Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Antivirus 360

Started by Guest_remixed_* , Dec 10 2008 07:49 PM

Next

Please log in to reply

23 replies to this topic

#1 Guest_remixed_*

Guests

Posted 10 December 2008 - 07:49 PM

download from...hxxp://bonus-protection.com/download/av_360.exe
update from..
Domain name: livepc-update.com
Registrant Contact:
Private person
Oleg Kurguzkin onicdomains@yahoo.com
+74956542435 fax: +74956542435
ul. Gluhareva 56-63
Moskva Moskovskay oblast 113895
ru
DNS:
ns1.freeyourdns.com
ns2.freeyourdns.com
ns3.freeyourdns.com

Created: 2008-11-19
Expires: 2009-11-19

Back to top

#2 Damuho

New Member

Members
3 posts

Posted 17 December 2008 - 04:22 PM

I have a friendster account and everytime I open my page there's a security screen that pops up that says "Was your computer infected with malware before? Click on Antivirus 360 to check on your system" (it's not the way it's written exactly)It showed this web page,

hxxp://onlinesecurity-scanner.com

Back to top

#3 exile360

exile

Administrators
15,227 posts

Gender:Male

Posted 17 December 2008 - 04:25 PM

Greetings Damuho, just for future reference, please don't post live links to malware or malicious sites in the forum. You can use hxxp instead of http to prevent this. It makes sure no users/visitors here who are unaware accidentally click the links and get infected. Thanks.

Samuel E Lindsey
Product Manager

Follow us: Twitter, Become a fan: Facebook

Back to top

#4 Damuho

New Member

Members
3 posts

Posted 17 December 2008 - 04:30 PM

exile360, on Dec 17 2008, 04:25 PM, said:

Greetings Damuho, just for future reference, please don't post live links to malware or malicious sites in the forum. You can use hxxp instead of http to prevent this. It makes sure no users/visitors here who are unaware accidentally click the links and get infected. Thanks.

oops my bad. Not gona happen again.

Back to top

#5 exile360

exile

Administrators
15,227 posts

Gender:Male

Posted 17 December 2008 - 04:34 PM

No problem, I knew you didn't mean to, I just don't want anyone to get hit with any infections (especially that one, it's NASTY).

Samuel E Lindsey
Product Manager

Follow us: Twitter, Become a fan: Facebook

Back to top

#6 Guest_remixed_*

Guests

Posted 22 January 2009 - 06:33 PM

hxxp://basicsconsumersupport.cn/zsa360/winsystems.dll

Back to top

#7 Guest_remixed_*

Guests

Posted 25 January 2009 - 01:37 PM

hxxp://rapidsoftwareupdates.com/download/av_360glof.exe

Back to top

#8 Guest_remixed_*

Guests

Posted 27 January 2009 - 06:02 PM

hxxp://fastuploadserver.com/zsa360/zs880000.exe
hxxp://fastuploadserver.com/zsa360/winsystems.dll

Back to top

#9 Maniac

Forum Deity

Experts
17,454 posts

Gender:Male
Location:Bulgaria, EU

Posted 31 January 2009 - 05:29 PM

New version:
h**p://antimalware-scanner.com/promo/download/trial/InstallAVg_77076409.exe

Changes in Windows Registry:

Quote

----------------------------------
Keys added:2
----------------------------------
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options

----------------------------------
Values added:31
----------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\UserSession: "93406538533342467369355912611838"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PIDsrc: "0"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Controls Folder\wmsrcpid: "8800002257"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Fhccbeg\Zl Qbphzragf\VafgnyyNIt_77076409.rkr: 02 00 00 00 06 00 00 00 F0 92 60 F5 EB 83 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Run\93406538533342467369355912611838: "C:\Program Files\A360\av360.exe"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Support\My Documents\InstallAVg_77076409.exe: "InstallAVg_77076409"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\A360\av360.exe: "av360"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21782: "Programs"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\Aff: "77076409"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\Lang: "English"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\AdvancedScanType: "1"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\FirstRunUrl: "F__QR^CqNuOLRhB>YQ?@JUoqQcjoMkk;Ois@Jlg@L=j<O=W?Lcw^XXN]N<WpFOB_ScG\Fxg_XAKpLff]VLs_Ng_nBlBnWgS@SwRpv!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\AfterRegisterUrl: "E<g^YPgpTmOmKYnoVkw^SfsO>Ts?QX>aRySnMv[pFOnnPpS@T<OQ?xfNWBwKGh?oNf^lRrgNSog\AEOnJvGP?MrAO`_QX^;JIP[OY=[@VOFkRpWpT:KPRto@P\wKGeG_V:snRA_qYkoaAonoV]o_Sv?J<qW?UmgNYX>jc!!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\LabelUrl: ""
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\TermsUrl: "<Rk@MFG`S_kJSivqRN?oJ<RPQRkXE!!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\HelpURL: "E<g^YPgpTmOmKY>oXLC?>G;@O"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\BillingURL: "F__QR^CqNuOLRhN?YeO?Sw_nA?GpPH^qON?QO<:MOpo^Mic]AlSaY[_OV=[@V?kN:C^`VXK\@!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\BillingUrlApproved: ""
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\TransactionKey: ""
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\BillingRegURL: "DBWQPvc@WOwMLyvoO:OqOn_nMKb_QVs[RwGOI\FnSIO;T!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\BillingURL2: "[DOMAIN1]/license.php?Email=%email%&AffiliateID=%aff%"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\BillingUrlApproved2: "[DOMAIN1]/license.php?Email=%email%&AffiliateID=%aff%"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\LastRun: "1/31/2009"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\InstallDate: "1/31/2009"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\pPath: "C:\Program Files\A360\av360.exe"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\pName: "Antivirus 360"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\sc: "<PGoQigQUdS`VY;:LtOPWOC@W!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\zs: "CFf:H"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\SecurityVector: "000000000000000000000000000000000000000000"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\Scans: "1"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\93406538533342467369355912611838\Options\LastScan: "31.01.2009 23:37:13"

----------------------------------
Values modified:11
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 46 3D D4 44 7A 88 A1 C3 97 68 56 60 AF 46 7A F4 D5 B3 F9 F0 3B CB 08 1C A4 0F 45 4D 5B 2F 3C BC E1 3D A5 D6 E7 70 5B FF 7C 6D FC 96 93 C9 5A 25 9A E3 52 F9 C5 3B 51 72 30 1F 79 FF D8 3D B0 53 59 B8 CC 6F 35 B6 31 EE 08 F2 3F FC D4 1E 01 C5
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 04 94 2F 61 C3 71 48 B6 1B 49 D3 95 FD 9E 29 29 E1 2D E7 71 94 2C C7 23 BF 1B 92 E1 01 8C 6D C2 87 0D 93 18 A0 F7 5E 13 67 ED 65 0D F3 E5 36 56 7A 85 CC 8C B8 E1 A0 30 0D EC 37 E9 D9 AF 3A 10 C9 64 4F 37 FD FC 74 4C 11 9D 25 65 90 F6 F4 07
HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify: 0x00000000
HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify: 0x00000001
HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify: 0x00000000
HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify: 0x00000001
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride: 0x00000000
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride: 0x00000001
HKLM\SOFTWARE\Microsoft\Security Center\FirewallOverride: 0x00000000
HKLM\SOFTWARE\Microsoft\Security Center\FirewallOverride: 0x00000001
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 26 00 00 00 00 8B 54 E0 EB 83 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 28 00 00 00 F0 92 60 F5 EB 83 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 02 00 00 00 18 00 00 00 70 98 AF DF EB 83 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 02 00 00 00 19 00 00 00 B0 15 DB F1 EB 83 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:::{450Q8SON-NQ25-11Q0-98N8-0800361O1103}: 01 00 00 00 08 00 00 00 20 7D 5D A2 CD 83 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:::{450Q8SON-NQ25-11Q0-98N8-0800361O1103}: 02 00 00 00 09 00 00 00 50 9C DC F1 EB 83 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings: 46 00 00 00 14 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C0 AD B6 D1 ED 82 C9 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 0A 00 02 0F 00 00 00 00 00 00 00 00 6F 00 6F 00 74 00 25 00 5C 00 54 00 45 00 4D 00 50 00 00 00 44 00 3B 00 2E 00 56 00 42 00 53 00 3B 00 2E 00 56 00 42 00 45 00 3B 00 2E 00 4A 00 53 00 3B 00 2E 00 4A 00 53 00 45 00 3B 00 2E 00 57 00 53 00 46 00 3B 00 2E 00 57 00 53 00 48 00 00 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 57 00 62 00 65 00 6D 00 00 00 00 00 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings: 46 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C0 AD B6 D1 ED 82 C9 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 0A 00 02 0F 00 00 00 00 00 00 00 00 6F 00 6F 00 74 00 25 00 5C 00 54 00 45 00 4D 00 50 00 00 00 44 00 3B 00 2E 00 56 00 42 00 53 00 3B 00 2E 00 56 00 42 00 45 00 3B 00 2E 00 4A 00 53 00 3B 00 2E 00 4A 00 53 00 45 00 3B 00 2E 00 57 00 53 00 46 00 3B 00 2E 00 57 00 53 00 48 00 00 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 57 00 62 00 65 00 6D 00 00 00 00 00 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {0000013A-0000-0000-C000-000000000046} 0x401: 00 00 00 00 31 00 31 00 B0 30 1B 9E 27 83 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {0000013A-0000-0000-C000-000000000046} 0x401: 00 00 00 00 31 00 31 00 40 DE 3F F4 EB 83 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ScrollPos800x600(1).y: 0x00000002
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ScrollPos800x600(1).y: 0x000000A2

MalwareBytes' Anti-Malware:

Quote

Malwarebytes' Anti-Malware 1.33
Database version: 1712
Windows 5.1.2600 Service Pack 3

2/1/2009 12:10:24 AM
mbam-log-2009-02-01 (00-10-24).txt

Scan type: Quick Scan
Objects scanned: 41557
Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\93406538533342467369355912611838 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Support\Start Menu\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\winsystems.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Program Files\A360\av360.exe (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Support\Start Menu\A360\A360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Support\Start Menu\A360\Help.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Support\Start Menu\A360\Registration.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Very strange ... When I tried to open MBAM, after being infected with Antivirus 360, MBAM is opening and closing immediately. In my opinion, Antivirus 360 closing MBAM. The only way to scan with MBAM was in Safe Mode. Too bad ...

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

Back to top

#10 Raid

Malware Researcher

Experts
1,549 posts

Gender:Male
Location:United States

Posted 01 February 2009 - 03:33 AM

Your right, it's another trojan family that is specifically targeting malwarebytes. Sadly, this isn't the first one we've seen doing this, and we expect this trend to continue. I believe tho, if you bring up task manager and end task av360.exe, MBAM should then run fine for you, and clean up the rest of the mess.

Back to top

#11 Maniac

Forum Deity

Experts
17,454 posts

Gender:Male
Location:Bulgaria, EU

Posted 01 February 2009 - 05:44 AM

Raid, on Feb 1 2009, 10:33 AM, said:

Your right, it's another trojan family that is specifically targeting malwarebytes. Sadly, this isn't the first one we've seen doing this, and we expect this trend to continue. I believe tho, if you bring up task manager and end task av360.exe, MBAM should then run fine for you, and clean up the rest of the mess.

That's bad news....

From what I know, many viruses/threats trying to harm in any way and MalwareBytes' Anti-Malware to canчt help the consumer. This is due to popularity. I hope you can make in order not to affect MBAM from threats and rogue.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

Back to top

#12 Raid

Malware Researcher

Experts
1,549 posts

Gender:Male
Location:United States

Posted 01 February 2009 - 07:38 AM

Maniac, on Feb 1 2009, 05:44 AM, said:

That's bad news....

From what I know, many viruses/threats trying to harm in any way and MalwareBytes' Anti-Malware to canчt help the consumer. This is due to popularity. I hope you can make in order not to affect MBAM from threats and rogue.

We do occasionally shift code around in an effort to evade the bad guys, but alas, As they sometimes block various antivirus apps, and other great software; such as hijackthis, We won't be able to entirely prevent it. Essentially, whoever gets loaded first usually gets to make the rules.

Hopefully the resident protection module is aware of this threat and will prevent it from being loaded in the first place.

Back to top

#13 Maniac

Forum Deity

Experts
17,454 posts

Gender:Male
Location:Bulgaria, EU

Posted 04 February 2009 - 04:00 AM

Again...

Link: h**p://premium-antivirus-defence.com/promo/download/trial/InstallAVg_77090453.exe

Quote

----------------------------------
Keys added:1
----------------------------------
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE

----------------------------------
Values deleted:1
----------------------------------
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ItemPos800x600(1): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 4C 00 31 00 00 00 00 00 3F 3A 24 B9 10 00 41 2D 53 51 55 41 7E 31 00 00 34 00 03 00 04 00 EF BE 3F 3A 24 B9 43 3A 0C 35 14 00 00 00 61 00 2D 00 73 00 71 00 75 00 61 00 72 00 65 00 64 00 20 00 46 00 72 00 65 00 65 00 00 00 18 00 02 00 00 00 3A 00 00 00 5A 00 31 00 00 00 00 00 3E 3A 3B 7A 11 00 4D 59 4D 55 53 49 7E 31 00 00 28 00 03 00 04 00 EF BE 3E 3A 33 7A 43 3A E1 32 14 00 00 00 4D 00 79 00 20 00 4D 00 75 00 73 00 69 00 63 00 00 00 18 00 1A 00 0D 00 06 00 EF BE 53 00 75 00 70 00 70 00 6F 00 72 00 74 00 00 00 18 00 02 00 00 00 72 00 00 00 60 00 31 00 00 00 00 00 3E 3A 3B 7A 11 00 4D 59 50 49 43 54 7E 31 00 00 2E 00 03 00 04 00 EF BE 3E 3A 33 7A 43 3A E1 32 14 00 00 00 4D 00 79 00 20 00 50 00 69 00 63 00 74 00 75 00 72 00 65 00 73 00 00 00 18 00 1A 00 27 00 06 00 EF BE 53 00 75 00 70 00 70 00 6F 00 72 00 74 00 00 00 18 00 02 00 00 00 AA 00 00 00 3A 00 31 00 00 00 00 00 41 3A 75 9C 10 00 51 6F 6F 62 6F 78 00 00 24 00 03 00 04 00 EF BE 41 3A 75 9C 43 3A 0C 35 14 00 00 00 51 00 6F 00 6F 00 62 00 6F 00 78 00 00 00 16 00 02 00 00 00 E2 00 00 00 5E 00 31 00 00 00 00 00 3E 3A AE 7E 10 00 52 45 47 53 48 4F 7E 31 2E 32 5F 53 00 00 42 00 03 00 04 00 EF BE 3E 3A A9 7E 43 3A 0C 35 14 00 00 00 72 00 65 00 67 00 73 00 68 00 6F 00 74 00 5F 00 31 00 2E 00 38 00 2E 00 32 00 5F 00 73 00 72 00 63 00 5F 00 62 00 69 00 6E 00 00 00 1C 00 02 00 00 00 1A 01 00 00 42 00 32 00 B2 56 0E 00 3E 3A 9D 7E 20 00 37 7A 34 36 34 2E 65 78 65 00 2A 00 03 00 04 00 EF BE 3E 3A 9B 7E 43 3A 83 34 14 00 00 00 37 00 7A 00 34 00 36 00 34 00 2E 00 65 00 78 00 65 00 00 00 18 00 02 00 00 00 52 01 00 00 52 00 32 00 76 D6 C3 02 3F 3A 1D B9 20 00 41 32 46 52 45 45 7E 31 2E 45 58 45 00 00 36 00 03 00 04 00 EF BE 3F 3A 06 B8 43 3A 83 34 14 00 00 00 61 00 32 00 46 00 72 00 65 00 65 00 53 00 65 00 74 00 75 00 70 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 8A 01 00 00 8C 00 32 00 70 DD 2E 01 3E 3A 1C 7D 20 00 41 44 2D 41 57 41 7E 31 2E 45 58 45 00 00 70 00 03 00 04 00 EF BE 3E 3A 26 7B 43 3A 84 34 14 00 00 00 41 00 64 00 2D 00 41 00 77 00 61 00 72 00 65 00 20 00 32 00 30 00 30 00 38 00 20 00 50 00 72 00 6F 00 20 00 37 00 2E 00 31 00 2E 00 30 00 2E 00 31 00 31 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 C2 01 00 00 76 00 32 00 10 C3 3A 02 3E 3A 26 7C 20 00 41 53 48 41 4D 50 7E 31 2E 45 58 45 00 00 5A 00 03 00 04 00 EF BE 3E 3A 21 7C 43 3A AB 34 14 00 00 00 61 00 73 00 68 00 61 00 6D 00 70 00 6F 00 6F 00 5F 00 61 00 6E 00 74 00 69 00 73 00 70 00 79 00 77 00 61 00 72 00 65 00 5F 00 32 00 5F 00 32 00 30 00 35 00 5F 00 73 00 6D 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 FA 01 00 00 94 00 32 00 00 6A BD 00 3E 3A 07 7C 20 00 41 56 47 41 4E 54 7E 31 2E 45 58 45 00 00 78 00 03 00 04 00 EF BE 3E 3A 3B 7B 43 3A AD 34 14 00 00 00 41 00 56 00 47 00 20 00 41 00 6E 00 74 00 69 00 2D 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 20 00 46 00 72 00 65 00 65 00 20 00 37 00 2E 00 35 00 2E 00 31 00 2E 00 34 00 33 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 32 02 00 00 50 00 32 00 88 63 30 00 3E 3A C1 B2 20 00 43 43 53 45 54 55 7E 31 2E 45 58 45 00 00 34 00 03 00 04 00 EF BE 3E 3A BC B2 43 3A 89 34 14 00 00 00 63 00 63 00 73 00 65 00 74 00 75 00 70 00 32 00 31 00 36 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 6A 02 00 00 54 00 32 00 00 D6 8D 01 41 3A 80 9C 20 00 45 41 56 5F 4E 54 7E 31 2E 4D 53 49 00 00 38 00 03 00 04 00 EF BE 3E 3A 3D 9C 43 3A 3C 38 14 00 00 00 65 00 61 00 76 00 5F 00 6E 00 74 00 33 00 32 00 5F 00 65 00 6E 00 75 00 2E 00 6D 00 73 00 69 00 00 00 1C 00 02 00 00 00 9A 04 00 00 48 00 32 00 1A 98 00 00 43 3A AE 34 20 00 69 6E 73 74 61 6C 6C 2E 65 78 65 00 2E 00 03 00 04 00 EF BE 43 3A AC 34 43 3A F6 34 14 00 00 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 2E 00 65 00 78 00 65 00 00 00 1A 00 02 00 00 00 A2 02 00 00 50 00 32 00 88 C6 29 00 3E 3A D4 7A 20 00 4D 42 41 4D 2D 53 7E 31 2E 45 58 45 00 00 34 00 03 00 04 00 EF BE 3E 3A C6 7A 43 3A 88 34 14 00 00 00 6D 00 62 00 61 00 6D 00 2D 00 73 00 65 00 74 00 75 00 70 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 DA 02 00 00 66 00 32 00 AD 64 01 00 3E 3A A2 7E 20 00 52 45 47 53 48 4F 7E 31 2E 5A 49 50 00 00 4A 00 03 00 04 00 EF BE 3E 3A 66 7E 43 3A 3D 38 14 00 00 00 72 00 65 00 67 00 73 00 68 00 6F 00 74 00 5F 00 31 00 2E 00 38 00 2E 00 32 00 5F 00 73 00 72 00 63 00 5F 00 62 00 69 00 6E 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 12 03 00 00 4E 00 32 00 30 14 10 00 3E 3A 4B 80 20 00 52 45 56 4F 53 45 7E 31 2E 45 58 45 00 00 32 00 03 00 04 00 EF BE 3E 3A 4A 80 43 3A 88 34 14 00 00 00 72 00 65 00 76 00 6F 00 73 00 65 00 74 00 75 00 70 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 4A 03 00 00 52 00 32 00 68 65 FA 00 3E 3A CA 7A 20 00 53 50 59 42 4F 54 7E 31 2E 45 58 45 00 00 36 00 03 00 04 00 EF BE 3E 3A C6 7A 43 3A 36 35 14 00 00 00 73 00 70 00 79 00 62 00 6F 00 74 00 73 00 64 00 31 00 36 00 32 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 82 03 00 00 66 00 32 00 80 81 40 02 3E 3A 62 7C 20 00 53 50 59 53 57 45 7E 31 2E 45 58 45 00 00 4A 00 03 00 04 00 EF BE 3E 3A D5 7B 43 3A 87 34 14 00 00 00 53 00 70 00 79 00 53 00 77 00 65 00 65 00 70 00 65 00 72 00 53 00 4E 00 52 00 53 00 65 00 74 00 75 00 70 00 5F 00 45 00 4E 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 62 04 00 00 6C 00 32 00 E5 1F 04 00 42 3A 21 9A 20 00 53 50 59 57 41 52 7E 31 2E 5A 49 50 00 00 50 00 03 00 04 00 EF BE 42 3A 1C 9A 43 3A BD 33 14 00 00 00 73 00 70 00 79 00 77 00 61 00 72 00 65 00 5F 00 53 00 68 00 61 00 72 00 65 00 72 00 65 00 61 00 63 00 74 00 6F 00 72 00 2E 00 63 00 6F 00 6D 00 2E 00 7A 00 69 00 70 00 00 00 1C 00 02 00 00 00 BA 03 00 00 7C 00 32 00 20 C9 2B 00 3E 3A 7A 7B 20 00 53 50 59 57 41 52 7E 31 2E 45 58 45 00 00 60 00 03 00 04 00 EF BE 3E 3A 5A 7B 43 3A 87 34 14 00 00 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 42 00 6C 00 61 00 73 00 74 00 65 00 72 00 20 00 34 00 2E 00 31 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 F2 03 00 00 5C 00 32 00 20 0A 5B 00 3E 3A B2 7B 20 00 53 55 50 45 52 41 7E 31 2E 45 58 45 00 00 40 00 03 00 04 00 EF BE 3E 3A 56 7B 43 3A 87 34 14 00 00 00 53 00 55 00 50 00 45 00 52 00 41 00 6E 00 74 00 69 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 2A 04 00 00 A6 00 32 00 10 24 4D 00 3E 3A ED 7B 20 00 54 52 45 4E 44 4D 7E 31 2E 45 58 45 00 00 8A 00 03 00 04 00 EF BE 3E 3A 50 7B 43 3A 86 34 14 00 00 00 54 00 72 00 65 00 6E 00 64 00 20 00 4D 00 69 00 63 00 72 00 6F 00 20 00 41 00 6E 00 74 00 69 00 2D 00 53 00 70 00 79 00 77 00 61 00 72 00 65 00 20 00 33 00 2E 00 35 00 20 00 42 00 75 00 69 00 6C 00 64 00 20 00 31 00 30 00 34 00 31 00 20 00 28 00 6B 00 61 00 6C 00 64 00 61 00 74 00 61 00 2E 00 63 00 6F 00 6D 00 29 00 2E 00 65 00 78 00 65 00 00 00 1C 00 02 00 00 00 2A 04 00 00 00 00 00 00

----------------------------------
Values added:35
----------------------------------
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Fhccbeg\Zl Qbphzragf\VafgnyyNIt_77090453.rkr: 07 00 00 00 06 00 00 00 50 EB 49 B0 A5 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Run\21972CF09D555ABFC5BEBBA0264074EE: "C:\Program Files\A360\av360.exe"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31237: "Creates a new, empty folder in the folder you have open."
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31242: "Rename this file"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31244: "Move this file"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31246: "Copy this file"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31248: "Publish this file to the Web"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31370: "E-mail this file"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31252: "Delete this file"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Support\My Documents\InstallAVg_77090453.exe: "InstallAVg_77090453"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\A360\av360.exe: "av360"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21782: "Programs"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\lvd: "77090453"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\wqlc: "English"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\qypoktfhqjm: ";N?aP;KNVKWlMlR`M=KQXqsOJeZONJ[]NDCqVwWqXyJLV\waKIkATj>[N`_PGtfNRpoM<]?@JXcPO=jLYTkoLoOOICBnOl;^TvN_p!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\lvrait: "<Rk@MFG`S_kJSifoScsOS>[nDR??NrB_LlGQYqgqI^>aRySnMv[@FKB_ScO]HE?`Ww^jL?G>Y]k=IfsQTG;?CpFAO@C?QoGM?mw^NcgAY^RmUyw?Q;OAWBSoMCO]H<KnK]?pLOkOMLO?I`foSQoPSOg\A<spVfOQOvZmB!!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\wqzacwctca: ""
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\eupijwcvf: "GAS`KV_pPck<SmZ@VDSQYKb_QVk@E!!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\sujlftq: "?v[QLPKOPQk:QQF@SoSpDR??N"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\myjhzvrdjl: "E<g^YPgpTmOmKYbNJg;ANEkP>Ts?QXV?LEC_LYN=V]C_VvG\Fe?`Wls`NLkOWAWn:f:PVlkM?!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\myjhxwq: "B"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\ehyjjin: ""
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\myjheozt: "=qgqP@?pKcgmJpV@OBK@KgS@Pn:?LL[;TfWPGtfNRpoM<RWoV?GPOp?:?"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\myjhzvrdjo: "@M?>PC_AQQc:KfBnLis_TygQFLoOMD:AVs;^J:n]Q^COJL;M>sSPTC??Ju;PYvgAEuroMKkmF!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\myjhfo: "CjknNGG_PqGLQSr`NWgQVqO?CIO_PgZ_XdCaUwBlXUs`SUkLDMCaQ_OaVEW`Rk?nFOB_ScGLp!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\wqqpccyzj: "2009-02-04"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\tdqprtwai: "2009-02-04"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\gzypkb: "=FSKWfKpPwkPMxoLW:CNOEwoTyJ<:=o@TwR[@cjQYOsyi!!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\gxyiz: "FtwoX:WoL\S?KmZ:BLRWb!!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\dsfwdmbf: "?gKqRdO_YgsnScKKNO?>SEWop!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\dffwdmcue: "Bf?<DINZF!!"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\kcajjq: ":]Z=H"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\duaqiqegc: "222220000000000000000000000000000000000000"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\dsyjj: "1"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\21972CF09D555ABFC5BEBBA0264074EE\wqqpdklweo: "04.02.2009 10:51:32"

----------------------------------
Values modified:12
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 6B AD 5E AA 83 6F 33 02 69 F2 CF F8 A2 67 E8 33 8A DE 5A 0A 43 F6 39 02 94 9C 9E BD 3D 02 92 BC 73 97 63 2A D9 93 AA C8 F6 55 D2 13 1B F6 78 E2 3E 5F 41 CF 90 14 08 39 DF 73 3B 78 F2 A4 60 F2 58 78 B2 B0 FE 33 9E 88 08 16 BD 69 17 13 DC 7E
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 84 43 67 CD A0 B7 6E D3 2F 2E 17 F3 15 6B 9B 16 8D 68 79 96 7A FD 50 B8 00 4A BF 24 C7 9E 8F 05 1F 95 78 64 ED AB C9 66 F8 E4 E4 4C 14 4F D0 33 96 C1 18 41 6A E7 C6 19 02 4E C4 C7 58 B4 72 23 51 96 FB 56 DF DE 94 18 86 8D B2 D1 13 F2 29 7A
HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify: 0x00000000
HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify: 0x00000001
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA: 86 31 4C 0E 07 00 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYFRFFVBA: 2D 35 4C 0E 08 00 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 07 00 00 00 98 00 00 00 F0 21 8F 99 A5 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 07 00 00 00 9A 00 00 00 50 EB 49 B0 A5 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 07 00 00 00 5F 00 00 00 F0 C3 F7 98 A5 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 07 00 00 00 60 00 00 00 70 B2 45 AA A5 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:::{450Q8SON-NQ25-11Q0-98N8-0800361O1103}: 05 00 00 00 17 00 00 00 70 F9 38 A0 D0 85 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:::{450Q8SON-NQ25-11Q0-98N8-0800361O1103}: 07 00 00 00 18 00 00 00 70 B2 45 AA A5 86 C9 01
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings: 46 00 00 00 5E 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C0 AD B6 D1 ED 82 C9 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 0A 00 02 0F 00 00 00 00 00 00 00 00 6F 00 6F 00 74 00 25 00 5C 00 54 00 45 00 4D 00 50 00 00 00 44 00 3B 00 2E 00 56 00 42 00 53 00 3B 00 2E 00 56 00 42 00 45 00 3B 00 2E 00 4A 00 53 00 3B 00 2E 00 4A 00 53 00 45 00 3B 00 2E 00 57 00 53 00 46 00 3B 00 2E 00 57 00 53 00 48 00 00 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 57 00 62 00 65 00 6D 00 00 00 00 00 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings: 46 00 00 00 60 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 C0 AD B6 D1 ED 82 C9 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 0A 00 02 0F 00 00 00 00 00 00 00 00 6F 00 6F 00 74 00 25 00 5C 00 54 00 45 00 4D 00 50 00 00 00 44 00 3B 00 2E 00 56 00 42 00 53 00 3B 00 2E 00 56 00 42 00 45 00 3B 00 2E 00 4A 00 53 00 3B 00 2E 00 4A 00 53 00 45 00 3B 00 2E 00 57 00 53 00 46 00 3B 00 2E 00 57 00 53 00 48 00 00 00 79 00 73 00 74 00 65 00 6D 00 33 00 32 00 5C 00 57 00 62 00 65 00 6D 00 00 00 00 00 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\Mode: 0x00000006
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\Mode: 0x00000003
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ScrollPos800x600(1).y: 0x00000002
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ScrollPos800x600(1).y: 0x00000000
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 06 00 28 00 10 00 34 00 48 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 B4 00 60 00 78 00 78 00 B4 00 B4 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 04 00 20 00 10 00 28 00 3C 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 B4 00 60 00 78 00 78 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\Vid: "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell\Vid: "{0E1FA5E0-3573-11CF-AE69-08002B2E1262}"
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\SessionInformation\ProgramCount: 0x00000001
HKU\S-1-5-21-1177238915-1383384898-1343024091-1003\SessionInformation\ProgramCount: 0x00000002

----------------------------------
Files added:12
----------------------------------
C:\Documents and Settings\Support\Application Data\Microsoft\Internet Explorer\Quick Launch\A360.lnk
C:\Documents and Settings\Support\Desktop\A360.lnk
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\firstrun[1].htm
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\thanks[1].htm
C:\Documents and Settings\Support\Start Menu\A360\A360.lnk
C:\Documents and Settings\Support\Start Menu\A360\Help.lnk
C:\Documents and Settings\Support\Start Menu\A360\Registration.lnk
C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk
C:\Program Files\A360\av360.exe
C:\WINDOWS\Prefetch\AV360.EXE-1C911674.pf
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
C:\WINDOWS\Prefetch\INSTALLAVG_77090453.EXE-29C29F9E.pf

----------------------------------
Files deleted:219
----------------------------------
C:\Documents and Settings\Support\Cookies\support@a.abv[1].txt
C:\Documents and Settings\Support\Cookies\support@cnt.tyxo[1].txt
C:\Documents and Settings\Support\Cookies\support@google[1].txt
C:\Documents and Settings\Support\Cookies\support@imrworldwide[2].txt
C:\Documents and Settings\Support\Cookies\support@malwarebytes[1].txt
C:\Documents and Settings\Support\Cookies\support@msn[2].txt
C:\Documents and Settings\Support\Cookies\support@norton[2].txt
C:\Documents and Settings\Support\Cookies\support@safeweb.norton[2].txt
C:\Documents and Settings\Support\Cookies\support@symantec[1].txt
C:\Documents and Settings\Support\Cookies\support@translate.google[2].txt
C:\Documents and Settings\Support\Cookies\support@www.msn[1].txt
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\329[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\ai[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\ajxload[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\bf_nonew[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\ch_b_h_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\css_img_quote[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\ct[1].swf
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\droparrow[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\exp_plus[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\favicon[1].ico
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\find_posts[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\forums[1].htm
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\f_closed[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\f_hot[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\f_pinned[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\ga[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\home_gems[1].jpg
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\iepngfix[1].htc
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\input_bg_sub[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\ipb_global_xmlenhanced[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\ipb_topic[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\ips_menu_html[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\logo-bg[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\med-rating-0[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\med-rating-2[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\menu_item[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\p[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\p_edit[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\rte-link-button[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\rte-quote-button[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\rte-redo[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\sinoptik_bl[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\sinoptik_sel_bl[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\small-rating-1[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\small-rating-4[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\sportni_cap_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\SRUI-Pick[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\start[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\stat_gzip[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\submit[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\sub_but_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\sym_default_1229095984[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\sym_om_1219864511[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\sym_report_1229096131[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\s_sr_b[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\tabswelcome[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\tab_icon[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\tile_cat[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\translate_t[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\t_qr[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\97AD2N7E\user-online[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\0[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\abv_icq08[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\abv_logo_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\bf_new[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\block_hsp_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\body_tile_briefs[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\btn_search_home[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\calendar[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\calendar[2]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\close[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\css_pp_header[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\dialog-container[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\down[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\errorPageStrings[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\favicon[1].ico
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\favicon[2].ico
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\favicon[3].ico
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\favicon[4].ico
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\f_hot_no[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\f_norm[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\index[1].htm
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\ipb_global[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\lqlqlqlqlqmp0[1].jpg
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\main-logo[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\med-rating-1[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\med-rating-4[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\menu_action_down[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\news_markers_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\pointer[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\p_mq_add[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\p_up[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\ratings-1[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\rating_0_mini[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\RestoreUI[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\rstrui[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\rte-code-button[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\rte-error[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\rte-image-button[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\rte-italic[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\scr_but[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\small-gray[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\small-rating-2[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\small-rating-3[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\stat_load[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\sym_dialog_1227158615[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\s_res_bg[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\s_res_bg_bottom[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\tile_sub-lite[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\t[1].txt
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\t_new[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\t_reply[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\user[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\9ENK6PR6\zippy_plus_sm[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\0[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\0[2].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\779[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\attachicon[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\complete_icon[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\d100[1].jpg
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\default_thumbnail[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\dom-drag[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\ErrorPageTemplate[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\friend_add_small[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\f_norm_no_dot[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\f_poll_no[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\help[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\horo_c_bg_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\Hp_DoxPromo[1].jpg
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\iframe[1].htm
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\index[2].htm
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\input_bg_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\input_bg_home[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\ips_ipsclass[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\ips_text_editor_lite[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\lang_javascript[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\lastpost[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\med-rating-3[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\nav[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\nav_m[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\photo-thumb-2526[1].jpg
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\pip[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\rstrui[2]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\rte-bold[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\rte-dd-bg[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\rte-resize-up[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\rte_tile[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\scr_bg[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\search[1].xml
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\search_town_bg[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\small-green[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\small-rating-0[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\small-rating-5[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\small-red[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\small-whitebg-green[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\SRUI-Confirm[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\srui-main[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\srui-success[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\SR_Grad[2]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\stat_time[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\sub_logo[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\sym_dialog_1227158615[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\sym_om_1219864511[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\tile_sub[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\to_post_off[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\translate_beta_res[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\t[1].txt
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\watermark[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\CW99E48D\zodia16[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\13170[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\941422_orig[1].jpg
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\btn[1].swf
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\btn_search_sub[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\button-bg[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\ch_b_w_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\css_rte[1].css
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\c[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\exp_minus[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\f_norm_no[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\f_poll[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\gender_male[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\google_logo_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\help[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\httpErrorPagesScripts[1]
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\index[1].htm
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\ipb_forum[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\ips_menu[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\ips_xmlhttprequest[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\large-red[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\loading_anim[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\login-button[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\login_but_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\logo_home[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\lu[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\med-rating-5[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\nav_sprite[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\netinfo_cap_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\news_marker_07[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\new_user[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\pages_icon[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\p_quote[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\rte-emo-button[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\rte-ok[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\rte-resize-down[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\rte-underlined[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\send_pm_small[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\small-whitebg-red[1].png
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\spacer[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\stats[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\stat_sql[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\sym_base_1231526361[1].css
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\sym_default_1229095984[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\tab_sprite[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\tongue[1].gif
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\translate_t[1].htm
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\v53f[1].js
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\Z1G6GCUU\Zaplata_baner_RED_300x250px_b[1].swf
C:\Documents and Settings\Support\My Documents\InstallAVg_77090453.exe

----------------------------------
Files[attr]modified:12
----------------------------------
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\EpfwUser.dat
C:\Documents and Settings\Support\Cookies\index.dat
C:\Documents and Settings\Support\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\Support\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\Support\NTUSER.DAT.LOG
C:\WINDOWS\system32\config\software.LOG
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

----------------------------------
Folders added:3
----------------------------------
C:\Documents and Settings\Support\Start Menu\A360
C:\Program Files\Common Files\System\Uninstall
C:\Program Files\A360

----------------------------------
Total changes:295
----------------------------------

Made many changes ...

MalwareBytes' Anti-Malware:

Quote

Malwarebytes' Anti-Malware 1.33
Database version: 1718
Windows 5.1.2600 Service Pack 3

2009-02-04 10:58:35
mbam-log-2009-02-04 (10-58-35).txt

Scan type: Quick Scan
Objects scanned: 41811
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\21972cf09d555abfc5bebba0264074ee (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Support\Start Menu\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\winconfig.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Program Files\A360\av360.exe (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Support\Start Menu\A360\A360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Support\Start Menu\A360\Help.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Support\Start Menu\A360\Registration.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

Back to top

#14 Maniac

Forum Deity

Experts
17,454 posts

Gender:Male
Location:Bulgaria, EU

Posted 05 February 2009 - 09:43 AM

New...
h**p://antimalware-pro-scan.com/promo/download/trial/InstallAVg_77038507.exe

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

Back to top

#15 Stern2008

Advanced Member

Honorary Members
163 posts

Gender:Male
Location:Ukraine

Posted 05 February 2009 - 12:38 PM

new too

h**p://anti-spyware-2009.info/products/antispyware/
or
h**p://styleout.cn/soft.php?aid=0865&d=100&refer=ff94bbac7

virustotal

Back to top

#16 JimLouis

New Member

Members
2 posts

Posted 05 February 2009 - 12:42 PM

JimLouis, on Feb 5 2009, 04:50 PM, said:

My daughter called frantically that something had happened to her computer and her sons (my grandsons) couldn't get to the school website or do any of the assigned homework. Also the screen was so full of dialog boxes that my daughter had a difficult time checking in and reading her office email.
After some research I determined that she had the A 360 Trojan and maybe other bad things on her computer. This could be a long story but I will keep it short since its likely a repeat of many others with the same problem. Apparently the McAfee security center didn't catch this and with the A 360 running, a security scan with McAfee wouldn't complete and fix the problem. So what now...
I went over and spent many hours with her computer. I was armed with the most important piece of software in the world. Thats Malwarebytes 'Anti Malware' software. I had done a lot of research before I decided that this particular software would be the one to use. With hind sight, that was an exceptional decision.
I had downloaded the Anti Malware software onto a flash drive at home since I wasn't sure if I would be successful downloading it with my Daughters infected computer. Again a good decision. I copied the software to the infected computers desktop and double clicked. Nothing happened. I did this several times to no avail. What I did next I think was an important step. I did a ctrl alt delete which opened the windows Task Manager (thank goodness that worked) and I moved it around so I could see it with the multitude of A 360 boxes that were on the window. I switched over to Applications tab and saw the A 360 running so I clicked 'End Task'. Then I went to processes and found something called Gamevance running. I ended that process. The various A 360 dialog boxes became static and new ones weren't appearing. So I tried starting the Malwarebytes 'Anti-Malware' program and this time it started and I could get the latest on-line updates. What a relief I felt! I started the scan which lasted 32 minutes and the software found 53 infected registry keys, 4 registry values infected, 81 folders infected and 163 infected files for a total of 99637 objects scanned (quick scan.) Sure enough this GREAT piece of software found and deleted ALL items related to A 360 (av360.exe) and others. Other items found and deleted were Trojan.dropper.vundo.e, FakeAlert, Gamevance, MyWebsearch, Minibug, Trojan.Agent, and items called ToolbarLogo, ToolbarSearch, weather, Starware. I am sure that all of these are bad but the A 360 and FakeAlert were the ones with the most immediate visible evidence.
I cannot praise the Malwarebytes 'Anti-Malware' program high enough. All of you at Malwarebytes have been and will continue to be my prayers of thanksgiving & praise.
Jim

Back to top

#17 Maniac

Forum Deity

Experts
17,454 posts

Gender:Male
Location:Bulgaria, EU

Posted 06 February 2009 - 05:43 AM

New..
http://antimalware-pro-scan.com/promo/down...Vg_77038507.exe

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

Back to top

#18 Raid

Malware Researcher

Experts
1,549 posts

Gender:Male
Location:United States

Posted 06 February 2009 - 06:30 AM

I'll look into it.

Back to top

#19 jamadan

New Member

Members
3 posts

Posted 06 February 2009 - 10:43 AM

Unfortunately, a friend I'm helping accidentally downloaded the exact same thing. Having read that Malwarebytes works for AntiVirus 360, I booted it to safe mode and ran it off a USB stick. It found 97 infections and removed all but those that have to be deleted on restart, so I allowed it to restart . . . but that's where the adventure takes a turn for the worse, because it won't start into Windows now in any mode. It gets to the boot menu, but when I select any of the choices (normal, safe, safe with networking, etc), it will kick off as normal with the black Windows logo screen and spinning sign as it reads the hard drive, then it flashes something in a nano second in blue and then suddenly goes back into restart mode and winds up at the boot menu. If I leave it running, it just runs that cycle endlessly never actually allowing me into the operating system. I had to leave it for now to come to work, but I'm concerned removing the viruses hosed up Windows for good. Any suggestions?

Thanks

Jamadan