-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-5379cc360a29eb14-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-362e34000000bc2d-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-2264af4b697f052f-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-206f98a2cda3ad1c-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-1b0015d600000000-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-0000039300000323-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-000003330000033b-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-0000033000000333-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-0000032600000313-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-00000308000002f1-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-000002ff00000321-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-000002e00000028d-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-000002c1000002cb-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-000002a4000002c1-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-0000027b00000291-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\-0000025f00000284-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\--000002b1000002cb-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss\)-0000028900000282-0000000000 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\dvdcss folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\DonationCoder\Keys folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\DonationCoder folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Creative\Calibrator folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Creative folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Blackberry Desktop\Yahoo Connector folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Blackberry Desktop\Novell GroupWise Connector folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Blackberry Desktop folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Apple Computer\QuickTime folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Apple Computer folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\AdobeUM folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SWA folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SoundControl folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\MacroMix folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FlashAsset folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\DirectSound folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11\xtras\download folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11\xtras folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11\Prefs\GX4WR4PG folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11\Prefs folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11\DswMedia folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Shockwave Player 11 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Plugins\Adobe Lighting Effects CS3\Photoshop\Lighting Styles folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Plugins\Adobe Lighting Effects CS3\Photoshop folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Plugins\Adobe Lighting Effects CS3 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Plugins\Adobe Filter Gallery CS2\Elements folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Plugins\Adobe Filter Gallery CS2 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Plugins folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Photoshop Elements Sync Agent\1.0\Logs folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Photoshop Elements Sync Agent\1.0 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Photoshop Elements Sync Agent folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Flash Player\AssetCache\DRYHBGZ8 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Flash Player\AssetCache folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Flash Player folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Color\Settings folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Color\Proofing folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Color folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Adobe PDF\Settings folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Adobe PDF folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Acrobat\7.0\Updater folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Acrobat\7.0\Security folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Acrobat\7.0\Preferences folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Acrobat\7.0\Messages\ENU folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Acrobat\7.0\Messages folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Acrobat\7.0\JavaScripts folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Acrobat\7.0\Collab folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Acrobat\7.0 folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe\Acrobat folder moved successfully. c:\documents and settings\HelpAssistant\Application Data\Adobe folder moved successfully. c:\documents and settings\HelpAssistant\Application Data folder moved successfully. c:\documents and settings\HelpAssistant folder moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: TheLeviathan ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 428120714 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 4182 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 1042 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 145094 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 34757544 bytes Total Files Cleaned = 442.00 mb Restore point Set: OTM Restore Point (0) OTM by OldTimer - Version 3.1.12.0 log created on 05152010_052732 Files moved on Reboot... C:\Documents and Settings\TheLeviathan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully. File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot. Registry entries deleted on Reboot... ComboFix 10-05-10.05 - TheLeviathan 05/15/2010 5:45.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1061 [GMT -4:00] Running from: c:\documents and settings\TheLeviathan\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\TheLeviathan\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 ))))))))))))))))))))))))))))))) . 2010-05-15 09:27 . 2010-05-15 09:27 -------- d-----w- C:\_OTM 2010-05-11 21:19 . 2010-05-11 21:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-05-11 21:18 . 2010-05-11 21:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-05-11 00:00 . 2010-05-11 00:01 -------- d-----w- C:\HelpAsst_backup 2010-05-10 23:38 . 2010-05-10 23:38 -------- d-----w- C:\_OTL 2010-05-09 22:16 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys 2010-05-09 19:34 . 2010-05-09 19:34 -------- d-----w- C:\Rooter$ 2010-05-09 06:02 . 2010-05-09 06:02 -------- d-----w- c:\documents and settings\TheLeviathan\Application Data\Malwarebytes 2010-05-09 06:02 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-09 06:02 . 2010-05-09 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-09 06:02 . 2010-05-09 06:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-09 06:02 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-07 07:59 . 2010-05-07 07:26 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-05-07 07:26 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-05-07 07:26 . 2010-05-07 07:26 -------- dc----w- c:\windows\system32\DRVSTORE 2010-05-07 07:26 . 2010-05-07 07:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-07 07:24 . 2010-05-07 07:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-07 07:24 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-05-07 07:24 . 2010-05-07 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-07 07:24 . 2010-05-07 07:24 -------- d-----w- c:\program files\Lavasoft 2010-05-06 06:02 . 2010-05-06 07:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-06 06:02 . 2010-05-06 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-05 04:01 . 2010-05-05 04:05 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe 2010-05-05 04:01 . 2010-05-05 04:05 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll 2010-05-05 04:01 . 2010-05-05 04:01 -------- d-----w- c:\documents and settings\TheLeviathan\Local Settings\Application Data\mdnslib 2010-05-05 03:59 . 2010-05-05 03:59 -------- d-----w- c:\documents and settings\TheLeviathan\Local Settings\Application Data\FLVService 2010-05-05 03:59 . 2010-05-05 03:59 -------- d-----w- c:\windows\Replay Media Catcher 2010-05-05 03:46 . 2010-05-05 03:46 46 ----a-w- c:\windows\system32\DonationCoder_urlsnooper_InstallInfo.dat 2010-05-05 03:46 . 2010-05-05 03:46 -------- d-----w- c:\documents and settings\TheLeviathan\Application Data\DonationCoder 2010-05-05 03:36 . 2010-05-05 03:36 -------- d-----w- c:\program files\Orbitdownloader 2010-05-01 04:10 . 2010-05-10 22:53 -------- d-----w- c:\program files\FreeVPN 2010-04-16 06:59 . 2010-04-16 07:00 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-15 09:55 . 2009-11-22 07:46 -------- d-----w- c:\program files\Symantec AntiVirus 2010-05-05 03:58 . 2010-04-10 21:20 -------- d-----w- c:\documents and settings\TheLeviathan\Application Data\Orbit 2010-04-28 07:57 . 2010-01-29 20:48 256 ----a-w- c:\windows\system32\pool.bin 2010-04-25 05:20 . 2010-04-25 05:20 -------- d-----w- c:\program files\Common Files\Java 2010-04-25 05:20 . 2010-04-25 05:20 503808 ----a-w- c:\documents and settings\TheLeviathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e67d4cd-n\msvcp71.dll 2010-04-25 05:20 . 2010-04-25 05:20 499712 ----a-w- c:\documents and settings\TheLeviathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e67d4cd-n\jmc.dll 2010-04-25 05:20 . 2010-04-25 05:20 348160 ----a-w- c:\documents and settings\TheLeviathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e67d4cd-n\msvcr71.dll 2010-04-25 05:20 . 2010-04-25 05:20 61440 ----a-w- c:\documents and settings\TheLeviathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3415ad37-n\decora-sse.dll 2010-04-25 05:20 . 2010-04-25 05:20 12800 ----a-w- c:\documents and settings\TheLeviathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3415ad37-n\decora-d3d.dll 2010-04-25 05:20 . 2010-04-25 05:20 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-25 05:20 . 2010-04-25 05:20 -------- d-----w- c:\program files\Java 2010-04-10 21:27 . 2010-04-10 21:20 -------- d-----w- c:\documents and settings\TheLeviathan\Application Data\GrabPro 2010-03-29 02:57 . 2010-03-29 02:57 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys 2010-03-29 02:57 . 2010-03-29 02:57 -------- d-----w- c:\program files\NetWorx 2010-03-29 02:57 . 2010-03-29 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SoftPerfect . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-09 155648] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536] "NetWorx"="c:\program files\NetWorx\networx.exe" [2010-03-22 2909696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2005-10-04 17:42 48752 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] 2007-04-09 17:32 19456 ------w- c:\windows\system32\CtHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] 2007-04-09 17:32 19968 ------w- c:\windows\system32\Ctxfihlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-10-22 17:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-10-22 17:22 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-10-22 17:22 1622016 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-04-09 01:23 155648 ------w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "m:\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "l:\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "7415:TCP"= 7415:TCP:Services "7416:TCP"= 7416:TCP:Services "6711:TCP"= 6711:TCP:Services "6712:TCP"= 6712:TCP:Services "2227:TCP"= 2227:TCP:Services "2954:TCP"= 2954:TCP:Services "7820:TCP"= 7820:TCP:Services "7821:TCP"= 7821:TCP:Services R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/23/2008 10:18 AM 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/23/2008 10:18 AM 5248] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/7/2010 3:26 AM 64288] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11/24/2008 2:10 AM 77312] R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [3/28/2010 10:57 PM 38976] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1285864] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/22/2009 3:53 AM 102448] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200] . Contents of the 'Scheduled Tasks' folder 2010-05-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 07:26] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-15 05:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89772D50]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28 \Driver\ACPI -> 0x89772d50 \Driver\atapi -> 0x8a118f00 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) -> SendCompleteHandler -> 0x8980a5c0 PacketIndicateHandler -> NDIS.sys @ 0xb9dbba0d SendHandler -> NDIS.sys @ 0xb9dcfb40 Warning: possible MBR rootkit infection ! user & kernel MBR OK copy of MBR has been found in sector 0x0FBC043 malicious code @ sector 0x0FBC046 ! PE file found in sector at 0x0FBC05C ! ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2476) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Photodex\ProShowGold\ScsiAccess.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\WgaTray.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2010-05-15 06:01:14 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-15 10:01 Pre-Run: 1,101,193,216 bytes free Post-Run: 1,067,843,584 bytes free - - End Of File - - 452582F42B6060909104FAD87328962B |
|
|
|
|
May 15 2010, 12:25 PM
Post
#9
|
|
|
Advanced Member Group: Global Moderator Posts: 4,604 Joined: 17-September 07 Member No.: 3,506 |
Download TFC to your desktop
Please download Malwarebytes' Anti-Malware from Here Double Click mbam-setup.exe to install the application.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Go to Kaspersky website and perform an online antivirus scan.
* Go here to run an online scannner from ESET.
-------------------- By the power of truth, I, while living, have conquered the universe.
~Scratch~ My help is always free, but if you want to donate to help me continue my fight against malware then click here |
|
|
|
|
May 19 2010, 12:13 AM
Post
#10
|
|
|
Member Group: Member+ Posts: 13 Joined: 10-May 10 Member No.: 10,224 |
Hey, just wanted to post an update to let you know I am still working on this and to not close the thread. Kapersky scan took almost 40 hours and ESET scanner is running now. I will likely have the results tomorrow.
Thanks, The Leviathan |
|
|
|
|
May 19 2010, 11:27 AM
Post
#11
|
|
|
Advanced Member Group: Global Moderator Posts: 4,604 Joined: 17-September 07 Member No.: 3,506 |
ok
-------------------- By the power of truth, I, while living, have conquered the universe.
~Scratch~ My help is always free, but if you want to donate to help me continue my fight against malware then click here |
|
|
|
|
May 20 2010, 03:48 AM
Post
#12
|
|
|
Member Group: Member+ Posts: 13 Joined: 10-May 10 Member No.: 10,224 |
Hi again, thanks for your patience. My logs are posted below.
Cheers, The Leviathan ============== Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4108 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/16/2010 10:32:43 PM mbam-log-2010-05-16 (22-32-43).txt Scan type: Quick scan Objects scanned: 125148 Time elapsed: 5 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, May 18, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, May 16, 2010 23:49:01 Records in database: 4118148 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ I:\ L:\ M:\ P:\ Scan statistics: Objects scanned: 587660 Threats found: 18 Infected objects found: 85 Suspicious objects found: 0 Scan duration: 38:42:01 File name / Threat / Threats count C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500004.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500005.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500006.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500007.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500008.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500009.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F50000A.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F50000B.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F50000C.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F50000D.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500012.VBN Infected: Constructor.Win32.MS04-032.e 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F50001A.VBN Infected: Trojan.Win32.Genome.cnpu 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500020.VBN Infected: Trojan-Dropper.Win32.Small.bf 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F50002C.VBN Infected: Trojan-Dropper.Win32.Small.bf 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500031.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500032.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500033.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500034.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500035.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500036.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500037.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500038.VBN Infected: Trojan.Java.ClassLoader.as 3 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500039.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F50003A.VBN Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F50003F.VBN Infected: Constructor.Win32.MS04-032.e 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F500047.VBN Infected: Trojan.Win32.Genome.cnpu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mouclass.sys.vir Infected: Rootkit.Win32.TDSS.ap 1 C:\System Volume Information\_restore{2EAA3C7C-1452-452A-8E4B-A6AE4367A720}\RP365\A0033904.sys Infected: Rootkit.Win32.TDSS.ap 1 C:\_OTM\MovedFiles\05152010_052732\c_documents and settings\HelpAssistant\Local Settings\Temp\Av-test.txt Infected: EICAR-Test-File 1 D:\Games\ClashNSlash.rar Infected: Trojan-Downloader.Win32.Agent.dkcc 1 D:\Temporary\GDiVX1.9.9.6.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bx 1 D:\Temporary\GDiVX1.9.9.6.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.d 1 F:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00D00000.VBN Infected: Trojan-Downloader.JS.Agent.bkr 1 F:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00D00002.VBN Infected: Trojan-Downloader.JS.Agent.bkr 1 F:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\038C0000.VBN Infected: Trojan.Win32.Patched.af 1 F:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B00000.VBN Infected: Trojan.Win32.Agent.bsg 1 F:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B00001.VBN Infected: Trojan.Win32.Agent.bsg 1 F:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07D80000.VBN Infected: Backdoor.Win32.Agent.dbo 1 F:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280000\4FEF2B9F.VBN Infected: Trojan.Win32.Patched.af 1 F:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AD80000.VBN Infected: Trojan.Win32.Obfuscated.jw 1 F:\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\6.0\17\3e448391-4e2953c3 Infected: Exploit.Java.ByteVerify 1 F:\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-4bb611a9-2087d894.class Infected: Exploit.Java.ByteVerify 1 F:\Documents and Settings\TheLeviathan\Desktop\Backup Drivers\Flops\flops.zip Infected: Constructor.Win32.MS04-032.e 1 F:\Documents and Settings\TheLeviathan\Desktop\Backup Drivers\Xvid\Xvid.zip Infected: Trojan.Win32.Genome.cnpu 1 F:\Documents and Settings\TheLeviathan\Desktop\Backup Drivers\Xvid\Xvid.zip Infected: Trojan.Win32.Genome.cnpu 1 M:\Files\Games\SimCity.rar Infected: Trojan-Dropper.Win32.Small.bf 1 M:\BACKUP\GDiVX1.9.9.6.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bx 1 M:\BACKUP\GDiVX1.9.9.6.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.d 1 P:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00D00000.VBN Infected: Trojan-Downloader.JS.Agent.bkr 1 P:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00D00002.VBN Infected: Trojan-Downloader.JS.Agent.bkr 1 P:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\038C0000.VBN Infected: Trojan.Win32.Patched.af 1 P:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B00000.VBN Infected: Trojan.Win32.Agent.bsg 1 P:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B00001.VBN Infected: Trojan.Win32.Agent.bsg 1 P:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07D80000.VBN Infected: Backdoor.Win32.Agent.dbo 1 P:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09280000\4FEF2B9F.VBN Infected: Trojan.Win32.Patched.af 1 P:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AD80000.VBN Infected: Trojan.Win32.Obfuscated.jw 1 P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\6.0\17\3e448391-4e2953c3 Infected: Exploit.Java.ByteVerify 1 P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-4bb611a9-2087d894.class Infected: Exploit.Java.ByteVerify 1 P:\backup\Documents and Settings\TheLeviathan\Desktop\Backup Drivers\Flops\flops.zip Infected: Constructor.Win32.MS04-032.e 1 P:\Documents and Settings\TheLeviathan\Desktop\Backup Drivers\Xvid\Xvid.zip Infected: Trojan.Win32.Genome.cnpu 1 P:\Documents and Settings\TheLeviathan\Desktop\Backup Drivers\Xvid\Xvid.zip Infected: Trojan.Win32.Genome.cnpu 1 Selected area has been scanned. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.16735 (vista_gdr.080820-1506) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=bd7611bab92c71459b9809e1749567ff # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-05-18 09:33:29 # local_time=2010-05-18 05:33:29 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=509704 # found=10 # cleaned=6 # scan_time=24138 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\_OTM\MovedFiles\05152010_052732\c_documents and settings\HelpAssistant\Local Settings\Temp\Av-test.txt Eicar test file cleaned by deleting - quarantined D:\Temporary folder\KA\NGA INSTALL\NGA Release 1[1].part01.rar a variant of Win32/Kryptik.BGE trojan deleted - quarantined F:\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\6.0\17\3e448391-4e2953c3 Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined F:\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-4bb611a9-2087d894.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined F:\Documents and Settings\TheLeviathan\Desktop\Backup Drivers\Xvid\Xvid.zip a variant of Win32/Kryptik.AE trojan deleted F:\Documents and Settings\TheLeviathan\Desktop\Backup Drivers\Xvid\Xvid.zip a variant of Win32/Kryptik.AE trojan deleted F:\jars\Java Games\DigitalRed Shuffleboard v20\b-shuff2.zip probably a variant of Win32/Agent trojan deleted P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\6.0\17\3e448391-4e2953c3 Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting P:\backup\Documents and Settings\TheLeviathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-4bb611a9-2087d894.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting |
|
|
|
|
May 20 2010, 11:13 AM
Post
#13
|
|
|
Advanced Member Group: Global Moderator Posts: 4,604 Joined: 17-September 07 Member No.: 3,506 |
Please download OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Please download Dr.Web CureIt . Save it to your desktop:
NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner. also tell me how its running -------------------- By the power of truth, I, while living, have conquered the universe.
~Scratch~ My help is always free, but if you want to donate to help me continue my fight against malware then click here |
|
|
|
at the right, and the scan will start.|
May 24 2010, 02:01 PM
Post
#14
|
|
|
Advanced Member Group: Global Moderator Posts: 4,604 Joined: 17-September 07 Member No.: 3,506 |
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You ! -------------------- By the power of truth, I, while living, have conquered the universe.
~Scratch~ My help is always free, but if you want to donate to help me continue my fight against malware then click here |
|
|
|
|
May 25 2010, 01:57 AM
Post
#15
|
|
 Advanced Member Group: Global Moderator Posts: 188 Joined: 18-June 09 Member No.: 8,211 |
Re-opened.
Logs posted here in different topic: http://www.atribune.org/forums/index.php?showtopic=6047 Back to you. -------------------- If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED! Visit my Blog and Follow along! The help you receive here is always free but if you wish to show your appreciation, you may wish to  |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 6th September 2010 - 04:27 PM |