Win32/Spy.Agent.PZ Trojan [Archive] - Safer-Networking Forums

Fossilk1

2009-01-21, 23:04

I am having a problem with a Trojan or maybe a false positive which seems to come up everytime i run Spyware Doctor. When i run Spyware Doctor it scans over the "System Volume Information" but does not detect anything, BUT... ESET pops up with a messages saying it found a "Win32/Spy.Agent.PZ Trojan" located in the "System Volume Information" folder. Also SuperAntiSpyware also picks up a Trojan classified as "Trojan.Gen" and "Unclassified.LoaderX"

Here is my Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:59 PM, on 1/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.mp-hacks.net/forumdisplay.php?f=12
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [POL Agent] C:\DOCUME~1\Foss\LOCALS~1\Temp\Rar$EX00.234\crack\POL.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: eczvuw.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7872 bytes

Blade81

2009-01-26, 11:03

Hi

Please download ***OTViewIt**** (http://oldtimer.geekstogo.com/OTViewIt.exe) by ***OldTimer**** and save it to your Desktop.
Close all applications and windows.
Double-click on the ***OTViewIt.exe****to start OTViewIt.
Place a checkmark in the blue-colored Scan All Users checkbox.
Click the blue Run Scan button.
OTViewIt will now start its scan.
When the scan is complete, two text files will be created, ***OTViewIt.Txt**** <- this one will be opened in Notepad and ***Extras.txt**** on Desktop.
Copy ***(Ctrl+A then Ctrl+C)**** and paste ***(Ctrl+V)**** the contents of ***OTViewIt.Txt to your post.

Fossilk1

2009-01-26, 15:13

OTViewIt logfile created on: 1/26/2009 8:12:41 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Foss\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.17 Gb Total Space | 93.90 Gb Free Space | 65.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FOSS
Current User Name: Foss
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/07/25 16:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/12/21 07:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
[2007/07/25 16:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2008/12/18 12:07:03 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/07/20 16:53:52 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[2008/07/02 21:33:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/07/25 16:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2009/01/21 10:34:35 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
[2008/12/19 10:38:35 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
[2007/12/21 07:21:06 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
[2008/08/25 11:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
[2009/01/16 19:24:20 | 01,506,544 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[2008/12/30 16:27:17 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
[2004/09/15 06:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2007/07/25 16:32:34 | 00,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2004/08/04 06:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2009/01/26 08:11:52 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Foss\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/12/21 07:22:44 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
[2007/12/21 07:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running])
[2007/07/25 16:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2007/10/09 11:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 08:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/12/18 12:07:03 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2007/10/11 08:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/07/20 16:53:52 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2008/07/02 21:33:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/04/09 11:09:14 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
[2008/05/23 10:02:23 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped])
[2007/07/25 16:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2009/01/21 10:34:35 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe -- (Rpcnet [Auto | Running])
[2007/07/25 16:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
[2008/12/19 10:38:35 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
[2007/07/17 09:12:34 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe -- (STacSV [Disabled | Stopped])
[2008/12/30 16:27:14 | 00,360,192 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
[2008/12/30 16:27:17 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
[2004/09/15 06:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/07/25 16:32:34 | 00,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])

========== Driver Services ==========

[2008/04/02 20:29:20 | 00,021,393 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2008/01/23 09:41:31 | 00,097,216 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
[2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2007/07/17 23:30:28 | 00,161,792 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2006/11/02 12:31:38 | 00,103,168 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02 [On_Demand | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2007/12/21 07:19:54 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])
[2007/12/21 07:20:14 | 00,030,216 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running])
[2007/02/15 19:57:04 | 00,034,760 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
[2007/08/07 14:48:33 | 00,025,160 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
[2007/02/15 19:56:49 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2007/12/21 07:21:46 | 00,071,176 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw [Auto | Running])
[2007/12/21 07:21:52 | 00,030,728 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis [On_Demand | Running])
[2007/12/21 07:21:54 | 00,053,768 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi [System | Running])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/08/12 17:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/07/19 11:12:02 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
[2008/08/25 11:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/08/25 11:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/08/25 11:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2007/11/13 15:59:12 | 00,034,304 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maplom.sys -- (Maplom [On_Demand | Stopped])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2007/08/12 19:05:34 | 02,211,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
[2008/07/02 21:33:00 | 06,554,976 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 06:00:00 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2004/08/04 06:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2004/08/04 06:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2007/08/28 15:54:56 | 00,235,520 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev [On_Demand | Running])
[2007/08/28 15:55:06 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx [On_Demand | Running])
[2007/06/26 11:15:22 | 00,117,888 | ---- | M] (AGEIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\physX32.sys -- (physX32 [On_Demand | Running])
[2008/05/23 09:30:04 | 00,022,328 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/07/17 10:11:20 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007/07/17 10:11:20 | 00,056,832 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2007/07/17 10:11:22 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2007/05/29 15:29:30 | 00,012,416 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/05/28 10:33:36 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/05/28 10:33:38 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/05/28 10:33:36 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/05/03 05:27:21 | 00,078,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/07/17 09:12:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2007/07/17 23:09:26 | 00,202,912 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/04 00:10:12 | 00,078,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2004/08/04 00:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2007/08/28 17:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://forum.mp-hacks.net/forumdisplay.php?f=12

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080403
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080403
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3964944806-3785052099-3271516972-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://forum.mp-hacks.net/forumdisplay.php?f=12

[HKEY_USERS\S-1-5-21-3964944806-3785052099-3271516972-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3964944806-3785052099-3271516972-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

Hosts file not found

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice (ESET)
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

[HKEY_USERS\S-1-5-21-3964944806-3785052099-3271516972-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

========== (O4) Startup Folders ==========

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoRun"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoChangeStartMenu"=0
"NoLogOff"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoRun"=0
"NoClose"=0
"ClearRecentDocsOnExit"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3964944806-3785052099-3271516972-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoChangeStartMenu"=0
"NoLogOff"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoRun"=0
"NoClose"=0
"ClearRecentDocsOnExit"=1

[HKEY_USERS\S-1-5-21-3964944806-3785052099-3271516972-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 19:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 19:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2006/10/26 19:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3964944806-3785052099-3271516972-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2006/10/26 19:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab -- Windows Genuine Advantage Validation Tool
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{35E2ABDB-5362-486D-8751-B06BB568D92F} (Servers: | Description: )
{AE068678-95BD-49A6-B47C-FE73A6DE91E5} (Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller)
{CDF34AD4-97CA-4196-BEAC-B0C2A5C2E28A} (Servers: | Description: Intel(R) PRO/Wireless 3945ABG Network Connection)
{FEE898D3-D263-4FE1-B1DB-075CE704E0E2} (Servers: | Description: 1394 Net Adapter)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/11 18:15:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/01/26 08:11:44 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Foss\Desktop\OTViewIt.exe
[2009/01/26 08:06:00 | 00,000,727 | ---- | C] () -- C:\Documents and Settings\Foss\Desktop\IP.lnk
[2009/01/24 22:51:12 | 00,000,161 | ---- | C] () -- C:\Delme.bat
[2009/01/24 20:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\Hide Your IP Address
[2009/01/24 12:23:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Foss\Desktop\Leis
[2009/01/22 12:39:09 | 00,000,515 | ---- | C] () -- C:\Documents and Settings\Foss\Desktop\Leis.lnk
[2009/01/22 12:33:32 | 00,000,590 | ---- | C] () -- C:\Documents and Settings\Foss\Desktop\zLoader.lnk
[2009/01/21 17:07:04 | 73,625,6000 | ---- | C] () -- C:\Documents and Settings\Foss\Desktop\Taken.avi
[2009/01/21 16:43:20 | 00,503,523 | ---- | C] () -- C:\Documents and Settings\Foss\Desktop\Keylogger.rar
[2009/01/21 16:21:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/01/21 15:57:31 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Foss\Desktop\HijackThis.lnk
[2009/01/21 15:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/20 18:10:19 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/01/20 18:07:30 | 00,000,000 | ---D | C] -- C:\Program Files\Anti Keylogger Elite
[2009/01/20 16:25:11 | 02,282,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2009/01/20 16:23:28 | 00,089,185 | ---- | C] () -- C:\Documents and Settings\Foss\My Documents\RestrictedAccess.bootskin
[2009/01/20 16:23:28 | 00,018,638 | ---- | C] () -- C:\Documents and Settings\Foss\My Documents\_CIA_Agent.bootskin
[2009/01/20 16:23:28 | 00,018,216 | ---- | C] () -- C:\Documents and Settings\Foss\My Documents\CIAWARNINGupdate.bootskin
[2009/01/20 16:23:28 | 00,006,834 | ---- | C] () -- C:\Documents and Settings\Foss\My Documents\CSEdition.bootskin
[2009/01/18 18:04:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Foss\Application Data\Atari
[2009/01/18 18:03:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Foss\Application Data\Leadertech
[2009/01/18 00:21:19 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Foss\My Documents\Default.rdp
[2009/01/17 23:16:00 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/01/17 23:07:45 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/01/17 23:07:45 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/01/16 19:35:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Foss\Application Data\TeamViewer
[2009/01/16 19:20:49 | 00,001,850 | ---- | C] () -- C:\Documents and Settings\Foss\Desktop\SUPERAntiSpyware Professional.lnk
[2009/01/16 19:19:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/01/16 18:58:10 | 00,319,488 | ---- | C] (Nishant Sivakumar) -- C:\Documents and Settings\Foss\Desktop\MAC.exe
[2009/01/16 18:44:01 | 00,000,000 | ---D | C] -- C:\Program Files\CzyInaj Installer Editor
[2009/01/14 10:01:56 | 00,000,000 | ---D | C] -- C:\fa0a1bc660bbf3270cca7d
[2009/01/11 12:56:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Foss\Application Data\Help
[2009/01/04 19:18:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Foss\Local Settings\Application Data\Aspyr
[2009/01/01 12:08:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Foss\Local Settings\Application Data\Help
[2009/01/01 11:52:08 | 00,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/12/31 14:40:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Foss\Desktop\Epicsauce_v1.03c
[2008/12/31 12:11:48 | 00,070,656 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2008/12/31 12:11:48 | 00,034,615 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008/12/31 12:11:48 | 00,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2008/12/31 12:11:02 | 00,000,000 | ---D | C] -- C:\Program Files\Starcraft
[2008/12/30 22:13:51 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2008/12/30 16:27:17 | 00,000,484 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2008/12/30 16:27:15 | 00,027,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2008/12/30 16:27:14 | 00,360,192 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2008/12/30 16:24:13 | 00,603,904 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2008/12/30 16:24:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Foss\Application Data\TuneUp Software
[2008/12/30 16:24:04 | 00,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2008/12/30 16:23:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/12/30 16:23:50 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2008/12/30 16:23:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2008/12/29 21:33:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Foss\Local Settings\Application Data\Microsoft Game Studios
[2008/12/29 21:32:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Games
[2008/12/29 21:31:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Foss\Application Data\Microsoft Game Studios

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/01/26 08:11:52 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Foss\Desktop\OTViewIt.exe
[2009/01/26 08:06:00 | 00,000,727 | ---- | M] () -- C:\Documents and Settings\Foss\Desktop\IP.lnk
[2009/01/26 08:00:00 | 00,000,484 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/01/26 07:42:42 | 00,081,472 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/01/26 07:42:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/26 07:42:13 | 00,135,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/26 07:42:12 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2009/01/26 07:42:10 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2009/01/26 07:41:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/26 07:41:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/24 22:51:12 | 00,000,161 | ---- | M] () -- C:\Delme.bat
[2009/01/24 20:49:39 | 00,002,235 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/01/24 12:26:00 | 00,000,515 | ---- | M] () -- C:\Documents and Settings\Foss\Desktop\Leis.lnk
[2009/01/23 22:53:33 | 00,000,130 | ---- | M] () -- C:\WINDOWS\kaillera.ini
[2009/01/22 13:04:14 | 00,081,472 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/01/22 12:33:32 | 00,000,590 | ---- | M] () -- C:\Documents and Settings\Foss\Desktop\zLoader.lnk
[2009/01/21 17:37:23 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\Foss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/21 17:37:16 | 73,625,6000 | ---- | M] () -- C:\Documents and Settings\Foss\Desktop\Taken.avi
[2009/01/21 16:43:20 | 00,503,523 | ---- | M] () -- C:\Documents and Settings\Foss\Desktop\Keylogger.rar
[2009/01/21 15:57:31 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Foss\Desktop\HijackThis.lnk
[2009/01/21 10:34:35 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.exe
[2009/01/21 10:32:55 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2009/01/20 20:05:25 | 00,000,814 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/20 20:05:25 | 00,000,460 | RHS- | M] () -- C:\boot.ini
[2009/01/20 20:05:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/20 18:10:19 | 00,069,632 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/01/20 16:32:40 | 06,578,152 | -H-- | M] () -- C:\Documents and Settings\Foss\Local Settings\Application Data\IconCache.db
[2009/01/20 16:25:11 | 02,282,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2009/01/20 16:19:29 | 00,018,638 | ---- | M] () -- C:\Documents and Settings\Foss\My Documents\_CIA_Agent.bootskin
[2009/01/20 16:19:04 | 00,018,216 | ---- | M] () -- C:\Documents and Settings\Foss\My Documents\CIAWARNINGupdate.bootskin
[2009/01/20 16:18:28 | 00,006,834 | ---- | M] () -- C:\Documents and Settings\Foss\My Documents\CSEdition.bootskin
[2009/01/20 16:15:08 | 00,089,185 | ---- | M] () -- C:\Documents and Settings\Foss\My Documents\RestrictedAccess.bootskin
[2009/01/20 16:05:36 | 00,001,152 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/01/18 00:21:19 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Foss\My Documents\Default.rdp
[2009/01/17 23:07:45 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/01/17 23:07:45 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/01/16 19:20:49 | 00,001,850 | ---- | M] () -- C:\Documents and Settings\Foss\Desktop\SUPERAntiSpyware Professional.lnk
[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/04 18:57:58 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/01 11:52:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2008/12/31 14:02:28 | 00,000,043 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/12/31 12:13:33 | 00,034,615 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2008/12/31 12:13:31 | 00,070,656 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2008/12/31 12:13:31 | 00,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2008/12/30 16:27:17 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2008/12/30 16:27:14 | 00,360,192 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2008/12/30 16:27:11 | 00,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2008/12/30 14:22:30 | 00,000,372 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/30 10:07:57 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
< End of report >

Blade81

2009-01-26, 16:42

Hi,

Are you familiar with C:\Documents and Settings\Foss\Desktop\Keylogger.rar file? If not delete it.

Start hjt, do a system scan, check if found:
O4 - HKLM\..\Run: [POL Agent] C:\DOCUME~1\Foss\LOCALS~1\Temp\Rar$EX00.234\crack\POL.exe
O20 - AppInit_DLLs: eczvuw.dll

Close browsers and fix checked. Reboot.

Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/us/languages/english/check.html?n=1225554235248)

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read the requirements and privacy statement then click on the Accept button.

The program will launch and start to download the latest definition files.

You will be prompted to install an application from Kaspersky. Click Run

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

Click on Save Report As....

Change the Files of type to Text file (.txt) before clicking on the Save button.

Save this report to a convenient place.

Copy and paste that information & a fresh hjt log into your topic.

The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

Fossilk1

2009-01-26, 22:48

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, January 26, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, January 26, 2009 17:36:56
Records in database: 1703269
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 62061
Threat name: 14
Infected objects: 24
Suspicious objects: 0
Duration of the scan: 00:48:19

File name / Threat name / Threats count
C:\Documents and Settings\Foss\Desktop\Cracks\aircrack-ng-0.9.1-win.zip Infected: not-a-virus:PSWTool.Win32.AirCrack.a 1
C:\Documents and Settings\Foss\Desktop\Cracks\Aircrack.zip Infected: not-a-virus:PSWTool.Win32.AirCrack.a 1
C:\Documents and Settings\Foss\Desktop\Cracks\Ardamax_2.8_With_Keygen_By_TutorDrey.zip Infected: not-a-virus:Monitor.Win32.Ardamax.ac 1
C:\Documents and Settings\Foss\Desktop\Cracks\Ardamax_2.8_With_Keygen_By_TutorDrey.zip Infected: not-a-virus:Monitor.Win32.Ardamax.s 1
C:\Documents and Settings\Foss\Desktop\Cracks\Ardamax_2.8_With_Keygen_By_TutorDrey.zip Infected: not-a-virus:Monitor.Win32.Ardamax.o 1
C:\Documents and Settings\Foss\Desktop\Cracks\Ardamax_2.8_With_Keygen_By_TutorDrey.zip Infected: not-a-virus:Monitor.Win32.Ardamax.r 1
C:\Documents and Settings\Foss\Desktop\Cracks\Ardamax_2.8_With_Keygen_By_TutorDrey.zip Infected: Trojan-Spy.Win32.Ardamax.n 1
C:\Documents and Settings\Foss\Desktop\Cracks\Ardamax_2.8_With_Keygen_By_TutorDrey.zip Infected: not-a-virus:Monitor.Win32.Ardamax.w 1
C:\Documents and Settings\Foss\Desktop\Cracks\ophcrack-win32-installer-2.4.1.zip Infected: not-a-virus:PSWTool.Win32.PWDump.2 1
C:\Documents and Settings\Foss\Desktop\Cracks\ophcrack-win32-installer-2.4.1.zip Infected: not-a-virus:PSWTool.Win32.PWDump.s 1
C:\Documents and Settings\Foss\Desktop\Cracks\ophcrack-win32-installer-2.4.1.zip Infected: not-a-virus:PSWTool.Win32.PWDump.d 2
C:\Documents and Settings\Foss\Desktop\Cracks\Perfect Keylogger.rar Infected: not-a-virus:Monitor.Win32.Ardamax.ef 1
C:\Documents and Settings\Foss\Desktop\Cracks\Perfect Keylogger.rar Infected: not-a-virus:Monitor.Win32.Ardamax.dq 1
C:\Documents and Settings\Foss\Desktop\Cracks\Perfect Keylogger.rar Infected: not-a-virus:Monitor.Win32.Ardamax.o 1
C:\Documents and Settings\Foss\Desktop\Cracks\Perfect Keylogger.rar Infected: not-a-virus:Monitor.Win32.Ardamax.he 1
C:\Documents and Settings\Foss\Desktop\Cracks\Perfect Keylogger.rar Infected: Trojan-Spy.Win32.Ardamax.n 1
C:\Documents and Settings\Foss\Desktop\Cracks\Perfect Keylogger.rar Infected: not-a-virus:Monitor.Win32.Ardamax.ee 1
C:\Documents and Settings\Foss\Desktop\Cracks\RegVac 5.01.16(Retail).rar Infected: not-a-virus:Monitor.Win32.Ardamax.ef 1
C:\Documents and Settings\Foss\Desktop\Cracks\RegVac 5.01.16(Retail).rar Infected: not-a-virus:Monitor.Win32.Ardamax.dq 1
C:\Documents and Settings\Foss\Desktop\Cracks\RegVac 5.01.16(Retail).rar Infected: not-a-virus:Monitor.Win32.Ardamax.o 1
C:\Documents and Settings\Foss\Desktop\Cracks\RegVac 5.01.16(Retail).rar Infected: not-a-virus:Monitor.Win32.Ardamax.he 1
C:\Documents and Settings\Foss\Desktop\Cracks\RegVac 5.01.16(Retail).rar Infected: Trojan-Spy.Win32.Ardamax.n 1
C:\Documents and Settings\Foss\Desktop\Cracks\RegVac 5.01.16(Retail).rar Infected: not-a-virus:Monitor.Win32.Ardamax.ee 1

The selected area was scanned.

Blade81

2009-01-27, 08:27

Hi

We need to execute an OTMoveIt3 script
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop.
Double click theOTMoveIt3 icon on your desktop.
Paste the following code under the Paste Fix Here area. Do not include the word
Code
.

:Files
C:\Documents and Settings\Foss\Desktop\Cracks

Push the large MoveIt button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log. How's the system running?
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Blade81

2009-02-01, 14:21

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.