HELP !! WIN32:RENOS-OO Trojan...can't get rid of it

dblue75 · 10 May 2010 at 1:48PM

Thanks for all the advice guys....laptop in safe mode just now..and gonna try sort it all out

dblue75 · 10 May 2010 at 3:30PM

Malwarebyte LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4085
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904
10/05/2010 15:28:59
mbam-log-2010-05-10 (15-28-59).txt
Scan type: Full scan (C:\|)
Objects scanned: 256278
Time elapsed: 48 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\dark (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hwmmyeow (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:

HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:44:52, on 10/05/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nokia Home Server Manager] "C:\Program Files\Nokia\Nokia Home Media Server\NHSM.exe" -autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - http://www.bebo.com/files/BeboUploader.5.8.05.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1c9aeb33697f0a0) (gupdate1c9aeb33697f0a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10098 bytes

Totally stumped now...but managed to get both logs in safemode guys. What next ???

aliEnRIK · 10 May 2010 at 4:08PM

Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download

dblue75 · 10 May 2010 at 4:22PM

Nothing happening ??? Combofix keeps turning my laptop off saying: CD emulation drivers....must temporary disable them.

Then it reboots itself ?????

Sorry....it is now running a scan !!!

dblue75 · 10 May 2010 at 4:44PM

Combofix logfile:
ComboFix 10-05-09.06 - David 10/05/2010 16:26:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2286 [GMT 1:00]
Running from: G:\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\system
.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.
2010-05-10 15:36 . 2010-05-10 15:36

d

w- c:\users\David\AppData\Local\temp
2010-05-10 15:36 . 2010-05-10 15:36

d

w- c:\users\Default\AppData\Local\temp
2010-05-10 14:37 . 2010-05-10 14:37 388096 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-10 14:37 . 2010-05-10 14:37

d

w- c:\program files\Trend Micro
2010-05-10 13:38 . 2010-05-10 13:38

d

w- c:\users\David\AppData\Roaming\Malwarebytes
2010-05-10 13:38 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 13:38 . 2010-05-10 13:38

d

w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 13:38 . 2010-05-10 13:38

d

w- c:\programdata\Malwarebytes
2010-05-10 13:38 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-10 12:45 . 2010-05-10 12:45

d

w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com
2010-05-10 12:45 . 2010-05-10 12:45

d

w- c:\programdata\SUPERAntiSpyware.com
2010-05-07 10:53 . 2010-05-07 10:53

d

w- C:\07adb8d8cd0f654819037c090af9b934
2010-05-07 10:53 . 2010-05-07 10:53

d

w- C:\4fb0c116c0d4b9f1242a3b773403176f
2010-05-06 20:13 . 2010-05-10 14:28

d

w- c:\users\David\AppData\Local\djwpeekiw
2010-05-04 12:03 . 2010-05-04 12:03

d

w- c:\program files\Williamhill-casino-Club-Flash
2010-04-22 14:01 . 2010-04-22 14:01

d

w- c:\program files\Microsoft Synchronization Services
2010-04-22 14:00 . 2010-04-22 14:00

d

w- c:\program files\Microsoft Sync Framework
2010-04-22 14:00 . 2010-04-22 14:00

d

w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-22 13:58 . 2010-04-22 13:58

d

w- c:\program files\Microsoft Visual Studio 8
2010-04-22 13:57 . 2010-04-22 13:57

d

w- c:\program files\Microsoft Analysis Services
2010-04-18 20:10 . 2010-05-10 15:22

d

w- c:\program files\Common Files\Akamai
2010-04-15 15:37 . 2010-04-15 15:37

d

w- c:\users\David\AppData\Roaming\Locktime
2010-04-15 15:37 . 2010-04-15 15:37

d

w- c:\programdata\Locktime
2010-04-15 09:14 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 09:14 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 09:14 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 09:13 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 09:13 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 09:13 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 09:13 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 09:13 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 09:13 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 16:57 . 2010-04-14 17:34

d

w- c:\users\David\AppData\Roaming\CAESARS Casino Online
2010-04-14 16:56 . 2010-04-14 17:21

d

w- c:\program files\CAESARS Casino Online
2010-04-14 13:41 . 2010-04-14 13:42

d

w- c:\program files\Common Files\Adobe
2010-04-14 13:17 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 13:16 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 13:10 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 15:20 . 2009-01-20 18:36

d

w- c:\users\David\AppData\Roaming\uTorrent
2010-05-10 15:00 . 2009-01-17 23:21 1356 ----a-w- c:\users\David\AppData\Local\d3d9caps.dat
2010-05-07 08:47 . 2009-01-18 15:09

d

w- c:\program files\CCleaner
2010-05-06 20:59 . 2010-03-03 18:46 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-03-03 18:47 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-03-03 18:47 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-03-03 18:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-03-03 18:47 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-03-03 18:47 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 15:37 . 2009-01-20 18:55

d

w- c:\users\David\AppData\Roaming\LimeWire
2010-05-06 15:30 . 2009-01-20 18:54

d

w- c:\program files\LimeWire
2010-05-06 09:36 . 2009-12-12 13:27 221568

w- c:\windows\system32\MpSigStub.exe
2010-04-29 17:25 . 2010-01-16 12:33

d

w- c:\program files\Opera
2010-04-23 07:45 . 2008-04-09 13:57

d

w- c:\programdata\Microsoft Help
2010-04-22 17:21 . 2009-01-17 23:21 113544 ----a-w- c:\users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-22 14:02 . 2006-11-02 12:37

d

w- c:\program files\MSBuild
2010-04-22 12:30 . 2010-03-30 12:28

d

w- c:\program files\OpenOffice.org 3
2010-04-22 12:21 . 2010-03-30 12:41 1 ----a-w- c:\users\David\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-18 18:26 . 2010-04-18 18:26 36030 ----a-w- c:\windows\inf\Ovi Player\0009\tmp3F75.tmp
2010-04-18 18:26 . 2010-04-18 18:26 36030 ----a-w- c:\windows\inf\Ovi Player\0000\tmp3F75.tmp
2010-04-18 18:26 . 2010-04-18 18:26 1657 ----a-w- c:\windows\inf\Ovi Player\tmp3F76.tmp
2010-04-18 18:26 . 2009-10-31 12:19

d

w- c:\program files\Common Files\Nokia
2010-04-18 18:26 . 2009-10-31 12:01

d

w- c:\program files\Nokia
2010-04-16 22:13 . 2006-11-02 11:18

d

w- c:\program files\Windows Mail
2010-04-15 08:41 . 2008-04-09 14:05

d

w- c:\program files\DivX
2010-04-15 08:41 . 2009-08-04 12:32

d

w- c:\program files\Yahoo!
2010-04-14 17:57 . 2009-07-14 11:07

d

w- c:\users\David\AppData\Roaming\Amazon
2010-04-14 17:57 . 2009-07-12 21:25

d

w- c:\program files\Amazon
2010-04-14 17:56 . 2009-04-06 10:00

d

w- c:\program files\Common Files\Apple
2010-04-14 17:52 . 2008-03-13 17:14

d

w- c:\program files\Google
2010-04-14 16:47 . 2010-03-03 18:46 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-31 17:04 . 2010-03-31 17:03

d

w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-31 17:01 . 2010-03-31 17:00

d

w- c:\program files\QuickTime
2010-03-30 12:41 . 2010-03-30 12:41

d

w- c:\users\David\AppData\Roaming\OpenOffice.org
2010-03-30 12:28 . 2008-03-13 20:21

d

w- c:\program files\Common Files\Java
2010-03-30 12:27 . 2009-02-11 17:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-27 12:32 . 2010-03-27 12:32

d

w- c:\users\David\AppData\Roaming\Nokia Ovi Suite
2010-03-27 12:32 . 2009-11-01 19:16

d

w- c:\users\David\AppData\Roaming\Nokia
2010-03-27 10:26 . 2010-03-27 10:26 34642680 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_en.exe
2010-03-27 09:59 . 2009-01-20 18:36

d

w- c:\program files\uTorrent
2010-03-26 20:33 . 2010-03-26 20:33 12212040 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-03-26 20:33 . 2010-03-26 20:33 13930312 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-03-26 20:33 . 2010-03-26 20:33 77824 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-26 20:33 . 2010-03-26 20:33 61440 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-03-26 20:33 . 2010-03-26 20:33 58880 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-03-26 20:33 . 2010-03-26 20:33 50000 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-03-26 20:32 . 2010-03-26 20:32

d

w- c:\programdata\OviInstallerCache
2010-03-26 20:32 . 2010-03-26 20:32 98366952 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2010-03-26 20:21 . 2010-03-26 20:21

d

w- c:\program files\PC Connectivity Solution
2010-03-26 20:19 . 2010-03-26 20:19 3351812 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-26 20:19 . 2010-03-26 20:19 36864 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-03-26 20:19 . 2010-03-26 20:19 3203453 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-26 20:18 . 2009-11-01 19:22

d

w- c:\programdata\Installations
2010-03-26 20:18 . 2010-03-26 20:19 34642680 ----a-w- c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_2.4.6EN.exe
2010-03-26 20:11 . 2009-01-17 23:21

d

w- c:\users\David\AppData\Roaming\Sony Corporation
2010-03-26 20:11 . 2008-03-13 20:20

d

w- c:\programdata\Sony Corporation
2010-03-15 17:20 . 2010-04-14 17:01 48442 ----a-w- c:\program files\EULA.eng
2010-03-06 22:08 . 2010-03-06 22:08 581904 ----a-w- c:\programdata\MGS\cache\l\levelbonus.f133a53ea3279bce1fc3bc7aa9ad6839.dll
2010-03-06 21:51 . 2010-03-06 21:51 1572864 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_hellboy.cde3facca4e62dd1980118b9f69c127f.dll
2010-03-06 21:51 . 2010-03-06 21:51 1572864 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_gao_jan_2010.27798ac5c513c88d4f74b2fc87b9bf6e.dll
2010-03-06 21:51 . 2010-03-06 21:51 626688 ----a-w- c:\programdata\MGS\cache\g\gamble2_hellboy.ef7dfe9e02564671f52a95d839e51b8d.dll
2010-03-06 21:51 . 2010-03-06 21:51 684032 ----a-w- c:\programdata\MGS\cache\t\transition_hellboy.2389dbbb7a92af30b5bb4e62701f18a5.dll
2010-03-06 21:51 . 2010-03-06 21:51 1064960 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_hellboy.0200f4406079039e4f9f4fd4269c6144.dll
2010-03-06 21:51 . 2010-03-06 21:51 626688 ----a-w- c:\programdata\MGS\cache\g\gamble2_gao_jan_2010.114da6697b16a4308920de3f00df9d11.dll
2010-03-06 21:51 . 2010-03-06 21:51 684032 ----a-w- c:\programdata\MGS\cache\t\transition_gao_jan_2010.6ce545b01335b0127c2a55cc392a24e6.dll
2010-03-06 21:51 . 2010-03-06 21:51 1064960 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_gao_jan_2010.d3c0a2c195757b5887793e496479436f.dll
2010-03-06 21:51 . 2010-03-06 21:51 925696 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_gao_jan_2010.734d2ae11536c3d1a34ecdb91aaab798.dll
2010-03-06 21:51 . 2010-03-06 21:51 925696 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_hellboy.ee1c177b2b367dc15184591e57db5798.dll
2010-03-06 21:29 . 2010-03-06 21:29 274704 ----a-w- c:\programdata\MGS\cache\s\secretadmirerxxx.b82b0093b453bf095401cf169803f6f6.dll
2010-03-06 21:29 . 2010-03-06 21:29 270608 ----a-w- c:\programdata\MGS\cache\s\secretadmirer.8a58ed349e595e616819333c365b431d.dll
2010-03-06 21:29 . 2010-03-06 21:29 520192 ----a-w- c:\programdata\MGS\cache\g\goldseriesvegas3cardrummyxxx.601531cc99c91a77f35e0800b60d912d.dll
2010-03-06 21:29 . 2010-03-06 21:29 614400 ----a-w- c:\programdata\MGS\cache\g\goldseriesvegas3cardrummyplugin.efd1da25ceb79224e214006804f35d0e.dll
2010-03-06 21:29 . 2010-03-06 21:29 221184 ----a-w- c:\programdata\MGS\cache\g\goldseriesvegas3cardrummystatsplugin.cb2b732d7e1168de937cf95242815aad.dll
2010-03-06 21:29 . 2010-03-06 21:29 602112 ----a-w- c:\programdata\MGS\cache\g\goldseriestriplepocketholdemplugin.8bab8c085fa07ba1585b7c1441b0a6b2.dll
2010-03-06 21:29 . 2010-03-06 21:29 528384 ----a-w- c:\programdata\MGS\cache\g\goldseriestriplepocketholdemxxx.ecf01ad5591cce11875fb8851db8f0d5.dll
2010-03-06 21:29 . 2010-03-06 21:29 221184 ----a-w- c:\programdata\MGS\cache\g\goldseriestripleactionholdempokerstatsplugin.5e32c61188363218acf114870d90241e.dll
2010-03-06 21:29 . 2010-03-06 21:29 540672 ----a-w- c:\programdata\MGS\cache\g\goldseriestripleactionholdempokerxxx.e854f9f411ec0d8827ade1c7aef58516.dll
2010-03-06 21:29 . 2010-03-06 21:29 671744 ----a-w- c:\programdata\MGS\cache\g\goldseriestripleactionholdempokerplugin.f55f8f2fd50979a9ee32bc4e38796bdc.dll
2010-03-06 21:29 . 2010-03-06 21:29 544768 ----a-w- c:\programdata\MGS\cache\g\goldseriestexasholdembonuspokerxxx.438143241fa4db3dec756421eaae9ed1.dll
2010-03-06 21:29 . 2010-03-06 21:29 94208 ----a-w- c:\programdata\MGS\cache\s\statsgeneralplugin.efa02b50f3fc7221b8a2e25b6f85e7f2.dll
2010-03-06 21:28 . 2010-03-06 21:28 221184 ----a-w- c:\programdata\MGS\cache\g\goldseriestexasholdembonuspokerstatsplugin.182ee2e6a10bbd7802a16c2b9de95f08.dll
2010-03-06 21:28 . 2010-03-06 21:28 655360 ----a-w- c:\programdata\MGS\cache\g\goldseriestexasholdembonuspokerplugin.c24ff1b97c271db3b9ac6babf39f8c38.dll
2010-03-06 21:28 . 2010-03-06 21:28 126976 ----a-w- c:\programdata\MGS\cache\m\mhbjstrategyui1.95a00a7e6658ab8736067b646ccd9783.dll
2010-03-06 21:28 . 2010-03-06 21:28 413696 ----a-w- c:\programdata\MGS\cache\m\mhbjgoldplugin.5d832144ec1b88e6caeb7446bbe13d54.dll
2010-03-06 21:28 . 2010-03-06 21:28 225280 ----a-w- c:\programdata\MGS\cache\m\mhbjgoldxxx.042cb38dc856800dc292666302eb33ed.dll
2010-03-06 21:28 . 2010-03-06 21:28 204800 ----a-w- c:\programdata\MGS\cache\g\goldseriesholdemhighxxx.952c8bca9c65081665f10ce586bc602b.dll
2010-03-06 21:28 . 2010-03-06 21:28 241664 ----a-w- c:\programdata\MGS\cache\g\goldseriesholdemhighplugin.bdcc6d12f3f414250e83fa84f22c5a5c.dll
2010-03-06 21:28 . 2010-03-06 21:28 49152 ----a-w- c:\programdata\MGS\cache\b\bjghighstreakstrategylogic1.64d4f0467e0e777ddfbb02e7544f98fa.dll
2010-03-06 21:28 . 2010-03-06 21:28 192512 ----a-w- c:\programdata\MGS\cache\b\bjghighstreakxxx.af25beaa0378c2b2eaa341b7d8c64966.dll
2010-03-06 21:28 . 2010-03-06 21:28 98304 ----a-w- c:\programdata\MGS\cache\b\bjghighstreakautoplayplugin.bd0995adc01c55d3f345d8fc81d6bf13.dll
2010-03-06 21:28 . 2010-03-06 21:28 417792 ----a-w- c:\programdata\MGS\cache\b\bjghighstreakplugin.85c5094e4412e0647ba5f7a72219a89d.dll
2010-03-06 21:28 . 2010-03-06 21:28 106496 ----a-w- c:\programdata\MGS\cache\b\bjghighstreakstatsplugin.c622fc192c22f951a4bf27988c8c48e0.dll
2010-03-06 21:27 . 2010-03-06 21:27 126976 ----a-w- c:\programdata\MGS\cache\b\bjghighstreakstrategyui1.c4a60b718047a7230c1f7eb62e24ac16.dll
2010-03-06 21:27 . 2010-03-06 21:27 53342 ----a-w- c:\programdata\MGS\cache\b\blplugin.43df87da33698c32bca7a2698484452d.dll
2010-03-06 21:27 . 2010-03-06 21:27 163840 ----a-w- c:\programdata\MGS\cache\g\goldseries_euroroulette.c04add4a4ccdfa99acf5bc9050a74d69.dll
2010-03-06 21:27 . 2010-03-06 21:27 412685 ----a-w- c:\programdata\MGS\cache\g\goldseries_roulette.1edb0f45625215829abaaca345d96e06.dll
2010-03-06 21:26 . 2010-03-06 21:26 225280 ----a-w- c:\programdata\MGS\cache\g\goldseriesmh3cardpokerxxx.f90691784645d2d0d637d253e6b6f397.dll
2010-03-06 21:26 . 2010-03-06 21:26 262144 ----a-w- c:\programdata\MGS\cache\g\goldseriesmh3cardpokerplugin.5a185095e975ba0cdfe6e7400fcb7d4e.dll
2010-03-06 21:23 . 2010-03-06 21:23 422160 ----a-w- c:\programdata\MGS\cache\g\goldengoosecardbonus.beed9ae47c0c2568c714185c758d7916.dll
2010-03-06 21:23 . 2010-03-06 21:23 426256 ----a-w- c:\programdata\MGS\cache\g\goldengoosemoneybonus.88773b38efa085f2a6e02577cba4f183.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-03-10 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Nokia Home Server Manager"="c:\program files\Nokia\Nokia Home Media Server\NHSM.exe" [2009-01-30 558080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-03 321328]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-12 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-12 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-23 4718592]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-04-09 36864]
"Skytel"="Skytel.exe" [2008-01-23 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-12 8497696]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-03 18:18 321328 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6b,da,71,7f,46,69,ca,01
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-20 721904]
R2 gupdate1c9aeb33697f0a0;Google Update Service (gupdate1c9aeb33697f0a0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 133104]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\DRIVERS\P1130Vid.sys [2004-05-04 90229]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
R3 SASENUM;SASENUM;c:\users\David\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-05 104288]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-03-05 350048]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-03-05 63328]
R3 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2009-01-29 102400]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\users\David\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\users\David\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 NSUService;NSUService;c:\program files\Sony\Network

dblue75 · 10 May 2010 at 4:44PM

CONT:

Utility\NSUService.exe [2008-03-10 229376]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca63eaec9ebea0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 08:07]
2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ca63eaed729900.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 08:07]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.sky.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 16:36
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"
.

LOCKED REGISTRY KEYS

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-10 16:40:50
ComboFix-quarantined-files.txt 2010-05-10 15:40
Pre-Run: 110,603,120,640 bytes free
Post-Run: 110,597,693,440 bytes free
- - End Of File - - B7E2FC477D2EDFBE07927B0F6E03FA3E

Donnie · 10 May 2010 at 5:07PM

Run both Malwarebytes' AntiMalware and HijackThis in Normal mode and repost the logs.

dblue75 · 10 May 2010 at 6:31PM

MALWAREBYTES NORMAL MODE:

Malwarebytes' Anti-Malware 1.46
https://www.malwarebytes.org

Database version: 4085

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

10/05/2010 18:27:47
mbam-log-2010-05-10 (18-27-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 261393
Time elapsed: 1 hour(s), 9 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

HIJACK THIS NORMAL MODE:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:31:10, on 10/05/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nokia Home Server Manager] "C:\Program Files\Nokia\Nokia Home Media Server\NHSM.exe" -autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - http://www.bebo.com/files/BeboUploader.5.8.05.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1c9aeb33697f0a0) (gupdate1c9aeb33697f0a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9331 bytes

aliEnRIK · 11 May 2010 at 9:28AM

Open notepad and copy/paste the text in RED below

File::
c:\windows\inf\Ovi Player\0009\tmp3F75.tmp
c:\windows\inf\Ovi Player\0000\tmp3F75.tmp
c:\windows\inf\Ovi Player\tmp3F76.tmp
c:\program files\EULA.eng
c:\programdata\MGS\cache\l\levelbonus.f133a53ea3279bce1fc3bc7aa9ad6839.dll
c:\programdata\MGS\cache\a\advancedslots1_hellboy.cde3facca4e62dd1980118b9f69c127f.dll
c:\programdata\MGS\cache\a\advancedslots1_gao_jan_2010.27798ac5c513c88d4f74b2fc87b9bf6e.dll
c:\programdata\MGS\cache\g\gamble2_hellboy.ef7dfe9e02564671f52a95d839e51b8d.dll
c:\programdata\MGS\cache\t\transition_hellboy.2389dbbb7a92af30b5bb4e62701f18a5.dll
c:\programdata\MGS\cache\a\advancedslots1xxx_hellboy.0200f4406079039e4f9f4fd4269c6144.dll
c:\programdata\MGS\cache\g\gamble2_gao_jan_2010.114da6697b16a4308920de3f00df9d11.dll
c:\programdata\MGS\cache\t\transition_gao_jan_2010.6ce545b01335b0127c2a55cc392a24e6.dll
c:\programdata\MGS\cache\a\advancedslots1xxx_gao_jan_2010.d3c0a2c195757b5887793e496479436f.dll
c:\programdata\MGS\cache\s\simplepickxofybonus_gao_jan_2010.734d2ae11536c3d1a34ecdb91aaab798.dll
c:\programdata\MGS\cache\s\simplepickxofybonus_hellboy.ee1c177b2b367dc15184591e57db5798.dll
c:\programdata\MGS\cache\s\secretadmirerxxx.b82b0093b453bf095401cf169803f6f6.dll
c:\programdata\MGS\cache\s\secretadmirer.8a58ed349e595e616819333c365b431d.dll
c:\programdata\MGS\cache\g\goldseriesvegas3cardrummyxxx.601531cc99c91a77f35e0800b60d912d.dll
c:\programdata\MGS\cache\g\goldseriesvegas3cardrummyplugin.efd1da25ceb79224e214006804f35d0e.dll
c:\programdata\MGS\cache\g\goldseriesvegas3cardrummystatsplugin.cb2b732d7e1168de937cf95242815aad.dll
c:\programdata\MGS\cache\g\goldseriestriplepocketholdemplugin.8bab8c085fa07ba1585b7c1441b0a6b2.dll
c:\programdata\MGS\cache\g\goldseriestriplepocketholdemxxx.ecf01ad5591cce11875fb8851db8f0d5.dll
c:\programdata\MGS\cache\g\goldseriestripleactionholdempokerstatsplugin.5e32c61188363218acf114870d90 241e.dll
c:\programdata\MGS\cache\g\goldseriestripleactionholdempokerxxx.e854f9f411ec0d8827ade1c7aef58516.dll
c:\programdata\MGS\cache\g\goldseriestripleactionholdempokerplugin.f55f8f2fd50979a9ee32bc4e38796bdc. dll
c:\programdata\MGS\cache\g\goldseriestexasholdembonuspokerxxx.438143241fa4db3dec756421eaae9ed1.dll
c:\programdata\MGS\cache\s\statsgeneralplugin.efa02b50f3fc7221b8a2e25b6f85e7f2.dll
c:\programdata\MGS\cache\g\goldseriestexasholdembonuspokerstatsplugin.182ee2e6a10bbd7802a16c2b9de95f 08.dll
c:\programdata\MGS\cache\g\goldseriestexasholdembonuspokerplugin.c24ff1b97c271db3b9ac6babf39f8c38.dl l
c:\programdata\MGS\cache\m\mhbjstrategyui1.95a00a7e6658ab8736067b646ccd9783.dll
c:\programdata\MGS\cache\m\mhbjgoldplugin.5d832144ec1b88e6caeb7446bbe13d54.dll
c:\programdata\MGS\cache\m\mhbjgoldxxx.042cb38dc856800dc292666302eb33ed.dll
c:\programdata\MGS\cache\g\goldseriesholdemhighxxx.952c8bca9c65081665f10ce586bc602b.dll
c:\programdata\MGS\cache\g\goldseriesholdemhighplugin.bdcc6d12f3f414250e83fa84f22c5a5c.dll
c:\programdata\MGS\cache\b\bjghighstreakstrategylogic1.64d4f0467e0e777ddfbb02e7544f98fa.dll
c:\programdata\MGS\cache\b\bjghighstreakxxx.af25beaa0378c2b2eaa341b7d8c64966.dll
c:\programdata\MGS\cache\b\bjghighstreakautoplayplugin.bd0995adc01c55d3f345d8fc81d6bf13.dll
c:\programdata\MGS\cache\b\bjghighstreakplugin.85c5094e4412e0647ba5f7a72219a89d.dll
c:\programdata\MGS\cache\b\bjghighstreakstatsplugin.c622fc192c22f951a4bf27988c8c48e0.dll
c:\programdata\MGS\cache\b\bjghighstreakstrategyui1.c4a60b718047a7230c1f7eb62e24ac16.dll
c:\programdata\MGS\cache\b\blplugin.43df87da33698c32bca7a2698484452d.dll
c:\programdata\MGS\cache\g\goldseries_euroroulette.c04add4a4ccdfa99acf5bc9050a74d69.dll
c:\programdata\MGS\cache\g\goldseries_roulette.1edb0f45625215829abaaca345d96e06.dll
c:\programdata\MGS\cache\g\goldseriesmh3cardpokerxxx.f90691784645d2d0d637d253e6b6f397.dll
c:\programdata\MGS\cache\g\goldseriesmh3cardpokerplugin.5a185095e975ba0cdfe6e7400fcb7d4e.dll
c:\programdata\MGS\cache\g\goldengoosecardbonus.beed9ae47c0c2568c714185c758d7916.dll
c:\programdata\MGS\cache\g\goldengoosemoneybonus.88773b38efa085f2a6e02577cba4f183.dll
C:/Program Files/Common Files/Akamai/rswin_3653.dll

Folder::
c:\programdata\MGS\cache

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl!!!\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl!!!\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl!!!\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl!!!\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

HELP !! WIN32:RENOS-OO Trojan...can't get rid of it

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free