Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: hijack wont start, spybot won't install.. i'm in big trouble, don't i?

  1. #11
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Bruce

    your choice......We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  2. #12
    Junior Member
    Join Date
    May 2009
    Posts
    10

    Default

    shall we give cleanup a try? what do i have to do?

  3. #13
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Bruce
    we can start with this

    Please download OTScanIt2 from Geeks to Go by OldTimer. Alternate download site.
    Save it to your desktop.
    1. Double click on OTScanIt2.exe to run it.
    2. Click on Extract. Once done, when prompted. Click OK and click Close.
      This is a self-extracting file...It will create a folder named OTScanIt2 on your desktop.
    3. Double click on the OTScanIt2 folder to open... then double click on OTScanIt2.exe to run it.
    4. Under Rookit Search, select Yes.
    5. Click on Run Scan at the top left hand corner. It may take a few minutes...be patient, let it run.
    6. When done, Notepad will open with the log file "OTScanIt.Txt" contents.

    Please post the contents of the OTScanIt.Txt Notepad file in your next reply.

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  4. #14
    Junior Member
    Join Date
    May 2009
    Posts
    10

    Default

    thanks peku, please see below OTSscanIt log:



    Code:
    OTScanIt2 logfile created on: 5/27/2009 12:51:08 PM - Run 1
    OTScanIt2 by OldTimer - Version 1.0.14.0     Folder = C:\Documents and Settings\Sorin\Desktop\OTScanIt2
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.87% Memory free
    3.84 Gb Paging File | 3.33 Gb Available in Paging File | 86.72% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092;
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.25 Gb Total Space | 4.57 Gb Free Space | 12.26% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: HOME-E60FFE2AE3
    Current User Name: Sorin
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Whitelist: On
    File Age = 30 Days
     
    [Processes - Safe List]
    acs.exe -> %ProgramFiles%\D-Link\D-Link DWA-643 Xtreme N ExpressCard Notebook Adapter\acs.exe -> [2006/11/03 17:43:50 | 00,360,532 | ---- | M] (Atheros)
    bcmwltry.exe -> %SystemRoot%\System32\bcmwltry.exe -> [2006/11/01 15:48:10 | 01,253,376 | ---- | M] (Dell Inc.)
    cmdagent.exe -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> [2009/03/20 11:34:46 | 00,700,152 | ---- | M] ()
    cntaosmgr.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\CNTAoSMgr.exe -> [2008/08/07 07:51:10 | 00,435,576 | ---- | M] (Trend Micro Inc.)
    explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
    firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/04/28 12:40:20 | 00,307,704 | ---- | M] (Mozilla Corporation)
    hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2006/06/06 20:06:44 | 00,077,824 | ---- | M] (Intel Corporation)
    hpzipm12.exe -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe -> [2005/04/29 20:44:06 | 00,069,632 | ---- | M] (HP)
    igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2006/06/06 20:10:40 | 00,118,784 | ---- | M] (Intel Corporation)
    jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/07 21:04:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
    jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/04/07 21:04:43 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
    ntrtscan.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\ntrtscan.exe -> [2009/05/15 07:23:20 | 00,963,880 | ---- | M] (Trend Micro Inc.)
    otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/04/11 16:32:52 | 00,494,080 | ---- | M] (OldTimer Tools)
    pccntmon.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\pccntmon.exe -> [2009/05/15 07:23:20 | 00,718,120 | ---- | M] (Trend Micro Inc.)
    pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> [2008/02/01 15:55:54 | 00,747,912 | ---- | M] (PC Tools)
    pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> [2008/02/01 15:55:56 | 00,948,616 | ---- | M] (PC Tools)
    pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> [2008/02/01 15:55:56 | 01,103,240 | ---- | M] (PC Tools)
    tmlisten.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\tmlisten.exe -> [2009/05/15 07:23:20 | 00,996,648 | ---- | M] (Trend Micro Inc.)
    wcf731.exe -> %SystemRoot%\TEMP\WCF731.EXE -> [2009/05/15 07:23:22 | 00,296,224 | ---- | M] (Trend Micro Inc.)
    wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
    webupdatesvc4.exe -> %SystemRoot%\system32\WebUpdateSvc4.exe -> [2007/04/04 10:27:34 | 00,229,856 | ---- | M] (Data Perceptions / PowerProgrammer)
    wltray.exe -> %SystemRoot%\system32\WLTRAY.exe -> [2006/11/01 15:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
    wltrysvc.exe -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2006/11/01 15:48:12 | 00,020,480 | ---- | M] ()
     
    [Win32 Services - Safe List]
    (ACS) Atheros Configuration Service [Win32_Own | Auto | Running] -> %ProgramFiles%\D-Link\D-Link DWA-643 Xtreme N ExpressCard Notebook Adapter\acs.exe -> [2006/11/03 17:43:50 | 00,360,532 | ---- | M] (Atheros)
    (cmdAgent) COMODO Internet Security Helper Service [Win32_Own | Auto | Running] -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> [2009/03/20 11:34:46 | 00,700,152 | ---- | M] ()
    (dmserverNtmsSvc) Logical Disk Manager dmserverNtmsSvc [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\alrsvcq.exe -> [2009/05/21 19:31:44 | 00,050,688 | RHS- | M] ()
    (gusvc) Google Software Updater [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/03/30 23:41:18 | 00,183,280 | ---- | M] (Google)
    (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
    (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/04/07 21:04:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
    (ntrtscan) OfficeScanNT RealTime Scan [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\ntrtscan.exe -> [2009/05/15 07:23:20 | 00,963,880 | ---- | M] (Trend Micro Inc.)
    (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
    (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe -> [2005/04/29 20:44:06 | 00,069,632 | ---- | M] (HP)
    (sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> [2008/02/01 15:55:54 | 00,747,912 | ---- | M] (PC Tools)
    (sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> [2008/02/01 15:55:56 | 00,948,616 | ---- | M] (PC Tools)
    (tmlisten) OfficeScan NT Listener [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\tmlisten.exe -> [2009/05/15 07:23:20 | 00,996,648 | ---- | M] (Trend Micro Inc.)
    (TmProxy) OfficeScan NT Proxy Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmProxy.exe -> [2008/08/07 07:51:04 | 00,652,552 | ---- | M] (Trend Micro Inc.)
    (UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
    (WebUpdate4) Web Update Wizard Service V4 by PowerProgrammer [Win32_Own | Auto | Running] -> %SystemRoot%\system32\WebUpdateSvc4.exe -> [2007/04/04 10:27:34 | 00,229,856 | ---- | M] (Data Perceptions / PowerProgrammer)
    (wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\WLTRYSVC.EXE -> [2006/11/01 15:48:12 | 00,020,480 | ---- | M] ()
     
    [Driver Services - Safe List]
    (AR5416) Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ar5416.sys -> [2007/12/24 17:46:22 | 01,313,536 | ---- | M] (TamoSoft)
    (BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcmwl5.sys -> [2006/10/12 18:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation)
    (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcm4sbxp.sys -> [2005/08/05 14:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation)
    (cmdGuard) COMODO Firewall Pro Sandbox Driver [File_System | System | Running] -> %SystemRoot%\System32\DRIVERS\cmdguard.sys -> [2009/03/20 11:35:27 | 00,110,992 | ---- | M] (COMODO)
    (cmdHlp) COMODO Firewall Pro Helper Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\cmdhlp.sys -> [2009/03/20 11:37:34 | 00,024,336 | ---- | M] (COMODO)
    (CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\CVirtA.sys -> [2003/05/01 14:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.)
    (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
    (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSX_DPV.sys -> [2005/12/01 04:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.)
    (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSXHWAZL.sys -> [2005/12/01 04:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.)
    (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> [2006/06/06 20:32:54 | 01,168,860 | ---- | M] (Intel Corporation)
    (IKFileSec) File Security Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> [2008/02/01 15:55:52 | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.)
    (IKSysFlt) System Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksysflt.sys -> [2007/12/10 17:53:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.)
    (IKSysSec) System Security Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksyssec.sys -> [2007/12/10 17:53:28 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.)
    (Inspect) COMODO Firewall Pro Firewall Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\inspect.sys -> [2009/03/20 11:37:33 | 00,080,400 | ---- | M] (COMODO)
    (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2005/10/05 02:57:08 | 00,012,544 | ---- | M] (Conexant)
    (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
    (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2008/06/10 20:07:16 | 00,043,528 | ---- | M] (Sonic Solutions)
    (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> [2009/05/14 14:22:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2009/05/14 14:22:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.sys -> [2009/05/14 14:22:00 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2007/05/10 13:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.)
    (tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> [2009/05/15 07:23:24 | 00,142,992 | ---- | M] (Trend Micro Inc.)
    (TmFilter) Trend Micro Filter [Kernel | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmXPFlt.sys -> [2009/03/27 19:16:26 | 00,225,296 | ---- | M] (Trend Micro Inc.)
    (TmPreFilter) Trend Micro PreFilter [Kernel | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmPreFlt.sys -> [2009/03/27 19:16:22 | 00,036,368 | ---- | M] (Trend Micro Inc.)
    (tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\tmtdi.sys -> [2009/05/15 07:23:14 | 00,076,688 | ---- | M] (Trend Micro Inc.)
    (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
    (VSApiNt) Trend Micro VSAPI NT [Kernel | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\VSApiNt.sys -> [2009/03/27 18:56:52 | 01,220,088 | ---- | M] (Trend Micro Inc.)
    (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSX_CNXT.sys -> [2005/12/01 04:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.)
    (WSIMD) wsimd Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\wsimd.sys -> [2006/10/31 19:29:16 | 00,055,840 | ---- | M] (Atheros Communications, Inc.)
     
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. -> 
    HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
    HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
    HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://www.yahoo.com/?fr=fp-yie8 -> 
    HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
    HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
    HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> Reg Error: Invalid data type. -> 
    HKEY_CURRENT_USER\: Main\\"Start Page" -> http://mail.yahoo.com/ -> 
    HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
    < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Sorin\Application Data\Mozilla\FireFox\Profiles\y0yyjjoj.default\prefs.js -> 
    browser.startup.homepage -> "https://login.yahoo.com/config/mail?.intl=us" ->
    extensions.enabledItems -> jqs@sun.com:1.0 ->
    extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.071303000006 ->
    extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 ->
    < FireFox Settings [User.js] > -> C:\Documents and Settings\Sorin\Application Data\Mozilla\FireFox\Profiles\y0yyjjoj.default\user.js -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\extensions ->  -> 
    HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/04/07 21:04:45 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/05/10 03:33:06 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/04/28 12:40:26 | 00,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > -> 
     -> C:\Documents and Settings\Sorin\Application Data\mozilla\Extensions -> [2009/04/22 14:04:38 | 00,000,000 | ---D | M]
     -> C:\Documents and Settings\Sorin\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/04/22 14:04:38 | 00,000,000 | ---D | M]
     -> C:\Documents and Settings\Sorin\Application Data\mozilla\Firefox\Profiles\y0yyjjoj.default\extensions -> [2009/05/25 16:20:20 | 00,096,823 | ---- | M] ()
     -> C:\Documents and Settings\Sorin\Application Data\mozilla\Firefox\Profiles\y0yyjjoj.default\extensions\moveplayer@movenetworks.com -> [2009/05/25 16:20:20 | 00,096,823 | ---- | M] ()
    < FireFox Extensions [Program Folders] > -> 
     -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/04/28 12:40:24 | 09,756,664 | ---- | M] (Mozilla Foundation)
     -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/04/28 12:40:24 | 09,756,664 | ---- | M] (Mozilla Foundation)
    < FireFox Components [Program Folders] > -> 
    C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/05/10 03:33:06 | 00,000,000 | ---D | M]
    browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/04/28 12:40:20 | 00,023,032 | ---- | M] (Mozilla Foundation)
    brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/04/28 12:40:20 | 00,134,648 | ---- | M] (Mozilla Foundation)
    < FireFox Plugins [Program Folders] > -> 
    C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/04/28 12:40:26 | 00,000,000 | ---D | M]
    npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/04/28 12:40:22 | 00,065,528 | ---- | M] (mozilla.org)
    < FireFox SearchPlugins [Program Folders] > -> 
    C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/04/22 14:04:29 | 00,000,000 | ---D | M]
    amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/04/09 01:51:14 | 00,001,394 | ---- | M] ()
    answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/04/09 01:51:14 | 00,002,193 | ---- | M] ()
    creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/04/09 01:51:14 | 00,001,534 | ---- | M] ()
    eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/04/09 01:51:14 | 00,002,343 | ---- | M] ()
    google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/04/09 01:51:14 | 00,001,706 | ---- | M] ()
    wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/04/09 01:51:14 | 00,001,178 | ---- | M] ()
    yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/04/09 01:51:14 | 00,000,792 | ---- | M] ()
    < HOSTS File > (687 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
    Reset Hosts
    127.0.0.1 localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 02:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2008/08/12 17:13:00 | 01,437,696 | ---- | M] (Skype Technologies S.A.)
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [Google Toolbar Notifier BHO] -> [2008/10/04 00:24:34 | 00,652,784 | ---- | M] (Google Inc.)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/04/07 21:04:43 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/04/07 21:04:45 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Broadcom Wireless Manager UI" -> %SystemRoot%\system32\WLTRAY.exe [C:\WINDOWS\system32\WLTRAY.exe] -> [2006/11/01 15:48:12 | 01,392,640 | ---- | M] (Dell Inc.)
    "igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2006/06/06 20:06:44 | 00,077,824 | ---- | M] (Intel Corporation)
    "igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2006/06/06 20:10:40 | 00,118,784 | ---- | M] (Intel Corporation)
    "igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2006/06/06 20:09:58 | 00,094,208 | ---- | M] (Intel Corporation)
    "ISTray" -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> [2008/02/01 15:55:56 | 01,103,240 | ---- | M] (PC Tools)
    "OfficeScanNT Monitor" -> %ProgramFiles%\Trend Micro\OfficeScan Client\pccntmon.exe ["C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow] -> [2009/05/15 07:23:20 | 00,718,120 | ---- | M] (Trend Micro Inc.)
    "SigmatelSysTrayApp" -> %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe] -> [2007/05/10 13:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
    "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/04/07 21:04:43 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
    < RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> 
    "Flags" -> Reg Error: Invalid data type. [Reg Error: Invalid data type.] -> File not found
    "Title" ->  [UnHackMe Rootkit Check] -> File not found
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Yahoo! Pager" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> [2007/08/30 20:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
    < Sorin Startup Folder > -> C:\Documents and Settings\Sorin\Start Menu\Programs\Startup -> 
    %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"HonorAutoRunSetting" ->  [1] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"dontdisplaylastusername" ->  [0] -> File not found
    \\"legalnoticecaption" ->  [] -> File not found
    \\"legalnoticetext" ->  [] -> File not found
    \\"shutdownwithoutlogon" ->  [1] -> File not found
    \\"undockwithoutlogon" ->  [1] -> File not found
    < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"DisableRegistryTools" ->  [0] -> File not found
    < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2007/05/31 16:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2008/08/12 17:13:00 | 01,437,696 | ---- | M] (Skype Technologies S.A.)
    {85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> %SystemRoot%\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 17:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
    {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5191 domain(s) found. -> 
    49 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. -> 
    48 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] -> 
    {31435657-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab [Reg Error: Key error.] -> 
    {41564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab [Reg Error: Key error.] -> 
    {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} [HKLM] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab [OnlineScanner Control] -> 
    {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab [BDSCANONLINE Control] -> 
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
    {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> http://ax.emsisoft.com/asquared.cab [a-squared Scanner] -> 
    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
    {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
    {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] -> https://reutersus.webex.com/client/T26L/training/ieatgpc.cab [GpcContainer Class] -> 
    < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {BF81DFE8-1F24-4D62-B5D9-3B45022D13D9} ->    (Dell Wireless 1370 WLAN Mini-PCI Card) -> 
    {CDA56691-2BE2-43C3-B9A7-417424E2483F} ->    (Broadcom 440x 10/100 Integrated Controller) -> 
    {DEF3C572-456F-4F4F-AD03-22E52D50D0F1} ->    ([CommView] D-Link DWA-643 Xtreme N Notebook ExpressCard Adapter) -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> [2008/12/22 12:05:34 | 00,356,352 | ---- | M] (SUPERAntiSpyware.com)
    igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2006/06/06 20:05:50 | 00,139,264 | ---- | M] (Intel Corporation)
    WgaLogon ->  -> File not found
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\FiSTiNG4FUN\Commview for Wifi\CommViewWiFi\WEPdecoder.exe" -> C:\Program Files\FiSTiNG4FUN\Commview for Wifi\CommViewWiFi\WEPdecoder.exe [C:\Program Files\FiSTiNG4FUN\Commview for Wifi\CommViewWiFi\WEPdecoder.exe:*:Enabled:WEP key recovery] -> [2008/06/20 20:19:56 | 00,495,616 | ---- | M] (TamoSoft)
    "C:\Program Files\SAS\SAS 9.1\sas.exe" -> C:\Program Files\SAS\SAS 9.1\sas.exe [C:\Program Files\SAS\SAS 9.1\sas.exe:*:Enabled:SAS 9.1 for Windows] -> [2006/01/25 21:42:42 | 00,072,064 | ---- | M] ()
    "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/08/12 17:13:00 | 21,741,864 | R--- | M] (Skype Technologies S.A.)
    "C:\Program Files\SopCast\adv\SopAdver.exe" -> C:\Program Files\SopCast\adv\SopAdver.exe [C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver] -> [2007/03/07 06:27:12 | 00,567,384 | ---- | M] (www.sopcast.com)
    "C:\Program Files\SopCast\SopCast.exe" -> C:\Program Files\SopCast\SopCast.exe [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application] -> [2007/11/26 03:34:38 | 01,888,256 | ---- | M] (www.sopcast.com)
    "C:\Program Files\Vuze\Azureus.exe" -> C:\Program Files\Vuze\Azureus.exe [C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus] -> [2007/12/03 23:28:42 | 00,254,976 | ---- | M] (Azureus Inc)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 20:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/30 20:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    "AlternateShell" -> cmd.exe -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
    < Drives with AutoRun files > ->  -> 
    C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/07/05 18:47:39 | 00,000,000 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    \E
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell
    \E\Shell\\"" ->  [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun
    \E\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command
    \E\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
    \{32384982-8f10-11dd-8c7c-001422aa1205}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32384982-8f10-11dd-8c7c-001422aa1205}\Shell\AutoRun\command
    \{32384982-8f10-11dd-8c7c-001422aa1205}\Shell\AutoRun\command\\"" -> E:\WD_Windows_Tools\Setup.exe [E:\WD_Windows_Tools\Setup.exe] -> File not found
    \{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell
    \{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell\\"" ->  [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell\AutoRun
    \{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell\AutoRun\command
    \{624ecfa7-4ae5-11dd-8bd2-948bd94157b5}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
     
     
    [Files/Folders - Created Within 30 Days]
    1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
    5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
    OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/05/27 12:48:31 | 00,000,000 | ---D | C]
    OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/05/27 12:47:51 | 00,665,196 | ---- | C] ()
    User_Feed_Synchronization-{CC261B67-F22A-41AD-AF8F-D97758EAE6AA}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{CC261B67-F22A-41AD-AF8F-D97758EAE6AA}.job -> [2009/05/25 21:17:44 | 00,000,426 | -H-- | C] ()
    Move Networks -> %AppData%\Move Networks -> [2009/05/25 16:20:49 | 00,000,000 | ---D | C]
    a99bbca1.sys -> %SystemRoot%\System32\drivers\a99bbca1.sys -> [2009/05/25 01:23:51 | 00,097,216 | ---- | C] ()
    cc_20090525_012230.reg -> %UserProfile%\My Documents\cc_20090525_012230.reg -> [2009/05/25 01:22:32 | 00,009,362 | ---- | C] ()
    Recent -> %UserProfile%\Recent -> [2009/05/25 01:21:52 | 00,000,000 | RH-D | C]
    rsit -> %SystemDrive%\rsit -> [2009/05/24 11:46:54 | 00,000,000 | ---D | C]
    RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/05/24 11:46:20 | 00,781,909 | ---- | C] ()
    spybot.exe -> %UserProfile%\Desktop\spybot.exe -> [2009/05/24 00:16:20 | 16,409,960 | ---- | C] (Safer Networking Limited                                    )
    cc_20090524_001020.reg -> %UserProfile%\My Documents\cc_20090524_001020.reg -> [2009/05/24 00:10:26 | 00,078,748 | ---- | C] ()
    SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [2009/05/22 23:11:15 | 00,000,000 | ---D | C]
    SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [2009/05/22 23:11:04 | 00,000,000 | ---D | C]
    SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [2009/05/22 23:11:04 | 00,000,000 | ---D | C]
    HostsMan Backups -> %AllUsersProfile%\Documents\HostsMan Backups -> [2009/05/22 22:51:57 | 00,000,000 | ---D | C]
    abelhadigital.com -> %AppData%\abelhadigital.com -> [2009/05/22 22:51:56 | 00,000,000 | ---D | C]
    abelhadigital.com -> %AllUsersProfile%\Application Data\abelhadigital.com -> [2009/05/22 22:51:56 | 00,000,000 | ---D | C]
    HostsMan -> %ProgramFiles%\HostsMan -> [2009/05/22 22:51:30 | 00,000,000 | ---D | C]
    ERDNT -> %SystemRoot%\ERDNT -> [2009/05/22 19:23:44 | 00,000,000 | ---D | C]
    ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/05/22 19:23:21 | 00,000,767 | ---- | C] ()
    NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/05/22 19:23:02 | 00,000,611 | ---- | C] ()
    ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/05/22 19:23:02 | 00,000,592 | ---- | C] ()
    ERUNT -> %ProgramFiles%\ERUNT -> [2009/05/22 19:23:01 | 00,000,000 | ---D | C]
    Minidump -> %SystemRoot%\Minidump -> [2009/05/22 01:28:02 | 00,000,000 | ---D | C]
    4038024988.dat -> %SystemRoot%\System32\4038024988.dat -> [2009/05/21 19:31:56 | 00,000,100 | --S- | C] ()
    _id.dat -> %SystemRoot%\System32\_id.dat -> [2009/05/21 19:31:56 | 00,000,000 | ---- | C] ()
    alrsvcq.exe -> %SystemRoot%\System32\alrsvcq.exe -> [2009/05/21 19:31:45 | 00,050,688 | RHS- | C] ()
    tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2009/05/16 10:39:26 | 00,142,992 | ---- | C] (Trend Micro Inc.)
    .housecall6.6 -> %UserProfile%\.housecall6.6 -> [2009/05/15 17:23:45 | 00,000,000 | ---D | C]
    CSC -> %SystemRoot%\CSC -> [2009/05/11 18:56:15 | 00,000,000 | -HSD | C]
    Malwarebytes -> %AppData%\Malwarebytes -> [2009/05/11 18:40:27 | 00,000,000 | ---D | C]
    mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/05/11 18:40:22 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
    mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/05/11 18:40:19 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
    Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/05/11 18:40:17 | 00,000,000 | ---D | C]
    Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/05/11 18:40:17 | 00,000,000 | ---D | C]
    malware -> %SystemDrive%\malware -> [2009/05/11 18:29:04 | 00,000,000 | ---D | C]
    sasreg -> %SystemDrive%\sasreg -> [2009/05/11 18:00:20 | 00,000,000 | ---D | C]
    SAS -> %AllUsersProfile%\Application Data\SAS -> [2009/05/11 17:25:43 | 00,000,000 | ---D | C]
    oc30.dll -> %SystemRoot%\System32\oc30.dll -> [2009/05/11 17:09:45 | 00,638,464 | ---- | C] (Microsoft Corporation)
    sasperf.dll -> %SystemRoot%\System32\sasperf.dll -> [2009/05/11 17:09:43 | 00,013,600 | ---- | C] ()
    SAS Configuration Information -> %UserProfile%\My Documents\SAS Configuration Information -> [2009/05/11 17:03:19 | 00,000,000 | ---D | C]
    SAS -> %ProgramFiles%\SAS -> [2009/05/11 16:58:02 | 00,000,000 | ---D | C]
    Paper on CSR honors college.doc -> %UserProfile%\Desktop\Paper on CSR honors college.doc -> [2009/05/06 14:18:57 | 00,326,144 | ---- | C] ()
    KB905474 -> %SystemRoot%\System32\KB905474 -> [2009/05/06 03:05:43 | 00,000,000 | ---D | C]
    cfgrt_ex.ini -> %SystemRoot%\cfgrt_ex.ini -> [2009/04/08 13:35:10 | 00,008,002 | ---- | C] ()
    WgaTray.dll -> %SystemRoot%\System32\WgaTray.dll -> [2009/04/04 23:54:26 | 00,000,000 | ---- | C] ()
    wuw.INI -> %SystemRoot%\wuw.INI -> [2008/12/29 19:50:12 | 00,000,076 | ---- | C] ()
    CSGina.dll -> %SystemRoot%\System32\CSGina.dll -> [2008/11/04 12:01:17 | 00,143,384 | ---- | C] ()
    guard32.dll -> %SystemRoot%\System32\guard32.dll -> [2008/10/19 03:36:50 | 00,155,384 | ---- | C] ()
    qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [2008/09/19 17:57:34 | 03,596,288 | ---- | C] ()
    dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> [2008/09/19 17:55:10 | 00,000,416 | ---- | C] ()
    dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> [2008/09/19 17:55:10 | 00,000,416 | ---- | C] ()
    DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [2008/09/19 17:54:18 | 00,012,288 | ---- | C] ()
    unrar.dll -> %SystemRoot%\System32\unrar.dll -> [2008/09/01 00:55:54 | 00,164,352 | ---- | C] ()
    avisplitter.ini -> %SystemRoot%\avisplitter.ini -> [2008/09/01 00:55:54 | 00,000,038 | ---- | C] ()
    xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [2008/09/01 00:55:51 | 00,815,104 | ---- | C] ()
    xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll -> [2008/09/01 00:55:50 | 00,180,224 | ---- | C] ()
    ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll -> [2008/09/01 00:55:49 | 00,007,680 | ---- | C] ()
    ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest -> [2008/09/01 00:55:49 | 00,000,547 | ---- | C] ()
    cpwmon2k.dll -> %SystemRoot%\System32\cpwmon2k.dll -> [2008/08/12 13:03:13 | 00,087,552 | ---- | C] ()
    pdf2word.INI -> %SystemRoot%\pdf2word.INI -> [2008/07/16 12:49:15 | 00,000,394 | ---- | C] ()
    cfgall.ini -> %SystemRoot%\cfgall.ini -> [2008/07/07 19:17:27 | 00,014,066 | ---- | C] ()
    ODBC.INI -> %SystemRoot%\ODBC.INI -> [2008/07/05 20:13:20 | 00,000,376 | ---- | C] ()
    preflib.dll -> %SystemRoot%\System32\preflib.dll -> [2008/07/05 19:24:43 | 00,086,016 | ---- | C] ()
    bcm1xsup.dll -> %SystemRoot%\System32\bcm1xsup.dll -> [2008/07/05 19:24:42 | 00,757,760 | ---- | C] ()
    OnlineScannerDLLA.dll -> %SystemRoot%\System32\OnlineScannerDLLA.dll -> [2008/02/11 09:39:26 | 00,253,952 | ---- | C] ()
    OnlineScannerDLLW.dll -> %SystemRoot%\System32\OnlineScannerDLLW.dll -> [2008/02/11 09:39:18 | 00,237,568 | ---- | C] ()
    OnlineScannerLang.dll -> %SystemRoot%\System32\OnlineScannerLang.dll -> [2008/02/08 13:53:46 | 00,110,592 | ---- | C] ()
    bdoscandellang.ini -> %SystemRoot%\bdoscandellang.ini -> [2008/01/09 15:01:48 | 00,000,453 | ---- | C] ()
    lnod32apiW.dll -> %SystemRoot%\System32\lnod32apiW.dll -> [2007/07/27 14:49:02 | 00,225,355 | ---- | C] ()
    lnod32apiA.dll -> %SystemRoot%\System32\lnod32apiA.dll -> [2007/07/27 14:49:02 | 00,196,683 | ---- | C] ()
    lnod32umc.dll -> %SystemRoot%\System32\lnod32umc.dll -> [2005/12/05 19:25:22 | 00,139,264 | ---- | C] ()
    lnod32upd.dll -> %SystemRoot%\System32\lnod32upd.dll -> [2005/12/05 12:37:10 | 00,106,496 | ---- | C] ()
    DLXAPI32.DLL -> %SystemRoot%\System32\DLXAPI32.DLL -> [2005/01/03 11:10:44 | 00,319,488 | ---- | C] ()
    win.ini -> %SystemRoot%\win.ini -> [2004/08/04 08:00:00 | 00,000,573 | ---- | C] ()
    system.ini -> %SystemRoot%\system.ini -> [2004/08/04 08:00:00 | 00,000,227 | ---- | C] ()
    OUTLPERF.INI -> %SystemRoot%\System32\OUTLPERF.INI -> [2003/01/07 18:05:08 | 00,002,695 | ---- | C] ()
    giveio.sys -> %SystemRoot%\System32\giveio.sys -> [1996/04/03 15:33:26 | 00,005,248 | ---- | C] ()
     
    [Files/Folders - Modified Within 30 Days]
    1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
    5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
    a99bbca1.sys -> %SystemRoot%\System32\drivers\a99bbca1.sys -> [2009/05/27 12:56:45 | 00,097,216 | ---- | M] ()
    User_Feed_Synchronization-{CC261B67-F22A-41AD-AF8F-D97758EAE6AA}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{CC261B67-F22A-41AD-AF8F-D97758EAE6AA}.job -> [2009/05/27 12:55:00 | 00,000,426 | -H-- | M] ()
    OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/05/27 12:47:55 | 00,665,196 | ---- | M] ()
    cfgall.ini -> %SystemRoot%\cfgall.ini -> [2009/05/27 12:47:16 | 00,014,066 | ---- | M] ()
    User_Feed_Synchronization-{A08EB93D-5AC4-46BB-A03E-C1E654899581}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{A08EB93D-5AC4-46BB-A03E-C1E654899581}.job -> [2009/05/27 12:26:26 | 00,000,422 | -H-- | M] ()
    Perflib_Perfdata_110.dat -> %SystemRoot%\Temp\Perflib_Perfdata_110.dat -> [2009/05/27 09:15:30 | 00,016,384 | ---- | M] ()
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/05/27 09:15:25 | 00,000,006 | -H-- | M] ()
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/05/27 09:15:08 | 00,002,048 | --S- | M] ()
    NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/05/27 00:44:30 | 08,126,464 | -H-- | M] ()
    ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/05/27 00:44:01 | 00,000,278 | -HS- | M] ()
    sfdb.dat -> %UserProfile%\Local Settings\Temp\jkos-Sorin\engine\bases\sfdb.dat -> [2009/05/26 12:02:18 | 00,000,084 | ---- | M] ()
    kosglue-7.0.26.0.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\kosglue-7.0.26.0.dll -> [2009/05/26 11:43:43 | 00,729,152 | ---- | M] (Kaspersky Lab)
    prLoader.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\prLoader.dll -> [2009/05/26 11:43:43 | 00,184,320 | ---- | M] (Kaspersky Lab)
    prremote.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\prremote.dll -> [2009/05/26 11:43:43 | 00,090,112 | ---- | M] (Kaspersky Lab)
    msvcr80.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\msvcr80.dll -> [2009/05/26 11:43:42 | 00,626,688 | ---- | M] (Microsoft Corporation)
    msvcp80.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\msvcp80.dll -> [2009/05/26 11:43:42 | 00,548,864 | ---- | M] (Microsoft Corporation)
    kave.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\kave.dll -> [2009/05/26 11:43:42 | 00,282,624 | ---- | M] (Kaspersky Lab.)
    ikave.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\ikave.dll -> [2009/05/26 11:43:42 | 00,065,536 | ---- | M] ()
    ScanningProcess.exe -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\ScanningProcess.exe -> [2009/05/26 11:43:41 | 00,139,264 | ---- | M] (Kaspersky Lab.)
    FSSync.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\FSSync.dll -> [2009/05/26 11:43:41 | 00,038,400 | ---- | M] (Kaspersky Lab)
    msvcm80.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\msvcm80.dll -> [2009/05/26 11:43:40 | 00,479,232 | ---- | M] (Microsoft Corporation)
    AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/05/25 22:48:04 | 00,000,284 | ---- | M] ()
    4038024988.dat -> %SystemRoot%\System32\4038024988.dat -> [2009/05/25 01:23:53 | 00,000,100 | --S- | M] ()
    cc_20090525_012230.reg -> %UserProfile%\My Documents\cc_20090525_012230.reg -> [2009/05/25 01:22:36 | 00,009,362 | ---- | M] ()
    RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/05/24 11:46:21 | 00,781,909 | ---- | M] ()
    qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/05/24 00:35:09 | 00,005,529 | ---- | M] ()
    qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/05/24 00:35:09 | 00,004,232 | ---- | M] ()
    spybot.exe -> %UserProfile%\Desktop\spybot.exe -> [2009/05/24 00:16:31 | 16,409,960 | ---- | M] (Safer Networking Limited                                    )
    cc_20090524_001020.reg -> %UserProfile%\My Documents\cc_20090524_001020.reg -> [2009/05/24 00:10:41 | 00,078,748 | ---- | M] ()
    CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [2009/05/24 00:08:05 | 00,001,548 | ---- | M] ()
    HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2009/05/23 21:19:03 | 00,000,687 | ---- | M] ()
    IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/05/23 19:47:05 | 04,240,656 | -H-- | M] ()
    win.ini -> %SystemRoot%\win.ini -> [2009/05/23 19:16:07 | 00,000,573 | ---- | M] ()
    system.ini -> %SystemRoot%\system.ini -> [2009/05/23 19:16:07 | 00,000,227 | ---- | M] ()
    boot.ini -> %SystemDrive%\boot.ini -> [2009/05/23 19:16:07 | 00,000,211 | -H-- | M] ()
    ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/05/22 19:23:21 | 00,000,767 | ---- | M] ()
    NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/05/22 19:23:02 | 00,000,611 | ---- | M] ()
    ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/05/22 19:23:02 | 00,000,592 | ---- | M] ()
    _id.dat -> %SystemRoot%\System32\_id.dat -> [2009/05/21 19:31:56 | 00,000,000 | ---- | M] ()
    alrsvcq.exe -> %SystemRoot%\System32\alrsvcq.exe -> [2009/05/21 19:31:44 | 00,050,688 | RHS- | M] ()
    tmuninst.ini -> %SystemDrive%\tmuninst.ini -> [2009/05/21 17:22:10 | 00,000,021 | ---- | M] ()
    pdf2word.INI -> %SystemRoot%\pdf2word.INI -> [2009/05/20 17:07:17 | 00,000,394 | ---- | M] ()
    wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/05/19 13:04:06 | 00,002,206 | ---- | M] ()
    tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2009/05/15 07:23:24 | 00,142,992 | ---- | M] (Trend Micro Inc.)
    WCF731.EXE -> %SystemRoot%\Temp\WCF731.EXE -> [2009/05/15 07:23:22 | 00,296,224 | ---- | M] (Trend Micro Inc.)
    tmtdi.sys -> %SystemRoot%\System32\drivers\tmtdi.sys -> [2009/05/15 07:23:14 | 00,076,688 | ---- | M] (Trend Micro Inc.)
    GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/05/11 19:23:01 | 00,047,616 | ---- | M] ()
    FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/05/11 19:08:17 | 00,212,080 | ---- | M] ()
    PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/05/11 19:03:40 | 00,361,752 | ---- | M] ()
    perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/05/11 19:03:40 | 00,316,990 | ---- | M] ()
    perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/05/11 19:03:40 | 00,041,814 | ---- | M] ()
    vpd.properties -> %SystemRoot%\vpd.properties -> [2009/05/11 17:02:33 | 00,000,969 | ---- | M] ()
    MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation)
    Paper on CSR honors college.doc -> %UserProfile%\Desktop\Paper on CSR honors college.doc -> [2009/05/06 15:35:39 | 00,326,144 | ---- | M] ()
    opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2008/07/05 20:28:15 | 00,011,090 | ---- | M] ()
    [CatchMe Rootkit Scan by GMER]
    < Windows folder & sub-folders >
    detected NTDLL code modification:
    ZwClose, ZwOpenFile
    scanning hidden processes ...
    scanning hidden services & system hive ...
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a99bbca1]
    "ImagePath"="\SystemRoot\System32\drivers\a99bbca1.sys"
    "Type"=dword:00000001
    "Start"=dword:00000001
    "ErrorControl"=dword:00000001
    "F96ZK6nPB"="Z3Jpemltdm96aW0ubmFtZQ=="
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\a99bbca1]
    "ImagePath"="\SystemRoot\System32\drivers\a99bbca1.sys"
    "Type"=dword:00000001
    "Start"=dword:00000001
    "ErrorControl"=dword:00000001
    "F96ZK6nPB"="Z3Jpemltdm96aW0ubmFtZQ=="
    scanning hidden registry entries ...
    scanning hidden files ...
    C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} 12 bytes
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1
    < Document and Settings folder & sub folders >
    detected NTDLL code modification:
    ZwClose, ZwOpenFile
    scanning hidden files ...
    C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 103 bytes
    C:\Documents and Settings\Sorin\Favorites\1999 V6 Passat ABS-Brake Light - Car Forums and Automotive Chat.url:favicon 2238 bytes
    C:\Documents and Settings\Sorin\Favorites\American Renaissance News Europe Xenophobia and Economic Recession.url:favicon 1406 bytes
    C:\Documents and Settings\Sorin\Favorites\deceleration noise after ball joints replacement - VW Forum  Volkswagen Forum.url:favicon 1150 bytes
    C:\Documents and Settings\Sorin\Favorites\Engine Knock & Oil Pressure - Volkswagen Auto Repair Advice.url:favicon 318 bytes
    C:\Documents and Settings\Sorin\Favorites\europe Xenophobia Rising  STRATFOR.url:favicon 3638 bytes
    C:\Documents and Settings\Sorin\Favorites\FT.com - In depth - Nico Colchester.url:favicon 3638 bytes
    C:\Documents and Settings\Sorin\Favorites\GraphPad QuickCalcs chi square calculator.url:favicon 318 bytes
    C:\Documents and Settings\Sorin\Favorites\http--www.watch-movies-links.net-movies-race_to_witch_mountain-.url:favicon 894 bytes
    C:\Documents and Settings\Sorin\Favorites\Links\eBay.url:favicon 1406 bytes
    C:\Documents and Settings\Sorin\Favorites\Links\Suggested Sites.url:favicon 25214 bytes
    C:\Documents and Settings\Sorin\Favorites\Magazines for Cheap - Cheap Magazine Subscriptions.url:favicon 3638 bytes
    C:\Documents and Settings\Sorin\Favorites\PChuck's Network Limited Or No Connectivity.url:favicon 3638 bytes
    C:\Documents and Settings\Sorin\Favorites\tamos.url:favicon 2550 bytes
    C:\Documents and Settings\Sorin\Favorites\usb.url:favicon 2550 bytes
    C:\Documents and Settings\Sorin\Favorites\When I press hard on my brakes oil light comes on - Yahoo! Answers.url:favicon 1150 bytes
    C:\Documents and Settings\Sorin\Favorites\Wireless doesn't work anymore Limited or no connectivity in General Discussion.url:favicon 3638 bytes
    C:\Documents and Settings\Sorin\Favorites\Xenophobia across Europe threatens Turks, Turkey’s EU accession process.url:favicon 824 bytes
    C:\Documents and Settings\Sorin\Favorites\YouTube - How to Crack WEP.url:favicon 1150 bytes
    C:\Documents and Settings\Sorin\Favorites\YouTube - How to remove Windows genuine Advantage Notifications.url:favicon 318 bytes
    C:\Documents and Settings\Sorin\Favorites\YouTube - Renaming EXE Files After Malware Blocks Security Programs.url:favicon 318 bytes
    C:\Documents and Settings\visitor\Favorites\Links\Suggested Sites.url:favicon 25214 bytes
    scan completed successfully
    hidden files: 331
     
     
    [Alternate Data Streams]
    @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
    @Alternate Data Stream - 103 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 12 bytes -> %SystemRoot%\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
    < End of report >

  5. #15
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Bruce

    1 - Run OTScanIt2

    Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
    Code:
    [[Win32 Services - Safe List]
    YY -> (dmserverNtmsSvc) Logical Disk Manager dmserverNtmsSvc [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\alrsvcq.exe
    [Files/Folders - Created Within 30 Days]
    NY -> a99bbca1.sys -> %SystemRoot%\System32\drivers\a99bbca1.sys
    NY -> alrsvcq.exe -> %SystemRoot%\System32\alrsvcq.exe
    NY -> cfgrt_ex.ini -> %SystemRoot%\cfgrt_ex.ini
    [Files/Folders - Modified Within 30 Days]
    NY -> cfgall.ini -> %SystemRoot%\cfgall.ini
    NY -> ikave.dll -> %UserProfile%\Local Settings\Temp\jkos-Sorin\binaries\ikave.dll
    NY -> qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    NY -> qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    NY -> alrsvcq.exe -> %SystemRoot%\System32\alrsvcq.exe
    [Alternate Data Streams]
    NY -> @Alternate Data Stream - 103 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
    NY -> @Alternate Data Stream - 12 bytes -> %SystemRoot%\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
    The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

    If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  6. #16
    Junior Member
    Join Date
    May 2009
    Posts
    10

    Default

    There we go. Next step?

    [Files/Folders - Created Within 30 Days]
    File move failed. C:\WINDOWS\System32\drivers\a99bbca1.sys scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\System32\alrsvcq.exe scheduled to be moved on reboot.
    C:\WINDOWS\cfgrt_ex.ini moved successfully.
    [Files/Folders - Modified Within 30 Days]
    C:\WINDOWS\cfgall.ini moved successfully.
    C:\Documents and Settings\Sorin\Local Settings\Temp\jkos-Sorin\binaries\ikave.dll moved successfully.
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
    File move failed. C:\WINDOWS\System32\alrsvcq.exe scheduled to be moved on reboot.
    [Alternate Data Streams]
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} deleted successfully.
    < End of fix log >
    OTScanIt2 by OldTimer - Version 1.0.14.0 fix logfile created on 05272009_145837

    Files moved on Reboot...
    File move failed. C:\WINDOWS\System32\drivers\a99bbca1.sys scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\System32\alrsvcq.exe scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    thanks,
    Bruce

  7. #17
    Junior Member
    Join Date
    May 2009
    Posts
    10

    Default thanks

    peku, i finally decided to format and reinstall, just to be safe.
    thanks for all the effort and time you put into this.

    Bruce

  8. #18
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Since this issue appears to be resolved ... this Topic has been closed
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •