Suspicious.MH690

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Suspicious.MH69016th November 2010, 6:54 am

Here are the two enties that matter.
C:\Users\shoota\Documents\40GB Drive\Downloads\_Utilities\PRIME95\HTTPNET.DLL infected with Trojan.DownLoader.origin - incurable - moved
C:\Users\shoota\Documents\4Gb2_USB\PRIME95\HTTPNET.DLL infected with Trojan.DownLoader.origin - incurable - moved

The next part is the bottom of the log.

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 78332
Infected: 2
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 2
Ignored: 0
Scan speed: 98 Kb/s
Scan time: 8:26:04

Re: Suspicious.MH69016th November 2010, 6:56 am

I had mentined at the beginning that I was using win7 64bit but I knew where to find the log.

Re: Suspicious.MH69017th November 2010, 6:11 am

We Need to Diagnose a Possible Problem with WGA

Please download MGADiag and save it to your desktop.
Double click the icon on your desktop.
Push
Push
Go to Start -> Run and type in "Notepad"
Go to Edit -> Paste in notepad.
x out all of the numbers and letters in the line beginning with "Windows Product Key:"
Copy and paste that log here.

Re: Suspicious.MH69017th November 2010, 7:28 am

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0

Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {CA9806A3-D28D-4882-BB83-0540AEE0A2CF}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office FrontPage 2003 - 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: ~[Filtered]~

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600400-02-5129-7600.0000-0482010
Installation ID: 014984840863174571799925775272017991638444325042429292
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: P4K27
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 17/11/2010 8:25:58 p.m.

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:30:2010 09:39
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NgAAAAEABQABAAEAAAACAAAAAgABAAEAonY4tmo5SmoQc3ymiIJKNPiDsK+aiFCuYggm/nZW

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC DELL QA09
OSFR DELL DELL
SSDT PmRef CpuPm

Re: Suspicious.MH69017th November 2010, 7:29 am

What is WGA?

Re: Suspicious.MH69017th November 2010, 5:51 pm

Hi DragonMaster Jay

I am getting huge amounts of infected temp files. I've noticed that it is only when I am on the net, ie open firefox. I stopped firefox and changed my default browser to ie8 and the infections have stopped. I don't really want to use ie but if we cannot clean firefox then I have no choice. I open firefox just after 6am this morning and closed it at half past. I'll post the log from Symantic so you can see that they are coming in at a rate of one per couple of seconds.

Re: Suspicious.MH69017th November 2010, 5:52 pm

Filename Risk Action Risk Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description Date and Time
DWHE49.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHDB6E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHF2E5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH345B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH5342.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH630B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH7342.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH82FB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH92C5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHA27F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHB296.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHC250.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHD20A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHE1C4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHF19D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHFD70.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWHD1A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH1CD4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH2C8E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH3C57.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH4C11.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH5C09.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH6BC3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:05
DWH7B8D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH8B46.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH9B00.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHAB27.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHBB00.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHCABA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHDB00.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHEABA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHFA84.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWHA4D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH1A07.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH29E0.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH39B9.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH4982.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:06
DWH593C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH6906.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH78EE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH88A8.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH9862.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHA82B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHB7F5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHC7AF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHD778.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHE741.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWHF70B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH6C5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH167E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH2648.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH3602.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:07
DWH41D5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH519F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH6158.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH7112.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH80CC.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH9095.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHA04F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHB009.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHBFC3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHCF7D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHDF37.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHEEF0.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHFEC9.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWHE93.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH1E6C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:08
DWH2E35.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH3E1E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH4DD8.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH5DC0.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH6D8A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH7D53.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH8D1D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH9CF6.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHACBF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHBC79.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHCC62.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHDC2B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHEBF4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHFBCD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWHBA7.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:09
DWH1B70.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH2B49.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH3B32.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH4AFB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH56DE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH66C7.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH76AF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH8679.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH9661.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHA62B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHB604.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHC5CD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHD597.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHE570.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWHF539.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:10
DWH503.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH14CC.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH2495.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH344F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH4447.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH5411.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH63EA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH73A4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH836D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWH9337.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHA300.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHB2E9.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHC2E1.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHD2AA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHE274.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:11
DWHF22E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH226.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH11EF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH21B9.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH31B1.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH418A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH5144.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH610D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH70F6.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH80EE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWH90B7.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWHA081.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWHB04A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWHC033.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWHD02B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:12
DWHE014.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHEFDD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHFFC6.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHFAE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH1FA7.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH2F9F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH3F68.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH4F32.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH5EFB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH6EC5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH7E8E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH8E67.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWH9E50.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHAE38.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHBE30.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:13
DWHCDFA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWHDDE3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWHEDDB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWHFD95.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWHD8D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH1D56.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH2D4E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH3D37.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH4D00.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH5CCA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH6CA3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH7C9B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH8C65.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWH9C4D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:14
DWHAC55.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHBC7C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHCC74.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHDC5D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHEC26.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHFDE3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWHDAC.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH1D95.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH2DAC.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH3D76.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH4D3F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH5DA5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH6D9D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH7970.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH8949.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:15
DWH9903.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHA8CD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHB896.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHC860.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHD829.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHE7D3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWHF78D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH747.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH1701.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH26BA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH3665.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH461F.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH55D8.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH65A2.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH754C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:16
DWH8506.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH94C0.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHA489.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHB472.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHC43B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHD3F5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHE3AF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWHF359.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH342.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH12FB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH22B5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH3260.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH4248.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH4E1C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH5DC6.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:17
DWH6D80.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH7D39.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH8CF3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH9CAD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHAC57.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHBC11.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHCBCB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHDB85.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHEB4E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWHFB08.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH6EB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH16B4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH266E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH3628.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH45E2.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:18
DWH558C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH6546.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH7500.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH84C9.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH9493.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHA4AA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHB493.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHC43D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHD3F7.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHE3B1.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWHF36A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH334.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH12EE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH22A8.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH3271.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:19
DWH424A.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH5204.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH61CD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH7187.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH8131.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH90EB.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHA0A5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHB06E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHC028.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHD011.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHDFDA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHEFB3.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHFF6D.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWHF27.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH1EE1.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:20
DWH2E8B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH3E45.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH4DFF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH5DB8.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH6D72.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH7D2C.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH8CF6.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH9CAF.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHAC69.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHBC23.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHCBCD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHDB87.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHEB41.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWHF724.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH6CE.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:21
DWH1688.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH2651.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH360B.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH4603.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH55CD.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH65D5.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH759E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH8558.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWH9531.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHA4FA.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHB4B4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHC46E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHD418.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHDFEC.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHEFD4.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:22
DWHFF9E.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:23
DWHF58.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:23
DWH1F11.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:23
DWH32B2.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:23
DWH4661.tmp Suspicious.MH690 Quarantined Heuristics C:\Users\shoota\AppData\Local\Temp\ SHOOTA-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 18/11/2010 6:23

Re: Suspicious.MH69017th November 2010, 8:23 pm

Windows Genuine Advantage checks to make sure everything in Windows is validated. It all looks to be fine.

I need to take a look at some Firefox stuff, and your whole system, in general.

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

Re: Suspicious.MH69017th November 2010, 9:09 pm

OTL.txt
OTL logfile created on: 18/11/2010 9:52:40 a.m. - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\shoota\Downloads\_Security
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 77.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 137.91 Gb Free Space | 29.62% Space Free | Partition Type: NTFS

Computer Name: SHOOTA-PC | User Name: shoota | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 09:51:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\shoota\Downloads\_Security\OTL.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 16:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 16:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/01 22:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/01 22:31:18 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/03/18 12:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/25 15:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (SafeList) ==========

MOD - [2010/11/18 09:51:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\shoota\Downloads\_Security\OTL.exe
MOD - [2010/08/21 18:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 14:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/14 14:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/14 14:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/14 14:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 14:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 14:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2003/12/01 05:00:00 | 001,293,824 | ---- | M] (Ixia) [Auto | Stopped] -- C:\Program Files\Ixia\Endpoint\endpoint.exe -- (IxiaEndpoint)
SRV - [2010/11/18 06:58:45 | 000,075,064 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 16:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/10 11:00:28 | 003,217,344 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/01 22:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/01 20:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/11 10:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/27 20:12:28 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/10 22:38:10 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2010/07/13 09:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/05/11 09:13:40 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/04/29 16:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/19 21:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/10 11:00:28 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/01/13 09:19:10 | 000,142,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcHlp.sys -- (archlp)
DRV:64bit: - [2009/12/28 12:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/10/10 15:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/14 14:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 14:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 14:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 14:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 14:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 14:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 13:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 13:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 13:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/14 13:06:40 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2009/07/14 13:06:39 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstape.sys -- (MSTAPE)
DRV:64bit: - [2009/07/04 19:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 08:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 18:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/11 09:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 09:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/11 09:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/11 09:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 09:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 09:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 09:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/18 06:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2007/02/16 13:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010/10/18 21:00:00 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101116.049\EX64.SYS -- (NAVEX15)
DRV - [2010/10/18 21:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/10/18 21:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/18 21:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101116.049\ENG64.SYS -- (NAVENG)
DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2007/02/16 13:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://msn.co.nz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-nz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 7D 37 5D 5E D1 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.nz/"
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.backup.ftp: "172.31.232.250"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "172.31.232.250"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "172.31.232.250"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "172.31.232.250"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "172.31.232.250"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "172.31.232.250"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "172.31.232.250"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.31.232.250"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "172.31.232.250"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 06:57:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 06:57:41 | 000,000,000 | ---D | M]

[2010/02/18 07:50:02 | 000,000,000 | ---D | M] -- C:\Users\shoota\AppData\Roaming\Mozilla\Extensions
[2010/11/17 07:09:24 | 000,000,000 | ---D | M] -- C:\Users\shoota\AppData\Roaming\Mozilla\Firefox\Profiles\ypwj7phz.default\extensions
[2010/11/12 21:11:47 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\shoota\AppData\Roaming\Mozilla\Firefox\Profiles\ypwj7phz.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/06/07 23:31:14 | 000,000,000 | ---D | M] -- C:\Users\shoota\AppData\Roaming\Mozilla\Firefox\Profiles\ypwj7phz.default\extensions\LogMeInClient@logmein.com
[2010/11/17 07:09:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/25 15:55:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 08:27:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/16 19:18:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/18 20:52:46 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/18 20:52:47 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/18 20:52:47 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/18 20:52:47 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/16 10:12:39 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (NuSphere ToolBar) - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar64.dll ()
O3 - HKLM\..\Toolbar: (NuSphere ToolBar) - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll ()
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\shoota\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: NuSphere PhpED :: Debug this page - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll ()
O8:64bit: - Extra context menu item: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll ()
O8 - Extra context menu item: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: MSSE - hkey= - key= - c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: Symantec Antvirus - Service
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: Symantec Antvirus - Service
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

Re: Suspicious.MH69017th November 2010, 9:10 pm

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7B4E1F48-5F63-44AE-FF35-B7941E347973} - Themes Setup
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.ACDV - File not found
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 20:26:17 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/11/17 20:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/11/17 16:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wolfenstein - Enemy Territory
[2010/11/17 09:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/11/17 06:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wolfenstein - Maps
[2010/11/16 19:18:13 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/16 19:18:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/16 19:18:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/16 10:12:22 | 000,000,000 | ---D | C] -- C:\Users\shoota\DoctorWeb
[2010/11/15 20:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/11/15 17:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/15 17:32:40 | 000,000,000 | ---D | C] -- C:\e65962a64da705aaf9bf7ca1dcf800
[2010/11/12 21:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/12 21:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/08 08:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/11/08 07:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/31 19:01:21 | 000,000,000 | ---D | C] -- C:\Users\shoota\Sherri
[2010/10/29 14:21:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\.nusphere
[2010/10/29 14:21:37 | 000,000,000 | ---D | C] -- C:\Users\shoota\AppData\Roaming\NuSphere
[2010/10/29 14:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PHP
[2010/10/29 14:03:22 | 000,297,984 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\midas.dll
[2010/10/29 14:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\phpED
[2010/10/29 14:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuSphere
[2010/10/28 06:50:00 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/28 06:50:00 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/28 06:49:59 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/28 06:49:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/28 06:49:57 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/28 06:49:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/28 06:49:57 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/28 06:49:42 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/27 20:13:59 | 000,000,000 | ---D | C] -- C:\Users\shoota\AppData\Local\Symantec
[2010/10/27 20:13:51 | 000,225,328 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\wpshelper.sys
[2010/10/27 20:12:11 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/27 20:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/27 20:11:49 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2010/10/27 20:11:48 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.DLL
[2010/10/27 20:11:48 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP71.DLL
[2010/10/27 20:11:48 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCR71.DLL
[2010/10/27 20:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/10/27 20:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/10/27 20:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/10/27 20:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2010/10/25 22:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/25 22:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/21 13:49:29 | 000,000,000 | ---D | C] -- C:\output
[2010/10/19 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\shoota\AppData\Local\Google
[2010/10/19 20:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/05/11 09:13:40 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\shoota\AppData\Roaming\pcouffin.sys
[2010/02/19 08:21:44 | 000,709,632 | ---- | C] (e-Presencia) -- C:\Program Files (x86)\posteriza.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 09:54:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/18 09:00:02 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\SyncBack MyBackup.job
[2010/11/18 06:58:45 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/18 06:43:27 | 000,071,785 | ---- | M] () -- C:\Users\shoota\Desktop\SuspiciousH690.csv
[2010/11/18 06:04:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/17 21:00:01 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\SyncBack Outlook.job
[2010/11/17 20:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/17 20:31:03 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 20:31:03 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 16:18:58 | 000,001,050 | ---- | M] () -- C:\Users\shoota\Desktop\Wolfenstein - Enemy Territory.lnk
[2010/11/17 06:10:45 | 527,826,943 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/17 05:49:59 | 000,000,166 | ---- | M] () -- C:\Users\Public\Documents\SuspiciousH690.csv
[2010/11/15 17:57:16 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/15 17:57:16 | 000,631,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/15 17:57:16 | 000,111,456 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/15 17:32:50 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/15 16:10:51 | 000,355,840 | ---- | M] () -- C:\Users\shoota\Documents\EMAIL.XLS
[2010/11/14 08:06:18 | 000,642,448 | ---- | M] () -- C:\Users\shoota\Desktop\Suspicious.MH690.jpg
[2010/11/13 22:29:31 | 000,002,089 | ---- | M] () -- C:\Users\shoota\Desktop\HijackThis.lnk
[2010/11/12 21:23:55 | 001,204,866 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/11/12 21:17:39 | 000,507,360 | ---- | M] () -- C:\Users\shoota\Desktop\sdsetup_aff.exe
[2010/11/12 14:21:55 | 000,073,728 | -H-- | M] () -- C:\Users\shoota\Documents\photothumb.db
[2010/11/09 19:03:32 | 000,195,584 | ---- | M] () -- C:\Users\Public\Documents\DysonQuote.doc
[2010/11/08 16:12:08 | 000,019,164 | ---- | M] () -- C:\Users\Public\Documents\Internal Parasites.docx
[2010/11/08 16:06:15 | 000,019,491 | ---- | M] () -- C:\Users\Public\Documents\GoatDrenchRecipes.docx
[2010/11/05 12:43:50 | 000,001,135 | ---- | M] () -- C:\Users\shoota\Desktop\Advanced IP Scanner.exe - Shortcut.lnk
[2010/11/02 14:20:20 | 000,000,500 | ---- | M] () -- C:\Users\shoota\Desktop\Levin School.lnk
[2010/10/31 22:00:45 | 000,014,582 | ---- | M] () -- C:\Users\Public\Documents\cc_20101031_220031.reg
[2010/10/29 14:03:30 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\NuSphere PhpED.lnk
[2010/10/28 19:54:46 | 000,022,528 | ---- | M] () -- C:\Users\shoota\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 20:12:28 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/27 20:12:28 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/27 20:12:28 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/10/26 13:21:33 | 000,039,424 | ---- | M] () -- C:\Users\shoota\Desktop\LevinSchool_Unallocated.xls
[2010/10/25 22:09:28 | 000,001,254 | ---- | M] () -- C:\Users\shoota\Desktop\Spybot - Search & Destroy.lnk
[2010/10/23 13:23:40 | 000,160,136 | ---- | M] () -- C:\Users\shoota\Desktop\viewer-crop.jpg
[2010/10/22 12:19:12 | 000,001,260 | ---- | M] () -- C:\Users\shoota\Desktop\Revo Uninstaller.lnk
[2010/10/20 07:34:59 | 000,002,280 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/18 06:43:27 | 000,071,785 | ---- | C] () -- C:\Users\shoota\Desktop\SuspiciousH690.csv
[2010/11/17 16:18:58 | 000,001,050 | ---- | C] () -- C:\Users\shoota\Desktop\Wolfenstein - Enemy Territory.lnk
[2010/11/17 05:49:32 | 000,000,166 | ---- | C] () -- C:\Users\Public\Documents\SuspiciousH690.csv
[2010/11/15 17:32:50 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/14 08:06:16 | 000,642,448 | ---- | C] () -- C:\Users\shoota\Desktop\Suspicious.MH690.jpg
[2010/11/13 22:23:12 | 000,537,842 | ---- | C] () -- C:\HaxFix.exe
[2010/11/12 21:23:50 | 001,204,866 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/11/12 21:17:47 | 000,507,360 | ---- | C] () -- C:\Users\shoota\Desktop\sdsetup_aff.exe
[2010/11/09 18:54:00 | 000,195,584 | ---- | C] () -- C:\Users\Public\Documents\DysonQuote.doc
[2010/11/08 16:12:08 | 000,019,164 | ---- | C] () -- C:\Users\Public\Documents\Internal Parasites.docx
[2010/11/08 16:06:14 | 000,019,491 | ---- | C] () -- C:\Users\Public\Documents\GoatDrenchRecipes.docx
[2010/11/05 12:43:50 | 000,001,135 | ---- | C] () -- C:\Users\shoota\Desktop\Advanced IP Scanner.exe - Shortcut.lnk
[2010/11/02 14:20:20 | 000,000,500 | ---- | C] () -- C:\Users\shoota\Desktop\Levin School.lnk
[2010/10/31 22:00:35 | 000,014,582 | ---- | C] () -- C:\Users\Public\Documents\cc_20101031_220031.reg
[2010/10/29 14:03:30 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\NuSphere PhpED.lnk
[2010/10/27 20:12:11 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/27 20:12:11 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/10/26 13:21:33 | 000,039,424 | ---- | C] () -- C:\Users\shoota\Desktop\LevinSchool_Unallocated.xls
[2010/10/25 22:09:28 | 000,001,254 | ---- | C] () -- C:\Users\shoota\Desktop\Spybot - Search & Destroy.lnk
[2010/10/23 13:23:36 | 000,160,136 | ---- | C] () -- C:\Users\shoota\Desktop\viewer-crop.jpg
[2010/10/20 07:34:59 | 000,002,280 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/10/19 20:49:07 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/19 20:49:06 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/08 11:11:44 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/23 11:52:49 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/07/22 11:27:59 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/14 12:53:32 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll
[2010/07/08 15:28:09 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/11 13:24:09 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/05/27 10:11:22 | 000,022,528 | ---- | C] () -- C:\Users\shoota\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/20 17:56:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/05/20 17:55:13 | 000,019,310 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/05/18 02:47:52 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/11 09:14:25 | 000,000,034 | ---- | C] () -- C:\Users\shoota\AppData\Roaming\pcouffin.log
[2010/05/11 09:13:40 | 000,093,696 | ---- | C] () -- C:\Users\shoota\AppData\Roaming\ezpinst.exe
[2010/05/11 09:13:40 | 000,007,176 | ---- | C] () -- C:\Users\shoota\AppData\Roaming\pcouffin.cat
[2010/05/11 09:13:40 | 000,001,167 | ---- | C] () -- C:\Users\shoota\AppData\Roaming\pcouffin.inf
[2010/04/29 07:34:08 | 000,007,624 | ---- | C] () -- C:\Users\shoota\AppData\Local\Resmon.ResmonCfg
[2010/03/29 10:20:58 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/03/05 07:50:03 | 000,004,561 | ---- | C] () -- C:\Users\shoota\AppData\Roaming\stopword.askw
[2010/02/19 08:13:53 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2010/02/18 14:04:21 | 000,000,148 | ---- | C] () -- C:\Windows\OPHG.INI
[2009/08/16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/14 12:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 10:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007/12/28 20:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/02/05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2005/01/17 20:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 20:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2009/07/14 18:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 18:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 18:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 18:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 09:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 17:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2009/03/08 20:59:16 | 000,709,632 | ---- | M] (e-Presencia) -- C:\Program Files (x86)\posteriza.exe

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/17 19:14:23 | 000,000,285 | -HS- | M] () -- C:\Users\shoota\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/12 21:17:39 | 000,507,360 | ---- | M] () -- C:\Users\shoota\Desktop\sdsetup_aff.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 10:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/10/29 06:57:39 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2010/10/29 06:57:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2010/10/29 06:57:40 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2010/10/29 06:57:40 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/03 07:01:23 | 000,000,402 | -HS- | M] () -- C:\Users\shoota\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/21 21:16:40 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2010/06/03 08:51:16 | 000,007,052 | R--- | M] () -- C:\CLDMA.LOG
[2010/04/04 13:04:57 | 000,537,842 | ---- | M] () -- C:\HaxFix.exe
[2010/11/17 06:10:45 | 527,826,943 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/17 06:10:48 | 2135,429,119 | -HS- | M] () -- C:\pagefile.sys
[2010/10/25 18:04:22 | 000,000,443 | ---- | M] () -- C:\rkill.log
[2010/06/03 09:07:23 | 000,009,738 | ---- | M] () -- C:\scramble.log

< %PROGRAMFILES%\*. >
[2010/03/11 00:21:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\2BrightSparks
[2010/04/16 12:06:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ACD Systems
[2010/03/11 00:21:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acro Software
[2010/04/29 07:20:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/11/05 12:35:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Advanced IP Scanner
[2010/03/11 00:32:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ahead
[2010/08/05 01:14:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/09/09 08:23:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ArcSoft
[2010/03/11 00:21:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2010/08/04 05:15:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/09/07 23:22:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2010/05/11 09:13:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CloneDVD
[2010/11/17 09:46:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/06/03 08:50:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/10/18 17:48:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Digital Assembly
[2010/08/04 05:13:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Documents To Go Desktop
[2010/03/11 00:32:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVD Shrink
[2010/05/11 08:01:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Elaborate Bytes
[2010/11/15 20:17:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2010/04/03 11:38:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FireTrust
[2010/10/20 07:34:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/03/11 00:32:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GPLGS
[2010/10/03 07:01:52 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/10/15 05:56:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/11/16 19:18:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/03/11 00:22:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Macromedia
[2010/06/03 08:01:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/31 08:12:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/10/08 11:10:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ActiveSync
[2010/11/15 17:33:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/03/30 09:53:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/03/11 00:22:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/11/08 07:26:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/08/02 18:29:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/03/11 00:33:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/03/11 00:33:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/10/10 21:03:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/06/23 15:05:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/08/03 18:47:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Movie Maker 2.6
[2010/10/29 06:57:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2010/03/11 00:33:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/11/08 08:40:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2010/03/11 00:08:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/09/07 15:22:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\nLite
[2010/10/29 14:02:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NuSphere
[2010/05/07 13:55:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Okidata
[2010/06/07 18:45:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PhotoScape
[2010/03/11 00:23:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\plasq
[2010/07/08 07:18:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ProfaxWin
[2010/05/05 10:51:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QS
[2010/08/05 01:14:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/03/11 00:23:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/11/17 09:46:50 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010/05/11 08:13:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SlySoft
[2010/07/16 05:35:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SOFTplus
[2010/08/02 17:07:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sonic Foundry
[2010/09/19 13:04:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony
[2010/09/19 13:03:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony Setup
[2010/10/25 22:15:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/27 20:11:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2010/07/08 07:18:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SyncrifyClient
[2010/08/01 16:36:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2010/06/03 09:37:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\The KMPlayer
[2010/10/09 12:35:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro
[2009/07/14 17:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/03/29 17:46:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/03/11 00:23:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VS Revo Group
[2010/06/03 09:20:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Win7codecs
[2010/03/11 00:23:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/08/02 18:30:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/03/31 08:12:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/05/12 07:21:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/15 05:56:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2010/03/11 00:23:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/03/11 00:23:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 18:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/03/11 00:33:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/08/31 17:32:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinZip
[2010/11/17 19:14:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Wolfenstein - Enemy Territory
[2010/11/17 06:14:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Wolfenstein - Maps
[2010/06/26 16:29:37 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry

< %appdata%\*.* >
[2010/05/11 09:13:40 | 000,093,696 | ---- | M] () -- C:\Users\shoota\AppData\Roaming\ezpinst.exe
[2010/05/11 09:13:40 | 000,007,176 | ---- | M] () -- C:\Users\shoota\AppData\Roaming\pcouffin.cat
[2010/05/11 09:13:40 | 000,001,167 | ---- | M] () -- C:\Users\shoota\AppData\Roaming\pcouffin.inf
[2010/05/11 09:14:25 | 000,000,034 | ---- | M] () -- C:\Users\shoota\AppData\Roaming\pcouffin.log
[2010/05/11 09:13:40 | 000,082,048 | ---- | M] (VSO Software) -- C:\Users\shoota\AppData\Roaming\pcouffin.sys
[2010/03/05 07:50:10 | 000,004,561 | ---- | M] () -- C:\Users\shoota\AppData\Roaming\stopword.askw

< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP\I386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP_Open\I386\sp3.cab:AGP440.sys
[2009/07/14 14:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 14:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP\I386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP_Open\I386\sp3.cab:atapi.sys
[2009/07/14 14:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 14:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 14:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 14:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 14:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 14:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP\I386\sp3.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP_Open\I386\sp3.cab:disk.sys
[2009/07/14 14:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 14:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Users\Public\Documents\New folder\P7P55D-E\IMSM_V8901023\Driver\Disk\f6flpy64\IaStor.sys
[2009/06/04 22:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Users\Public\Documents\New folder\IaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Users\Public\Documents\New folder\P7P55D-E\IMSM_V8901023\Driver\Disk\f6flpy32\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 14:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 14:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 14:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 14:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 14:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 14:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\Users\shoota\Downloads\_Drivers\Motherboards\Gigabyte GA-K8NXP-9\BootDisk Raid\NVATABUS.SYS
[2005/08/18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\Users\shoota\My Documents\40GB Drive\Downloads\_Drivers\Motherboards\Gigabyte GA-K8NXP-9\BootDisk Raid\NVATABUS.SYS
[2005/07/26 11:16:44 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Users\shoota\My Documents\4Gb2_USB\Drivers\Asus K8N-E\WINXP_2K\IDE\Disk\NvAtaBus.sys
[2005/07/26 11:16:44 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Users\shoota\My Documents\4Gb2_USB\Drivers\Asus K8N-E\WINXP_2K\IDE\Win2K\NvAtaBus.sys
[2005/07/26 11:16:44 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Users\shoota\My Documents\4Gb2_USB\Drivers\Asus K8N-E\WINXP_2K\IDE\WinXP\NvAtaBus.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 14:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 14:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 14:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 14:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 14:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 14:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP\I386\sp3.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\XPSETUP_Open\I386\sp3.cab:usbstor.sys
[2009/07/14 13:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/14 13:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:4D32E5D044D8E894
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Re: Suspicious.MH69017th November 2010, 9:11 pm

Extras.txt
OTL Extras logfile created on: 18/11/2010 9:52:40 a.m. - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\shoota\Downloads\_Security
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 77.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 137.91 Gb Free Space | 29.62% Space Free | Partition Type: NTFS

Computer Name: SHOOTA-PC | User Name: shoota | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{1FDA65E4-7C46-49AA-9721-A734125D68F3}" = Symantec Endpoint Protection
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.02
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30B056AF-F414-4B68-B9B0-6EFDB9FCDF18}" = ArcSoft MediaImpression 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82FAC25D-D0E1-4D60-9268-F3DD958BF052}" = ArcSoft RAW Thumbnail Viewer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CSELITE65_is1" = CSE HTML Validator Lite v6.52
"DTGDesktop" = Documents To Go Desktop for iPhone
"DVD Shrink_is1" = DVD Shrink 3.2
"Endpoint" = Ixia Endpoint for Windows
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"GSiteCrawler" = GSiteCrawler
"HijackThis" = HijackThis 2.0.2
"InstallShield_{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MailWasher Pro_is1" = MailWasher Pro
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Embedded Browser_is1" = Mozilla Embedded Browser version 3.5
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"nLite_is1" = nLite 1.4.9.1
"NuSphere PhpED_is1" = NuSphere PhpED version 5.9.5
"PhotoScape" = PhotoScape
"PHP Documentor_is1" = Php Documentor version 1.4.2 for NuSphere PhpED
"PHP_is1" = php-4.4.9 for NuSphere PhpED
"PHP5_is1" = php-5.2.13 for NuSphere PhpED
"PHP53_is1" = php-5.3.2 for NuSphere PhpED
"POLYSTYLE_is1" = Polystyle 2.0zo (trial) for NuSphere PhpED
"Profax Accounting" = Profax Accounting
"Qcheck" = Ixia Qcheck
"Revo Uninstaller" = Revo Uninstaller 1.90
"SyncBack_is1" = SyncBack
"SyncrifyClient" = SyncrifyClient
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/11/2010 10:44:33 a.m. | Computer Name = SHOOTA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10094

Error - 17/11/2010 10:44:34 a.m. | Computer Name = SHOOTA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/11/2010 10:44:34 a.m. | Computer Name = SHOOTA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11092

Error - 17/11/2010 10:44:34 a.m. | Computer Name = SHOOTA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11092

Error - 17/11/2010 1:05:23 p.m. | Computer Name = shoota-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Suspicious.MH690 in File: C:\Users\shoota\AppData\Local\Temp\DWHE49.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 17/11/2010 1:24:48 p.m. | Computer Name = shoota-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rtvscan.exe, version: 11.0.6000.419, time
stamp: 0x4bb57114 Faulting module name: Rtvscan.exe, version: 11.0.6000.419, time
stamp: 0x4bb57114 Exception code: 0xc0000005 Fault offset: 0x00094115 Faulting process
id: 0x8a8 Faulting application start time: 0x01cb85b148f0fa89 Faulting application
path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe Faulting
module path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Report
Id: 935803c0-f26f-11df-aeb8-0026b90d3818

Error - 17/11/2010 3:20:07 p.m. | Computer Name = shoota-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 17/11/2010 3:27:36 p.m. | Computer Name = shoota-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 17/11/2010 3:33:31 p.m. | Computer Name = shoota-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 17/11/2010 3:38:26 p.m. | Computer Name = shoota-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 27/04/2010 12:55:18 a.m. | Computer Name = shoota-PC | Source = MCUpdate | ID = 0
Description = 4:55:18 p.m. - Error connecting to the internet. 4:55:18 p.m. -
Unable to contact server..

Error - 27/04/2010 1:55:27 a.m. | Computer Name = shoota-PC | Source = MCUpdate | ID = 0
Description = 5:55:26 p.m. - Error connecting to the internet. 5:55:26 p.m. -
Unable to contact server..

[ OSession Events ]
Error - 4/07/2010 10:21:13 p.m. | Computer Name = shoota-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 77121
seconds with 6900 seconds of active time. This session ended with a crash.

Error - 16/08/2010 1:25:38 p.m. | Computer Name = shoota-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 146
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/08/2010 3:47:35 a.m. | Computer Name = shoota-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1280
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17/11/2010 10:44:15 a.m. | Computer Name = shoota-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/11/2010 1:04:35 p.m. | Computer Name = shoota-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/11/2010 1:24:51 p.m. | Computer Name = shoota-PC | Source = Service Control Manager | ID = 7031
Description = The Symantec Endpoint Protection service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.

Error - 17/11/2010 1:32:27 p.m. | Computer Name = shoota-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 17/11/2010 1:58:41 p.m. | Computer Name = shoota-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/11/2010 2:51:02 p.m. | Computer Name = shoota-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/11/2010 3:14:55 p.m. | Computer Name = shoota-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 17/11/2010 3:22:29 p.m. | Computer Name = shoota-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 17/11/2010 3:30:55 p.m. | Computer Name = shoota-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 17/11/2010 3:36:07 p.m. | Computer Name = shoota-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

< End of report >

Re: Suspicious.MH69018th November 2010, 5:49 am

FF - prefs.js..network.proxy.backup.ftp: "172.31.232.250"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "172.31.232.250"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "172.31.232.250"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "172.31.232.250"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "172.31.232.250"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "172.31.232.250"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "172.31.232.250"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.31.232.250"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "172.31.232.250"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

Did you configure this proxy in Firefox?

Re: Suspicious.MH69018th November 2010, 7:36 am

Yes, it is one of the proxy's at a school but they no longer have a proxy server. Firefox is set to "no proxy" but the settings remain there however they are grayed out.

I've had to use Firefox a couple of times today because I'm testing a website design to make sure it displays correctly. I'll go check the logs in symantic to see if our worm has been detected since this morning

Re: Suspicious.MH69018th November 2010, 7:45 am

Good news...no more infected temp files since this morning. Do you think I should go back to making Firefox the default browser?

shoota

Re: Suspicious.MH69019th November 2010, 4:35 am

I doubt we are dealing with a worm here. Those temp. files above look normal.

However, Symantec is not supposed to be quarantining in the temp. directory.

That detection, Sus.MH690 is some crazy heuristics method from Symantec to judge new malware. It has been known to foul up.

Re: Suspicious.MH69019th November 2010, 5:18 am

Well it is interesting that it is only when using Firefox thou. maybe firefox isd creating the temp files? Ayway thanks DragonMaster Jay.

I'm away for a couple of days and will take it up with Symantic on arriving home after the weekend.

I'll post back when I have more info on this. I appreciate your help and if I am correct your feeling is that my computer is clean. It would be nice to find out who is creating these files as they are coming into the computer at 5 second intervals.

Bye and have a great weekend.
Shoota Ballinger

Re: Suspicious.MH69020th November 2010, 4:24 am

Yes. Firefox creates temp. files differently than other browsers.

Suspicious.MH690

descriptionRe: Suspicious.MH69016th November 2010, 6:54 am

descriptionRe: Suspicious.MH69016th November 2010, 6:56 am

descriptionRe: Suspicious.MH69017th November 2010, 6:11 am

descriptionRe: Suspicious.MH69017th November 2010, 7:28 am

descriptionRe: Suspicious.MH69017th November 2010, 7:29 am

descriptionRe: Suspicious.MH69017th November 2010, 5:51 pm

descriptionRe: Suspicious.MH69017th November 2010, 5:52 pm

descriptionRe: Suspicious.MH69017th November 2010, 8:23 pm

descriptionRe: Suspicious.MH69017th November 2010, 9:09 pm

descriptionRe: Suspicious.MH69017th November 2010, 9:10 pm

descriptionRe: Suspicious.MH69017th November 2010, 9:11 pm

descriptionRe: Suspicious.MH69018th November 2010, 5:49 am

descriptionRe: Suspicious.MH69018th November 2010, 7:36 am

descriptionRe: Suspicious.MH69018th November 2010, 7:45 am

descriptionRe: Suspicious.MH69019th November 2010, 4:35 am

descriptionRe: Suspicious.MH69019th November 2010, 5:18 am

descriptionRe: Suspicious.MH69020th November 2010, 4:24 am

descriptionRe: Suspicious.MH690

Re: Suspicious.MH69016th November 2010, 6:54 am

Re: Suspicious.MH69016th November 2010, 6:56 am

Re: Suspicious.MH69017th November 2010, 6:11 am

Re: Suspicious.MH69017th November 2010, 7:28 am

Re: Suspicious.MH69017th November 2010, 7:29 am

Re: Suspicious.MH69017th November 2010, 5:51 pm

Re: Suspicious.MH69017th November 2010, 5:52 pm

Re: Suspicious.MH69017th November 2010, 8:23 pm

Re: Suspicious.MH69017th November 2010, 9:09 pm

Re: Suspicious.MH69017th November 2010, 9:10 pm

Re: Suspicious.MH69017th November 2010, 9:11 pm

Re: Suspicious.MH69018th November 2010, 5:49 am

Re: Suspicious.MH69018th November 2010, 7:36 am

Re: Suspicious.MH69018th November 2010, 7:45 am

Re: Suspicious.MH69019th November 2010, 4:35 am

Re: Suspicious.MH69019th November 2010, 5:18 am

Re: Suspicious.MH69020th November 2010, 4:24 am

Re: Suspicious.MH690