« previous next »
Pages: [1] 2

Author Topic: I am at dead end......help me out from viruses  (Read 2705 times)

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« on: February 25, 2010, 04:36:56 PM »
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\WINDOWS\system32\ffpsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.200:8080
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0748ACE-B51B-462C-8CEA-901B8E045CD0}: NameServer = 172.16.0.200
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: File and Folder Protector (FileAndFolderProtector_S) - Unknown owner - C:\WINDOWS\system32\ffpsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3397 bytes
Logged

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« Reply #1 on: February 26, 2010, 04:53:16 AM »
i m not able 2 c my hidden files n my system  also get slow down
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I am at dead end......help me out from viruses
« Reply #2 on: February 26, 2010, 06:53:40 PM »
Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Under the Custom Scan box paste this in, the contents in Blue
[color=\"#0000FF\"]netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]


  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« Reply #3 on: February 27, 2010, 12:14:17 AM »
OTL Extras logfile created on: 2/27/2010 10:01:45 AM - Run 1
OTL by OldTimer - Version 3.1.30.3     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 72.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6.34 Gb Total Space | 2.13 Gb Free Space | 33.53% Space Free | Partition Type: FAT32
Drive D: | 12.64 Gb Total Space | 0.27 Gb Free Space | 2.14% Space Free | Partition Type: FAT32
Drive E: | 5.96 Gb Total Space | 3.69 Gb Free Space | 61.93% Space Free | Partition Type: FAT32
Drive F: | 6.92 Gb Total Space | 3.75 Gb Free Space | 54.20% Space Free | Partition Type: FAT32
Drive G: | 30.36 Gb Total Space | 0.22 Gb Free Space | 0.72% Space Free | Partition Type: FAT32
Drive H: | 31.23 Gb Total Space | 4.61 Gb Free Space | 14.78% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: MATHELIAN
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --one-instance-when-started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --one-instance-when-started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3014:TCP" = 3014:TCP:*:Enabled:eopnf
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\softwares\Lan & p2p Tools\utorrent.exe" = G:\softwares\Lan & p2p Tools\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BurstCopy_is1" = BurstCopy v2.700
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem  (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem  (06/01/2009 7.01.0.3)
"File and Folder Protector_is1" = File and Folder Protector v1.84
"FLV Player" = FLV Player 2.0, build 24
"InstallWIX_{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"MYIE2" = MYIE2 Browser (remove only)
"Nokia PC Suite" = Nokia PC Suite
"VLC media player" = VideoLAN VLC media player 0.8.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinRAR archiver" = WinRAR archiver
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2/20/2010 12:30:55 AM | Computer Name = MATHELIAN | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.5.0, faulting module liblibmpeg2_plugin.dll,
 version 0.0.0.0, fault address 0x00016571.
 
[ System Events ]
Error - 2/26/2010 1:33:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 30  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 2/26/2010 1:33:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 29 minutes.  NtpClient has no source of accurate
 time.
 
Error - 2/26/2010 1:58:24 PM | Computer Name = MATHELIAN | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{A0748ACE-B51B-462C-8CEA-901B8E045CD0}.  The
 backup browser is stopping.
 
Error - 2/26/2010 2:03:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 60  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 2/26/2010 2:03:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 59 minutes.  NtpClient has no source of accurate
 time.
 
Error - 2/26/2010 3:03:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 120  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 2/26/2010 3:03:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 119 minutes.  NtpClient has no source of accurate
 time.
 
Error - 2/26/2010 5:03:51 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 240  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 2/26/2010 5:03:51 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 239 minutes.  NtpClient has no source of accurate
 time.
 
Error - 2/26/2010 9:03:51 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 480  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
 
< End of report >
Logged

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« Reply #4 on: February 27, 2010, 12:17:26 AM »
OTL Extras logfile created on: 2/27/2010 10:01:45 AM - Run 1
OTL by OldTimer - Version 3.1.30.3     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 72.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 6.34 Gb Total Space | 2.13 Gb Free Space | 33.53% Space Free | Partition Type: FAT32
Drive D: | 12.64 Gb Total Space | 0.27 Gb Free Space | 2.14% Space Free | Partition Type: FAT32
Drive E: | 5.96 Gb Total Space | 3.69 Gb Free Space | 61.93% Space Free | Partition Type: FAT32
Drive F: | 6.92 Gb Total Space | 3.75 Gb Free Space | 54.20% Space Free | Partition Type: FAT32
Drive G: | 30.36 Gb Total Space | 0.22 Gb Free Space | 0.72% Space Free | Partition Type: FAT32
Drive H: | 31.23 Gb Total Space | 4.61 Gb Free Space | 14.78% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: MATHELIAN
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --one-instance-when-started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --one-instance-when-started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3014:TCP" = 3014:TCP:*:Enabled:eopnf
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\softwares\Lan & p2p Tools\utorrent.exe" = G:\softwares\Lan & p2p Tools\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BurstCopy_is1" = BurstCopy v2.700
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem  (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem  (06/01/2009 7.01.0.3)
"File and Folder Protector_is1" = File and Folder Protector v1.84
"FLV Player" = FLV Player 2.0, build 24
"InstallWIX_{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"MYIE2" = MYIE2 Browser (remove only)
"Nokia PC Suite" = Nokia PC Suite
"VLC media player" = VideoLAN VLC media player 0.8.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinRAR archiver" = WinRAR archiver
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2/20/2010 12:30:55 AM | Computer Name = MATHELIAN | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.5.0, faulting module liblibmpeg2_plugin.dll,
 version 0.0.0.0, fault address 0x00016571.
 
[ System Events ]
Error - 2/26/2010 1:33:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 30  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 2/26/2010 1:33:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 29 minutes.  NtpClient has no source of accurate
 time.
 
Error - 2/26/2010 1:58:24 PM | Computer Name = MATHELIAN | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{A0748ACE-B51B-462C-8CEA-901B8E045CD0}.  The
 backup browser is stopping.
 
Error - 2/26/2010 2:03:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 60  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 2/26/2010 2:03:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 59 minutes.  NtpClient has no source of accurate
 time.
 
Error - 2/26/2010 3:03:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 120  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 2/26/2010 3:03:50 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 119 minutes.  NtpClient has no source of accurate
 time.
 
Error - 2/26/2010 5:03:51 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 240  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 2/26/2010 5:03:51 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 239 minutes.  NtpClient has no source of accurate
 time.
 
Error - 2/26/2010 9:03:51 PM | Computer Name = MATHELIAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 480  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
 
< End of report >
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I am at dead end......help me out from viruses
« Reply #5 on: February 27, 2010, 12:18:38 AM »
You posted the Extras.txt log twice
Can you post the OTL.txt log please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« Reply #6 on: February 27, 2010, 01:03:05 AM »
see the attached file plzOTL logfile created on: 2/27/2010 10:01:45 AM - Run 1OTL by OldTimer - Version 3.1.30.3     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads\ProgramsWindows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 72.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 6.34 Gb Total Space | 2.13 Gb Free Space | 33.53% Space Free | Partition Type: FAT32Drive D: | 12.64 Gb Total Space | 0.27 Gb Free Space | 2.14% Space Free | Partition Type: FAT32Drive E: | 5.96 Gb Total Space | 3.69 Gb Free Space | 61.93% Space Free | Partition Type: FAT32Drive F: | 6.92 Gb Total Space | 3.75 Gb Free Space | 54.20% Space Free | Partition Type: FAT32Drive G: | 30.36 Gb Total Space | 0.22 Gb Free Space | 0.72% Space Free | Partition Type: FAT32Drive H: | 31.23 Gb Total Space | 4.61 Gb Free Space | 14.78% Space Free | Partition Type: FAT32I: Drive not present or media not loaded Computer Name: MATHELIANCurrent User Name: AdministratorLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010/02/27 09:48:56 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\OTL.exePRC - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exePRC - [2009/05/28 13:45:00 | 000,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exePRC - [2009/03/30 10:11:14 | 000,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exePRC - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exePRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2004/01/16 01:11:08 | 000,079,872 | ---- | M] () -- C:\WINDOWS\system32\ffpsrv.exePRC - [2003/04/25 05:53:54 | 000,054,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXEPRC - [2002/10/15 23:18:02 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exePRC - [2002/10/15 23:05:58 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe  ========== Modules (SafeList) ========== MOD - [2010/02/27 09:48:56 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\OTL.exeMOD - [2010/02/26 22:18:16 | 000,087,040 | RHS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\cvasds0.dllMOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll  ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] --  -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\BIN\getPlus_Helper.dll -- (getPlusHelper) getPlus®SRV - [2009/08/17 16:47:50 | 000,231,328 | ---- | M] (Doctor Web, Ltd.) [Auto | Stopped] -- C:\Program Files\DrWeb\spidernt.exe -- (SPIDERNT)SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe -- (AVP)SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)SRV - [2004/01/16 01:11:08 | 000,079,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ffpsrv.exe -- (FileAndFolderProtector_S)  ========== Driver Services (SafeList) ========== DRV - [2009/08/17 16:47:48 | 000,306,464 | ---- | M] (Doctor Web, Ltd.) [File_System | Auto | Stopped] -- C:\Program Files\DrWeb\spider.sys -- (SPIDER)DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)DRV - [2007/10/05 14:48:04 | 000,190,736 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)DRV - [2007/07/18 15:39:54 | 000,110,096 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)DRV - [2007/05/30 18:49:06 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)DRV - [2004/08/03 23:08:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)DRV - [2004/07/17 11:36:38 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)DRV - [2004/01/17 20:13:54 | 000,043,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\FDCDNT.SYS -- (FDCDNT)DRV - [2003/10/15 01:10:00 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®DRV - [2003/04/25 12:48:02 | 000,730,092 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)DRV - [2002/10/25 09:03:30 | 000,071,514 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)DRV - [2002/10/25 09:03:22 | 000,091,774 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)DRV - [2002/10/25 09:02:20 | 000,080,283 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)DRV - [2001/08/23 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.0.200:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: [email protected]:6.7FF - prefs.js..network.proxy.ftp: "172.16.0.200"FF - prefs.js..network.proxy.ftp_port: 8080FF - prefs.js..network.proxy.gopher: "172.16.0.200"FF - prefs.js..network.proxy.gopher_port: 8080FF - prefs.js..network.proxy.http: "172.16.0.200"FF - prefs.js..network.proxy.http_port: 8080FF - prefs.js..network.proxy.share_proxy_settings: trueFF - prefs.js..network.proxy.socks: "172.16.0.200"FF - prefs.js..network.proxy.socks_port: 8080FF - prefs.js..network.proxy.ssl: "172.16.0.200"FF - prefs.js..network.proxy.ssl_port: 8080FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/02/18 19:16:52 | 000,000,000 | ---D | M] [2010/02/19 22:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions[2010/02/19 22:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\prqkrkka.default\extensions O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)O4 - HKLM..\Run: [KernelFaultCheck]  File not foundO4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Administrator\Local Settings\Temp\herss.exe ()O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll (Kaspersky Lab)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010/02/12 18:17:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]O32 - AutoRun File - [2010/02/27 10:02:02 | 000,000,051 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]O32 - AutoRun File - [2010/02/27 10:02:02 | 000,000,051 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]O32 - AutoRun File - [2010/01/22 18:40:16 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]O32 - AutoRun File - [2010/02/27 10:02:02 | 000,000,051 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]O32 - AutoRun File - [2010/02/27 10:02:02 | 000,000,051 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]O32 - AutoRun File - [2010/02/27 10:02:02 | 000,000,051 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]O32 - AutoRun File - [2010/02/27 10:02:02 | 000,000,051 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]O33 - MountPoints2\{084b30db-17fa-11df-93c7-806d6172696f}\Shell\AutoRun\command - "" = C:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{084b30db-17fa-11df-93c7-806d6172696f}\Shell\open\Command - "" = C:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{084b30dc-17fa-11df-93c7-806d6172696f}\Shell\AutoRun\command - "" = D:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{084b30dc-17fa-11df-93c7-806d6172696f}\Shell\open\Command - "" = D:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{9438240c-180f-11df-b96e-806d6172696f}\Shell\AutoRun\command - "" = E:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{9438240c-180f-11df-b96e-806d6172696f}\Shell\open\Command - "" = E:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{9438240d-180f-11df-b96e-806d6172696f}\Shell\AutoRun\command - "" = F:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{9438240d-180f-11df-b96e-806d6172696f}\Shell\open\Command - "" = F:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{9438240e-180f-11df-b96e-806d6172696f}\Shell\AutoRun\command - "" = G:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{9438240e-180f-11df-b96e-806d6172696f}\Shell\open\Command - "" = G:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{9438240f-180f-11df-b96e-806d6172696f}\Shell\AutoRun\command - "" = H:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{9438240f-180f-11df-b96e-806d6172696f}\Shell\open\Command - "" = H:\s1.exe -- [2010/02/26 06:59:32 | 000,099,328 | RHS- | M] ()O33 - MountPoints2\{98d4fa60-1802-11df-80a6-0050dadccf0e}\Shell - "" = AutoRunO33 - MountPoints2\{98d4fa60-1802-11df-80a6-0050dadccf0e}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{a4b2b592-18a5-11df-b976-0050dadccf0e}\Shell - "" = AutoRunO33 - MountPoints2\{a4b2b592-18a5-11df-b976-0050dadccf0e}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\mbvd.exe -- [2009/12/03 04:32:44 | 000,113,972 | RHS- | M] ()O33 - MountPoints2\E\Shell\open\Command - "" = E:\mbvd.exe -- [2009/12/03 04:32:44 | 000,113,972 | RHS- | M] ()O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\mbvd.exe -- [2009/12/03 04:32:44 | 000,113,972 | RHS- | M] ()O33 - MountPoints2\F\Shell\open\Command - "" = F:\mbvd.exe -- [2009/12/03 04:32:44 | 000,113,972 | RHS- | M] ()O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\mbvd.exe -- [2009/12/03 04:32:44 | 000,113,972 | RHS- | M] ()O33 - MountPoints2\G\Shell\open\Command - "" = G:\mbvd.exe -- [2009/12/03 04:32:44 | 000,113,972 | RHS- | M] ()O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\mbvd.exe -- [2009/12/03 04:32:44 | 000,113,972 | RHS- | M] ()O33 - MountPoints2\H\Shell\open\Command - "" = H:\mbvd.exe -- [2009/12/03 04:32:44 | 000,113,972 | RHS- | M] ()O33 - MountPoints2\I\Shell - "" = AutoRunO33 - MountPoints2\I\Shell\AutoRun - "" = Auto&PlayO34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 -  File not foundNetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/12 17:23:38 | 000,000,000 | ---D | M]NetSvcs: Iprip -  File not foundNetSvcs: Irmon -  File not foundNetSvcs: NWCWorkstation -  File not foundNetSvcs: Nwsapagent -  File not foundNetSvcs: WmdmPmSp -  File not foundNetSvcs: ayjasm - C:\WINDOWS\system32\crxfeenj.dll ()NetSvcs: dadzvibyo - C:\WINDOWS\system32\crxfeenj.dll () MsConfig - StartUpReg: cdoosoft - hkey= - key= - C:\Documents and Settings\Administrator\Local Settings\Temp\herss.exe ()MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= -  File not foundMsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe File not foundMsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe File not foundMsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "bootini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 2 CREATERESTOREPOINTRestore point Set: OTL Restore Point (53765057741324288) ========== Files/Folders - Created Within 30 Days ========== [2010/02/27 00:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\MYIE2[2010/02/26 15:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IDM[2010/02/26 15:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager[2010/02/26 06:57:20 | 000,000,000 | -HSD | C] -- C:\FOUND.005[2010/02/26 06:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb[2010/02/26 06:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Doctor Web[2010/02/26 06:52:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2010/02/26 02:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro[2010/02/25 22:02:53 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdaudio.sys[2010/02/25 21:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab[2010/02/25 21:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab[2010/02/25 21:33:56 | 000,000,000 | ---D | C] -- C:\kav[2010/02/25 20:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities[2010/02/25 00:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Contacts[2010/02/25 00:05:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files[2010/02/25 00:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Messenger[2010/02/24 23:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileAndFolderProtector_S[2010/02/24 23:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\File and Folder Protector[2010/02/24 23:47:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent[2010/02/24 23:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH[2010/02/23 13:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\NOS[2010/02/23 13:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS[2010/02/22 20:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Vypress Chat History[2010/02/22 20:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\VyPRESS[2010/02/22 20:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Vypress Chat[2010/02/22 20:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player[2010/02/22 19:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET[2010/02/22 18:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SAaipp Baba[2010/02/21 10:28:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs[2010/02/21 02:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent[2010/02/20 23:29:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss[2010/02/20 19:25:10 | 000,000,000 | -HSD | C] -- C:\FOUND.004[2010/02/20 09:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files[2010/02/20 01:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CyberLink[2010/02/20 01:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink[2010/02/20 01:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert[2010/02/20 00:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP[2010/02/19 22:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia[2010/02/19 22:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe[2010/02/19 22:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla[2010/02/19 22:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla[2010/02/19 22:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9[2010/02/19 22:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG[2010/02/19 22:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 3.5 Beta 4[2010/02/18 23:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads[2010/02/18 23:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DMCache[2010/02/18 19:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink[2010/02/18 19:22:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos[2010/02/18 19:21:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys[2010/02/18 19:21:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys[2010/02/18 19:20:37 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll[2010/02/18 19:20:34 | 000,023,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe[2010/02/18 19:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nokia[2010/02/18 19:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Suite[2010/02/18 19:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite[2010/02/18 19:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite[2010/02/18 19:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia[2010/02/18 19:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX[2010/02/18 19:16:20 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys[2010/02/18 19:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution[2010/02/18 19:15:55 | 000,007,808 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys[2010/02/18 19:15:54 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys[2010/02/18 19:15:51 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll[2010/02/18 19:15:51 | 000,659,968 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll[2010/02/18 19:15:51 | 000,017,664 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys[2010/02/18 19:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE[2010/02/18 19:15:20 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll[2010/02/18 19:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia[2010/02/18 19:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR[2010/02/18 19:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations[2010/02/16 21:11:56 | 000,000,000 | -HSD | C] -- C:\FOUND.003[2010/02/15 21:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET[2010/02/14 16:17:02 | 000,000,000 | -HSD | C] -- C:\FOUND.002[2010/02/13 22:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\stars[2010/02/13 15:32:00 | 000,000,000 | -HSD | C] -- C:\FOUND.001[2010/02/13 13:26:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump[2010/02/13 13:26:06 | 000,000,000 | -HSD | C] -- C:\FOUND.000[2010/02/13 02:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic[2010/02/13 02:16:12 | 000,065,536 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx[2010/02/13 02:16:12 | 000,049,152 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QuickTime.qts[2010/02/13 02:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer[2010/02/13 02:15:57 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll[2010/02/13 02:15:57 | 000,176,167 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll[2010/02/13 02:15:57 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll[2010/02/13 02:15:57 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll[2010/02/13 02:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\bsplayer[2010/02/13 02:15:53 | 001,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm[2010/02/13 02:15:53 | 000,446,464 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm[2010/02/13 02:15:53 | 000,424,960 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\msms001.vwp[2010/02/13 02:15:53 | 000,360,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm[2010/02/13 02:15:53 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm[2010/02/13 02:15:52 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll[2010/02/13 02:15:52 | 000,446,464 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp31vfw.dll[2010/02/13 02:15:52 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll[2010/02/13 02:15:52 | 000,413,760 | ---- | C] (Hacked with Joy !) -- C:\WINDOWS\System32\DivXc32f.dll[2010/02/13 02:15:52 | 000,413,760 | ---- | C] (Hacked with Joy !) -- C:\WINDOWS\System32\DivXc32.dll[2010/02/13 02:15:52 | 000,391,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\I263_32.drv[2010/02/13 02:15:52 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Npindeo.dll[2010/02/13 02:15:52 | 000,144,384 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Iacenc.dll[2010/02/13 02:15:52 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\IMC32.acm[2010/02/13 02:15:52 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll[2010/02/13 02:15:51 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMV9VCM.dll[2010/02/13 02:15:51 | 001,024,000 | ---- | C] (3ivx.com) -- C:\WINDOWS\System32\3ivx.dll[2010/02/13 02:15:51 | 000,286,720 | ---- | C] (3ivx.com) -- C:\WINDOWS\System32\3ivxVfWCodec.dll[2010/02/13 02:15:50 | 001,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll[2010/02/13 02:15:50 | 000,619,156 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll[2010/02/13 02:15:50 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll[2010/02/13 02:15:50 | 000,200,704 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dtu100.dll[2010/02/13 02:15:50 | 000,090,112 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpl100.dll[2010/02/13 02:15:47 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll[2010/02/13 02:15:47 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll[2010/02/13 02:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real[2010/02/13 02:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real[2010/02/13 02:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack[2010/02/13 00:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BurstCopy Labs[2010/02/13 00:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\BurstCopy[2010/02/13 00:55:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt[2010/02/13 00:42:25 | 000,000,000 | -HSD | C] -- C:\Recycled[2010/02/13 00:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc[2010/02/12 23:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN[2010/02/12 23:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET[2010/02/12 23:15:21 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys[2010/02/12 22:35:27 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys[2010/02/12 22:35:25 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys[2010/02/12 22:35:23 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys[2010/02/12 22:35:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys[2010/02/12 22:35:21 | 000,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys[2010/02/12 22:35:19 | 000,171,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys[2010/02/12 22:35:18 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys[2010/02/12 22:35:17 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys[2010/02/12 22:35:15 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys[2010/02/12 22:35:14 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys[2010/02/12 22:35:11 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys[2010/02/12 22:35:06 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys[2010/02/12 22:35:06 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys[2010/02/12 22:35:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll[2010/02/12 22:35:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll[2010/02/12 22:35:05 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax[2010/02/12 22:35:05 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax[2010/02/12 22:35:05 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys[2010/02/12 22:35:05 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys[2010/02/12 22:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek Sound Manager[2010/02/12 22:34:58 | 000,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll[2010/02/12 22:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\AvRack[2010/02/12 22:34:57 | 000,730,092 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS[2010/02/12 22:34:57 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3D.dll[2010/02/12 22:34:57 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll[2010/02/12 22:34:57 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll[2010/02/12 22:34:57 | 000,054,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE[2010/02/12 22:34:54 | 006,842,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL[2010/02/12 22:34:54 | 000,208,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe[2010/02/12 22:34:54 | 000,135,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe[2010/02/12 22:32:52 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll[2010/02/12 18:38:34 | 000,315,392 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll[2010/02/12 18:38:34 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc[2010/02/12 18:38:34 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe[2010/02/12 18:38:34 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc[2010/02/12 18:38:34 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc[2010/02/12 18:38:34 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc[2010/02/12 18:38:34 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc[2010/02/12 18:38:34 | 000,026,679 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wa301b.sys[2010/02/12 18:38:34 | 000,026,679 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wa301a.sys[2010/02/12 18:38:34 | 000,020,021 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\vch.sys[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfrc.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc[2010/02/12 18:38:33 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc[2010/02/12 18:38:33 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc[2010/02/12 18:38:33 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc[2010/02/12 18:38:33 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc[2010/02/12 18:38:33 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc[2010/02/12 18:38:32 | 000,503,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll[2010/02/12 18:38:32 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc[2010/02/12 18:38:32 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc[2010/02/12 18:38:32 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxreng.lrc[2010/02/12 18:38:32 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc[2010/02/12 18:38:32 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc[2010/02/12 18:38:32 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc[2010/02/12 18:38:32 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc[2010/02/12 18:38:32 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc[2010/02/12 18:38:32 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc[2010/02/12 18:38:31 | 000,221,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxeud.dll[2010/02/12 18:38:31 | 000,204,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll[2010/02/12 18:38:31 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrarb.lrc[2010/02/12 18:38:31 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc[2010/02/12 18:38:31 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdiag.exe[2010/02/12 18:38:31 | 000,118,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxhk.dll[2010/02/12 18:38:31 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll[2010/02/12 18:38:30 | 001,859,584 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgicd.dll[2010/02/12 18:38:30 | 000,483,328 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe[2010/02/12 18:38:30 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll[2010/02/12 18:38:30 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl[2010/02/12 18:38:30 | 000,091,774 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys[2010/02/12 18:38:30 | 000,081,979 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll[2010/02/12 18:38:30 | 000,080,283 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmnt5.sys[2010/02/12 18:38:30 | 000,071,514 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys[2010/02/12 18:38:30 | 000,045,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdgps.dll[2010/02/12 18:38:30 | 000,034,367 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll[2010/02/12 18:38:29 | 000,526,914 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll[2010/02/12 18:38:29 | 000,184,320 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgdev.dll[2010/02/12 18:38:29 | 000,163,067 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll[2010/02/12 18:38:29 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe[2010/02/12 18:38:29 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll[2010/02/12 18:38:29 | 000,086,073 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_0_v8.dll[2010/02/12 18:38:29 | 000,077,372 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll[2010/02/12 18:38:29 | 000,032,823 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a310.sys[2010/02/12 18:38:29 | 000,030,263 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a311.sys[2010/02/12 18:38:29 | 000,026,167 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a303.sys[2010/02/12 18:38:29 | 000,025,655 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a304.sys[2010/02/12 18:38:29 | 000,025,143 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a309.sys[2010/02/12 18:38:29 | 000,020,023 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a307.sys[2010/02/12 18:38:29 | 000,015,927 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a306.sys[2010/02/12 18:38:29 | 000,011,319 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a305.sys[2010/02/12 18:38:29 | 000,010,295 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a312.sys[2010/02/12 18:38:29 | 000,010,295 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a308.sys[2010/02/12 18:38:29 | 000,010,295 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a302.sys[2010/02/12 18:38:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers[2010/02/12 18:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Intel[2010/02/12 18:37:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups[2010/02/12 18:37:50 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information[2010/02/12 18:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield[2010/02/12 18:34:21 | 000,036,484 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\SMBios.sys[2010/02/12 18:34:18 | 000,000,000 | ---D | C] -- C:\TempEI4[2010/02/12 18:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities[2010/02/12 18:33:50 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information[2010/02/12 18:33:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures[2010/02/12 18:33:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music[2010/02/12 18:33:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft[2010/02/12 18:33:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies[2010/02/12 18:33:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo[2010/02/12 18:33:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data[2010/02/12 18:33:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu[2010/02/12 18:33:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents[2010/02/12 18:33:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites[2010/02/12 18:33:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates[2010/02/12 18:33:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood[2010/02/12 18:33:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood[2010/02/12 18:33:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings[2010/02/12 18:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft[2010/02/12 18:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop[2010/02/12 18:33:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution[2010/02/12 18:33:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information[2010/02/12 18:33:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch[2010/02/12 18:33:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft[2010/02/12 18:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[2010/02/12 18:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[2010/02/12 18:22:30 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime[2010/02/12 18:22:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime[2010/02/12 18:22:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime[2010/02/12 18:22:28 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime[2010/02/12 18:22:27 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime[2010/02/12 18:22:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime[2010/02/12 18:22:26 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys[2010/02/12 18:22:25 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll[2010/02/12 18:22:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll[2010/02/12 18:22:24 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll[2010/02/12 18:22:24 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll[2010/02/12 18:22:23 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll[2010/02/12 18:22:23 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll[2010/02/12 18:22:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll[2010/02/12 18:22:22 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll[2010/02/12 18:22:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll[2010/02/12 18:22:21 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll[2010/02/12 18:22:21 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll[2010/02/12 18:22:19 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll[2010/02/12 18:22:18 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll[2010/02/12 18:22:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime[2010/02/12 18:22:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe[2010/02/12 18:22:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll[2010/02/12 18:22:15 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe[2010/02/12 18:22:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll[2010/02/12 18:22:14 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime[2010/02/12 18:22:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe[2010/02/12 18:22:13 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll[2010/02/12 18:22:13 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys[2010/02/12 18:22:12 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys[2010/02/12 18:22:12 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys[2010/02/12 18:22:10 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll[2010/02/12 18:22:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll[2010/02/12 18:22:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll[2010/02/12 18:22:09 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll[2010/02/12 18:22:08 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll[2010/02/12 18:22:07 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll[2010/02/12 18:22:06 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe[2010/02/12 18:22:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll[2010/02/12 18:22:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll[2010/02/12 18:22:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll[2010/02/12 18:22:04 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll[2010/02/12 18:22:04 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll[2010/02/12 18:22:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll[2010/02/12 18:22:03 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll[2010/02/12 18:22:02 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll[2010/02/12 18:22:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe[2010/02/12 18:22:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll[2010/02/12 18:22:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll[2010/02/12 18:22:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll[2010/02/12 18:22:00 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll[2010/02/12 18:22:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll[2010/02/12 18:21:59 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe[2010/02/12 18:21:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll[2010/02/12 18:21:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll[2010/02/12 18:21:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll[2010/02/12 18:21:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll[2010/02/12 18:21:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll[2010/02/12 18:21:56 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll[2010/02/12 18:21:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll[2010/02/12 18:21:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll[2010/02/12 18:21:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll[2010/02/12 18:21:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll[2010/02/12 18:21:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll[2010/02/12 18:21:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll[2010/02/12 18:21:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll[2010/02/12 18:21:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll[2010/02/12 18:21:49 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll[2010/02/12 18:21:48 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll[2010/02/12 18:21:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll[2010/02/12 18:21:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll[2010/02/12 18:21:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll[2010/02/12 18:21:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll[2010/02/12 18:21:46 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll[2010/02/12 18:21:45 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll[2010/02/12 18:21:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime[2010/02/12 18:21:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll[2010/02/12 18:21:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe[2010/02/12 18:21:42 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe[2010/02/12 18:21:41 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys[2010/02/12 18:21:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe[2010/02/12 18:21:40 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime[2010/02/12 18:21:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe[2010/02/12 18:21:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll[2010/02/12 18:21:37 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll[2010/02/12 18:21:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll[2010/02/12 18:21:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll[2010/02/12 18:21:35 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe[2010/02/12 18:21:35 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll[2010/02/12 18:21:34 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime[2010/02/12 18:21:33 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll[2010/02/12 18:21:32 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime[2010/02/12 18:21:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll[2010/02/12 18:21:31 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll[2010/02/12 18:21:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll[2010/02/12 18:21:30 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll[2010/02/12 18:21:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll[2010/02/12 18:21:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll[2010/02/12 18:21:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll[2010/02/12 18:21:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll[2010/02/12 18:21:24 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll[2010/02/12 18:21:23 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll[2010/02/12 18:21:22 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe[2010/02/12 18:21:17 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe[2010/02/12 18:21:16 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex[2010/02/12 18:21:16 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll[2010/02/12 18:21:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe[2010/02/12 18:21:07 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys[2010/02/12 18:21:07 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll[2010/02/12 18:21:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll[2010/02/12 18:21:06 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C
« Last Edit: February 27, 2010, 01:06:15 AM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I am at dead end......help me out from viruses
« Reply #7 on: February 27, 2010, 01:09:39 AM »
If you happen to have an older copy of ComboFix
Delete it as I need you to download this version
Download ComboFix from only this location

[color=\"#0000FF\"]Link [/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color] <--IMPORTANT!

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« Reply #8 on: February 27, 2010, 07:32:28 AM »
ComboFix 10-02-26.02 - Administrator 02/27/2010  17:00:52.1.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.510.342 [GMT 5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\docume~1\ADMINI~1\LOCALS~1\Temp\cvasds0.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\cvasds1.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\herss.exe
c:\documents and settings\Administrator\Local Settings\Temp\cvasds1.dll
C:\mbvd.exe
C:\s1.exe
C:\tgt.exe
c:\windows\system32\crxfeenj.dll
D:\Autorun.inf
D:\mbvd.exe
D:\s1.exe
D:\tgt.exe
E:\Autorun.inf
E:\mbvd.exe
E:\s1.exe
E:\tgt.exe
F:\Autorun.inf
F:\mbvd.exe
F:\s1.exe
F:\tgt.exe
G:\autorun.inf
G:\mbvd.exe
G:\s1.exe
G:\tgt.exe
H:\Autorun.inf
H:\mbvd.exe
H:\s1.exe
H:\tgt.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AYJASM
-------\Legacy_DADZVIBYO
-------\Service_AVPsys
-------\Service_ayjasm
-------\Service_dadzvibyo


(((((((((((((((((((((((((   Files Created from 2010-01-27 to 2010-02-27  )))))))))))))))))))))))))))))))
.

2010-02-27 11:40 . 2010-02-27 11:40 -------- d-----w- C:\FOUND.006
2010-02-26 19:54 . 2010-02-26 19:54 -------- d-----w- c:\program files\MYIE2
2010-02-26 10:10 . 2010-02-26 10:10 -------- d-----w- c:\program files\Internet Download Manager
2010-02-26 01:57 . 2010-02-26 01:57 -------- d-----w- C:\FOUND.005
2010-02-26 01:52 . 2010-02-26 01:52 -------- d-----w- c:\program files\DrWeb
2010-02-26 01:52 . 2010-02-26 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Doctor Web
2010-02-25 21:35 . 2010-02-25 21:35 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-25 21:35 . 2010-02-25 21:35 -------- d-----w- c:\program files\TrendMicro
2010-02-25 17:02 . 2001-08-17 08:52 18688 ----a-w- c:\windows\system32\dllcache\cdaudio.sys
2010-02-25 16:35 . 2010-02-25 16:35 82061 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-25 16:35 . 2010-02-25 16:35 81549 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-25 16:35 . 2010-02-25 16:35 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-25 16:35 . 2010-02-25 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-25 16:34 . 2010-02-27 12:05 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-25 16:34 . 2010-02-27 12:05 150560 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-25 16:33 . 2010-02-25 16:33 -------- d-----w- C:\kav
2010-02-25 15:17 . 2010-02-25 15:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-02-24 19:05 . 2010-02-24 19:05 -------- d-----w- c:\documents and settings\Administrator\Contacts
2010-02-24 19:03 . 2010-02-24 19:03 -------- d-----w- c:\program files\MSN Messenger
2010-02-24 18:52 . 2010-02-24 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\FileAndFolderProtector_S
2010-02-24 18:52 . 2010-02-24 18:52 -------- d-----w- c:\program files\File and Folder Protector
2010-02-24 18:10 . 2010-02-24 18:10 -------- d-----w- c:\program files\GRETECH
2010-02-23 08:29 . 2010-02-23 08:29 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-23 08:29 . 2010-02-23 08:29 -------- d-----w- c:\program files\NOS
2010-02-23 08:29 . 2010-02-23 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-22 15:53 . 2010-02-22 15:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\VyPRESS
2010-02-22 15:53 . 2010-02-22 15:53 -------- d-----w- c:\program files\Vypress Chat
2010-02-22 15:18 . 2010-02-22 15:18 -------- d-----w- c:\program files\FLV Player
2010-02-22 14:54 . 2010-02-22 14:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-02-21 05:28 . 2010-02-21 05:28 -------- d-----w- c:\windows\Internet Logs
2010-02-20 21:03 . 2010-02-20 21:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-02-20 14:25 . 2010-02-20 14:25 -------- d-----w- C:\FOUND.004
2010-02-20 04:11 . 2010-02-20 04:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2010-02-19 20:26 . 2010-02-19 20:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2010-02-19 20:26 . 2010-02-19 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-02-19 20:19 . 2010-02-19 20:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2010-02-19 19:11 . 2010-02-19 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-19 17:54 . 2010-02-19 17:54 0 ----a-w- c:\windows\nsreg.dat
2010-02-19 17:54 . 2010-02-19 17:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-19 17:52 . 2010-02-19 17:52 -------- d-----w- c:\program files\AVG
2010-02-19 17:52 . 2010-02-19 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-19 17:48 . 2010-02-19 17:49 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-02-18 18:03 . 2010-02-18 18:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2010-02-18 14:30 . 2010-02-18 14:30 -------- d-----w- c:\program files\CyberLink
2010-02-18 14:21 . 2004-08-03 18:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-02-18 14:21 . 2004-08-03 18:08 25600 ----a-w- c:\windows\system32\dllcache\usbser.sys
2010-02-18 14:20 . 2008-03-21 08:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-02-18 14:20 . 2008-03-21 08:57 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2010-02-18 14:17 . 2010-02-18 14:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2010-02-18 14:17 . 2010-02-18 14:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2010-02-18 14:17 . 2010-02-18 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-02-18 14:16 . 2010-02-18 14:16 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-18 14:16 . 2010-02-18 14:16 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-18 14:16 . 2010-02-18 14:16 -------- d-----w- c:\program files\DIFX
2010-02-18 14:16 . 2008-08-26 05:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-02-18 14:16 . 2010-02-18 14:16 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-18 14:15 . 2009-02-09 03:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-02-18 14:15 . 2009-02-09 03:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-02-18 14:15 . 2010-02-18 14:15 -------- d-----w- c:\windows\system32\DRVSTORE
2010-02-18 14:15 . 2009-02-09 03:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-02-18 14:15 . 2009-02-09 03:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-02-18 14:15 . 2009-02-09 03:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-02-18 14:15 . 2009-02-09 03:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-18 14:15 . 2010-02-18 14:15 -------- d-----w- c:\program files\Nokia
2010-02-18 14:14 . 2009-09-14 10:32 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2010-02-18 14:13 . 2010-02-18 14:13 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-18 14:13 . 2010-02-18 14:13 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-18 14:13 . 2010-02-18 14:13 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-18 14:13 . 2010-02-18 14:13 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-18 14:13 . 2010-02-18 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-02-16 16:11 . 2010-02-16 16:11 -------- d-----w- C:\FOUND.003
2010-02-15 16:27 . 2010-02-15 16:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2010-02-14 11:17 . 2010-02-14 11:17 -------- d-----w- C:\FOUND.002
2010-02-13 10:32 . 2010-02-13 10:32 -------- d-----w- C:\FOUND.001
2010-02-13 08:26 . 2010-02-13 08:26 -------- d-----w- C:\FOUND.000
2010-02-12 21:17 . 2010-02-12 21:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-02-12 21:16 . 2010-02-12 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-12 20:06 . 2010-02-12 20:06 11 --sha-r- c:\documents and settings\All Users\Application Data\BurstCopy Labs\BurstCopy\Data\1482A891.sys
2010-02-12 19:55 . 2010-02-12 19:55 -------- d-----w- c:\program files\BurstCopy
2010-02-12 19:55 . 2010-02-12 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\BurstCopy Labs
2010-02-12 19:42 . 2010-02-12 19:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-02-12 18:26 . 2010-02-12 18:26 -------- d-----w- c:\program files\VideoLAN
2010-02-12 18:21 . 2010-02-12 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-02-12 18:15 . 2004-08-03 18:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-12 17:52 . 2010-02-12 17:52 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-12 17:34 . 2002-11-21 23:07 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-02-12 17:34 . 2003-04-25 07:48 730092 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2010-02-12 17:34 . 2003-04-25 00:53 54784 ----a-w- c:\windows\SOUNDMAN.EXE
2010-02-12 17:34 . 2002-08-28 00:23 720896 ----a-w- c:\windows\system32\dllcache\a3d.dll
2010-02-12 17:34 . 2002-08-28 00:23 720896 ----a-w- c:\windows\system32\Audio3D.dll
2010-02-12 17:34 . 2002-08-28 00:23 720896 ----a-w- c:\windows\system32\a3d.dll
2010-02-12 17:34 . 2003-04-08 21:43 135168 ------w- c:\windows\alcrmv.exe
2010-02-12 17:34 . 2003-04-04 23:54 208896 ------w- c:\windows\alcupd.exe
2010-02-12 17:32 . 2002-10-15 18:03 151552 ----a-w- c:\windows\system32\igfxres.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 12:05 . 2010-02-25 16:34 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-27 12:05 . 2010-02-25 16:34 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-18 14:20 . 2010-02-18 14:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-02-18 14:20 . 2010-02-18 14:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-12 21:15 . 2010-02-12 21:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\bsplayer
2010-02-12 21:15 . 2010-02-12 21:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-12 17:35 . 2010-02-12 17:35 -------- d-----w- c:\program files\Realtek Sound Manager
2010-02-12 17:35 . 2010-02-12 17:34 -------- d-----w- c:\program files\AvRack
2010-02-12 13:58 . 2010-02-12 13:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-12 13:38 . 2010-02-12 13:38 -------- d-----w- c:\program files\Intel
2010-02-12 13:37 . 2010-02-12 13:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 13:37 . 2010-02-12 13:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-12 13:18 . 2010-02-12 13:18 -------- d-----w- c:\program files\microsoft frontpage
2010-02-12 13:14 . 2010-02-12 13:14 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2003-03-21 08:37 . 2003-03-21 08:37 16056 ----a-w- c:\program files\owcstp16.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-10-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-10-15 114688]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 54784]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2007-10-05 230664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 10:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\softwares\\Lan & p2p Tools\\utorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3014:TCP"= 3014:TCP:eopnf

R1 FDCDNT;FDCDNT;c:\windows\system32\FDCDNT.SYS [1/17/2004 8:13 PM 43296]
R2 FileAndFolderProtector_S;File and Folder Protector;c:\windows\system32\ffpsrv.exe [1/16/2004 1:11 AM 79872]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/30/2007 6:49 PM 24344]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);"c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe" --> c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [?]
S2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\DrWeb\spider.sys [8/17/2009 4:47 PM 306464]
S2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe [8/17/2009 4:47 PM 231328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ    getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 172.16.0.200:8080
uInternet Settings,ProxyOverride = <local>
LSP: c:\program files\DrWeb\drwebsp.dll
TCP: {A0748ACE-B51B-462C-8CEA-901B8E045CD0} = 172.16.0.200
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-cdoosoft - c:\docume~1\ADMINI~1\LOCALS~1\Temp\herss.exe
MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 17:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ec,b0,52,14,1b,78,f3,a3,17,9e,7c,6f,67,57,08,ce,ce,a9,2c,f9,0e,
   77,d6,69,2a,82,fb,77,60,4b,4e,ad,98,a7,70,e1,80,43,7e,32,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bfa958ad-5484-4a08-a10a-aa1f114233ce}]
@Denied: (Full) (Everyone)
"Model"=dword:00000038
"Therad"=dword:00000009
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(888)
c:\program files\DrWeb\drwebsp.dll

- - - - - - - > 'explorer.exe'(224)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-27  17:07:53 - machine was rebooted
ComboFix-quarantined-files.txt  2010-02-27 12:07

Pre-Run: 1,967,652,864 bytes free
Post-Run: 2,301,235,200 bytes free

- - End Of File - - 07E2DED20465AC80F3D764D9DFE7BB16




[color=\"#ff0000\"]++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++

[color=\"#ff8c00\"]i hav not attached one of my portable harddrive in this scan wat do u say eihter i hav to attached dat 1 also or[/color] [color=\"#f4a460\"]not[/color][/color][/b]
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I am at dead end......help me out from viruses
« Reply #9 on: February 27, 2010, 02:08:09 PM »
I see you added Dr. Web AntiVirus, are you planning on using it instead of Kaspersky's?
Please only keep one active Antivirus installed
More than one will cause system instabilities and slowdowns

I would uninstall one or the other, rebooting the computer afterwards

Back in Windows
Download GMER from here:
Click Here

Unzip it to the Desktop.

Open the program - you should see the Rootkit / Malware tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Important: Close any open programs/windows!
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

In addition: Open OTL.exe again
Run the scan and you previously did and post only the new log that opens

Keep me informed how things are now running
« Last Edit: February 27, 2010, 02:19:32 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« Reply #10 on: March 13, 2010, 01:07:59 PM »
hi questlo n other foghters against malwaresn spywares...........

i m again stuck with these bugs.........last time when i did, the things which u hav mentioned in ur last
 post i was not able to connect to internet....so i hav installed a fresh cop of windowz xp.....

but again i got bby these malwares or i dont what r they.....i installed doctor spyware n after treatment Dr. spyware also stop
working n also facing some more problems...... this was not due to Dr. Spyware becoz i was facing some more problems before it also...

 [color=\"#800080\"]Help mE out 1c More Plzz

[/color][/b][color=\"#2f4f4f\"]i m posting again hijack log file


********************************************************************************
**************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:50 PM, on 3/13/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\ffpsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\MYIE2\MyIE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
I:\softwares\antivirus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.200:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0748ACE-B51B-462C-8CEA-901B8E045CD0}: NameServer = 172.16.0.200
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: File and Folder Protector (FileAndFolderProtector_S) - Unknown owner - C:\WINDOWS\system32\ffpsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5569 bytes


[/color]
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I am at dead end......help me out from viruses
« Reply #11 on: March 13, 2010, 06:02:34 PM »
Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Under the Custom Scan box paste this in, the contents in Blue
[color=\"#0000FF\"]netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]


  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« Reply #12 on: March 14, 2010, 12:49:29 AM »
see the attachments plz....OTL logfile created on: 3/14/2010 10:16:58 AM - Run 1OTL by OldTimer - Version 3.1.37.1     Folder = I:\softwares\antivirusWindows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18372)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.00 Mb Total Physical Memory | 334.00 Mb Available Physical Memory | 66.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 6.34 Gb Total Space | 2.20 Gb Free Space | 34.69% Space Free | Partition Type: FAT32Drive D: | 12.64 Gb Total Space | 2.14 Gb Free Space | 16.94% Space Free | Partition Type: FAT32E: Drive not present or media not loadedDrive F: | 5.96 Gb Total Space | 0.34 Gb Free Space | 5.66% Space Free | Partition Type: FAT32Drive G: | 6.92 Gb Total Space | 1.10 Gb Free Space | 15.83% Space Free | Partition Type: FAT32Drive H: | 30.36 Gb Total Space | 1.38 Gb Free Space | 4.54% Space Free | Partition Type: FAT32Drive I: | 31.23 Gb Total Space | 2.26 Gb Free Space | 7.23% Space Free | Partition Type: FAT32 Computer Name: MATHELIANCurrent User Name: AdministratorLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010/03/14 10:15:08 | 000,555,008 | ---- | M] (OldTimer Tools) -- I:\softwares\antivirus\OTL.exePRC - [2009/10/15 14:51:52 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exePRC - [2009/10/15 14:51:22 | 003,134,896 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exePRC - [2009/10/08 11:31:44 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exePRC - [2009/09/23 12:17:22 | 000,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exePRC - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exePRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2004/01/16 01:11:08 | 000,079,872 | ---- | M] () -- C:\WINDOWS\system32\ffpsrv.exePRC - [2003/04/25 05:53:54 | 000,054,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE  ========== Modules (SafeList) ========== MOD - [2010/03/14 10:15:08 | 000,555,008 | ---- | M] (OldTimer Tools) -- I:\softwares\antivirus\OTL.exeMOD - [2009/03/26 20:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dllMOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll  ========== Win32 Services (SafeList) ========== SRV - [2009/10/08 11:31:44 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)SRV - [2009/09/23 13:33:42 | 001,141,200 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)SRV - [2009/09/23 12:17:22 | 000,358,600 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2007/10/05 16:18:50 | 000,230,664 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe -- (AVP)SRV - [2004/01/16 01:11:08 | 000,079,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ffpsrv.exe -- (FileAndFolderProtector_S)  ========== Driver Services (SafeList) ========== DRV - [2010/03/07 23:02:06 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)DRV - [2007/10/05 14:48:04 | 000,190,736 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)DRV - [2007/07/18 15:39:54 | 000,110,096 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)DRV - [2004/01/17 20:13:54 | 000,043,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\FDCDNT.SYS -- (FDCDNT)DRV - [2003/10/15 01:10:00 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®DRV - [2003/04/25 12:48:02 | 000,730,092 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ==========  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.0.200:8080 FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/03/02 15:12:14 | 000,000,000 | ---D | M]  O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)O4 - HKLM..\Run: [KernelFaultCheck]  File not foundO4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm ()O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O18 - Protocol\Handler\ms-its51 {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll (Microsoft Corporation)O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll (Kaspersky Lab)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010/02/12 18:17:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]O33 - MountPoints2\{a512457c-26de-11df-96e2-0050dadccf0e}\Shell - "" = AutoRunO33 - MountPoints2\{a512457c-26de-11df-96e2-0050dadccf0e}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{f74ded13-2adb-11df-96e6-0050dadccf0e}\Shell\explore\Command - "" = E:\forever.exe -- File not foundO33 - MountPoints2\J\Shell - "" = AutoRunO33 - MountPoints2\J\Shell\AutoRun - "" = Auto&PlayO34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 -  File not foundNetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/12 17:23:38 | 000,000,000 | ---D | M]NetSvcs: Iprip -  File not foundNetSvcs: Irmon -  File not foundNetSvcs: NWCWorkstation -  File not foundNetSvcs: Nwsapagent -  File not foundNetSvcs: WmdmPmSp -  File not foundNetSvcs: b-11df-96e6-0050dadccf0e}\Shell\explore\Command - "" = E:\forever.exe -- File not foundO33 - MountPoints2\J\Shell - "" = AutoRunO33 - MountPoints2\J\Shell\AutoRun - "" = Auto&PlayO34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %* -  File not found MsConfig - StartUpFolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk - C:\Program Files\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe - (Microsoft Corporation)MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not foundMsConfig - StartUpReg: IDMan - hkey= - key= - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)MsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "boot ini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 2 CREATERESTOREPOINTRestore point Set: OTL Restore Point (54046588552609792) ========== Files/Folders - Created Within 30 Days ========== [2010/03/13 19:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\LanScanner Demo[2010/03/13 18:06:44 | 000,000,000 | -HSD | C] -- C:\FOUND.001[2010/03/13 12:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo[2010/03/12 23:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo![2010/03/12 23:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo![2010/03/11 18:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert[2010/03/10 23:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert[2010/03/10 23:10:32 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll[2010/03/10 23:10:31 | 001,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll[2010/03/10 23:10:31 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll[2010/03/10 23:10:03 | 000,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys[2010/03/10 23:09:58 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys[2010/03/10 23:09:58 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys[2010/03/10 23:09:45 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys[2010/03/10 23:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor[2010/03/10 23:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools[2010/03/10 23:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools[2010/03/10 23:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools[2010/03/10 23:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP[2010/03/10 18:12:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent[2010/03/08 22:48:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt[2010/03/08 22:26:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll[2010/03/07 23:02:04 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys[2010/03/07 23:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com[2010/03/07 22:11:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss[2010/03/07 16:06:45 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll[2010/03/07 16:06:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2010/03/07 16:06:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2010/03/07 16:06:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2010/03/07 14:44:04 | 000,000,000 | -HSD | C] -- C:\FOUND.000[2010/03/07 03:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DivX[2010/03/07 02:48:29 | 000,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe[2010/03/07 02:48:29 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe[2010/03/07 02:48:29 | 000,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe[2010/03/07 02:48:29 | 000,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys[2010/03/07 02:48:29 | 000,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys[2010/03/07 02:48:28 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll[2010/03/07 02:48:28 | 000,518,904 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll[2010/03/07 02:48:28 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll[2010/03/07 02:48:28 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll[2010/03/07 02:48:28 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll[2010/03/07 02:48:28 | 000,088,824 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll[2010/03/07 02:48:28 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe[2010/03/07 02:48:28 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe[2010/03/07 02:48:27 | 000,551,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll[2010/03/07 02:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared[2010/03/07 02:47:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos[2010/03/07 02:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\DivX[2010/03/06 19:47:15 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax[2010/03/06 19:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Smallvideosoft[2010/03/06 15:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Shared[2010/03/06 15:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Incomplete[2010/03/06 15:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire[2010/03/06 15:32:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl[2010/03/06 15:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2010/03/06 15:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2010/03/06 15:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun[2010/03/06 15:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire[2010/03/05 09:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Opera[2010/03/05 09:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IDM[2010/03/05 09:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads[2010/03/05 09:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DMCache[2010/03/05 09:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager[2010/03/04 16:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player[2010/03/04 12:36:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump[2010/03/04 09:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BurstCopy Labs[2010/03/04 09:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\BurstCopy[2010/03/04 08:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Encarta[2010/03/03 21:05:46 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys[2010/03/03 16:45:04 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comctl32.ocx[2010/03/03 16:45:04 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll[2010/03/03 16:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\Audio File Cutter[2010/03/03 16:06:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE[2010/03/03 16:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe[2010/03/03 16:02:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache[2010/03/03 15:53:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM[2010/03/03 15:52:46 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll[2010/03/03 15:51:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8[2010/03/03 15:51:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US[2010/03/03 15:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\MYIE2[2010/03/03 15:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR[2010/03/02 19:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia[2010/03/02 19:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic[2010/03/02 19:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc[2010/03/02 15:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileAndFolderProtector_S[2010/03/02 15:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Help[2010/03/02 15:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Help[2010/03/02 15:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\File and Folder Protector[2010/03/02 15:44:12 | 000,000,000 | -HSD | C] -- C:\Recycled[2010/03/02 15:14:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys[2010/03/02 15:14:18 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe[2010/03/02 15:14:18 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll[2010/03/02 15:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Suite[2010/03/02 15:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nokia[2010/03/02 15:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite[2010/03/02 15:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite[2010/03/02 15:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia[2010/03/02 15:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX[2010/03/02 15:11:46 | 000,065,536 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx[2010/03/02 15:11:46 | 000,049,152 | ---- | C] (Apple Computer, Inc.) -- C:\WINDOWS\System32\QuickTime.qts[2010/03/02 15:11:46 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys[2010/03/02 15:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer[2010/03/02 15:11:21 | 000,176,167 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll[2010/03/02 15:11:20 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll[2010/03/02 15:11:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll[2010/03/02 15:11:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll[2010/03/02 15:11:15 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Npindeo.dll[2010/03/02 15:11:15 | 000,144,384 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Iacenc.dll[2010/03/02 15:11:14 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMV9VCM.dll[2010/03/02 15:11:14 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll[2010/03/02 15:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution[2010/03/02 15:11:08 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll[2010/03/02 15:11:08 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll[2010/03/02 15:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real[2010/03/02 15:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real[2010/03/02 15:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack[2010/03/02 15:11:02 | 000,007,808 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys[2010/03/02 15:11:01 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys[2010/03/02 15:10:53 | 000,017,664 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys[2010/03/02 15:10:52 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll[2010/03/02 15:10:52 | 000,659,968 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll[2010/03/02 15:10:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE[2010/03/02 15:10:21 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll[2010/03/02 15:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia[2010/03/02 15:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations[2010/03/02 15:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN[2010/03/02 10:01:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData[2010/03/02 09:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab[2010/03/02 09:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab[2010/03/02 09:54:39 | 000,000,000 | ---D | C] -- C:\KAV[2010/02/12 22:35:27 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys[2010/02/12 22:35:25 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys[2010/02/12 22:35:23 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys[2010/02/12 22:35:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys[2010/02/12 22:35:21 | 000,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys[2010/02/12 22:35:19 | 000,171,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys[2010/02/12 22:35:18 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys[2010/02/12 22:35:17 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys[2010/02/12 22:35:15 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys[2010/02/12 22:35:14 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys[2010/02/12 22:35:11 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys[2010/02/12 22:35:06 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys[2010/02/12 22:35:06 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys[2010/02/12 22:35:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll[2010/02/12 22:35:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll[2010/02/12 22:35:05 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax[2010/02/12 22:35:05 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax[2010/02/12 22:35:05 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys[2010/02/12 22:35:05 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys[2010/02/12 22:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek Sound Manager[2010/02/12 22:34:58 | 000,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll[2010/02/12 22:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\AvRack[2010/02/12 22:34:57 | 000,730,092 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS[2010/02/12 22:34:57 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3D.dll[2010/02/12 22:34:57 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll[2010/02/12 22:34:57 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll[2010/02/12 22:34:57 | 000,054,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE[2010/02/12 22:34:54 | 006,842,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL[2010/02/12 22:34:54 | 000,208,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe[2010/02/12 22:34:54 | 000,135,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe[2010/02/12 22:32:52 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll[2010/02/12 18:38:34 | 000,315,392 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll[2010/02/12 18:38:34 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc[2010/02/12 18:38:34 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc[2010/02/12 18:38:34 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc[2010/02/12 18:38:34 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc[2010/02/12 18:38:34 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc[2010/02/12 18:38:34 | 000,026,679 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wa301b.sys[2010/02/12 18:38:34 | 000,026,679 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wa301a.sys[2010/02/12 18:38:34 | 000,020,021 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\vch.sys[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfrc.lrc[2010/02/12 18:38:33 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc[2010/02/12 18:38:33 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc[2010/02/12 18:38:33 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc[2010/02/12 18:38:33 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc[2010/02/12 18:38:33 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc[2010/02/12 18:38:33 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc[2010/02/12 18:38:32 | 000,503,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll[2010/02/12 18:38:32 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc[2010/02/12 18:38:32 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc[2010/02/12 18:38:32 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxreng.lrc[2010/02/12 18:38:32 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc[2010/02/12 18:38:32 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc[2010/02/12 18:38:32 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc[2010/02/12 18:38:32 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc[2010/02/12 18:38:32 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc[2010/02/12 18:38:32 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc[2010/02/12 18:38:31 | 000,221,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxeud.dll[2010/02/12 18:38:31 | 000,204,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll[2010/02/12 18:38:31 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrarb.lrc[2010/02/12 18:38:31 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc[2010/02/12 18:38:31 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdiag.exe[2010/02/12 18:38:31 | 000,118,784 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxhk.dll[2010/02/12 18:38:31 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll[2010/02/12 18:38:30 | 001,859,584 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgicd.dll[2010/02/12 18:38:30 | 000,483,328 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe[2010/02/12 18:38:30 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll[2010/02/12 18:38:30 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl[2010/02/12 18:38:30 | 000,081,979 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll[2010/02/12 18:38:30 | 000,045,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdgps.dll[2010/02/12 18:38:30 | 000,034,367 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll[2010/02/12 18:38:29 | 000,526,914 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll[2010/02/12 18:38:29 | 000,184,320 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgdev.dll[2010/02/12 18:38:29 | 000,163,067 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll[2010/02/12 18:38:29 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll[2010/02/12 18:38:29 | 000,086,073 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_0_v8.dll[2010/02/12 18:38:29 | 000,077,372 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll[2010/02/12 18:38:29 | 000,032,823 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a310.sys[2010/02/12 18:38:29 | 000,030,263 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a311.sys[2010/02/12 18:38:29 | 000,026,167 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a303.sys[2010/02/12 18:38:29 | 000,025,655 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a304.sys[2010/02/12 18:38:29 | 000,025,143 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a309.sys[2010/02/12 18:38:29 | 000,020,023 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a307.sys[2010/02/12 18:38:29 | 000,015,927 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a306.sys[2010/02/12 18:38:29 | 000,011,319 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a305.sys[2010/02/12 18:38:29 | 000,010,295 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a312.sys[2010/02/12 18:38:29 | 000,010,295 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a308.sys[2010/02/12 18:38:29 | 000,010,295 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\a302.sys[2010/02/12 18:38:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers[2010/02/12 18:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Intel[2010/02/12 18:37:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups[2010/02/12 18:37:50 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information[2010/02/12 18:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield[2010/02/12 18:34:21 | 000,036,484 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\SMBios.sys[2010/02/12 18:34:18 | 000,000,000 | ---D | C] -- C:\TempEI4[2010/02/12 18:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities[2010/02/12 18:33:50 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information[2010/02/12 18:33:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures[2010/02/12 18:33:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music[2010/02/12 18:33:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft[2010/02/12 18:33:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo[2010/02/12 18:33:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu[2010/02/12 18:33:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents[2010/02/12 18:33:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites[2010/02/12 18:33:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies[2010/02/12 18:33:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates[2010/02/12 18:33:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood[2010/02/12 18:33:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood[2010/02/12 18:33:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings[2010/02/12 18:33:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data[2010/02/12 18:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft[2010/02/12 18:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop[2010/02/12 18:33:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution[2010/02/12 18:33:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information[2010/02/12 18:33:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch[2010/02/12 18:33:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft[2010/02/12 18:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[2010/02/12 18:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[2010/02/12 18:22:30 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime[2010/02/12 18:22:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime[2010/02/12 18:22:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime[2010/02/12 18:22:28 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime[2010/02/12 18:22:27 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime[2010/02/12 18:22:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime[2010/02/12 18:22:26 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys[2010/02/12 18:22:25 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll[2010/02/12 18:22:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll[2010/02/12 18:22:24 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll[2010/02/12 18:22:24 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll[2010/02/12 18:22:23 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll[2010/02/12 18:22:23 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll[2010/02/12 18:22:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll[2010/02/12 18:22:22 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll[2010/02/12 18:22:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll[2010/02/12 18:22:21 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll[2010/02/12 18:22:21 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll[2010/02/12 18:22:19 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll[2010/02/12 18:22:18 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll[2010/02/12 18:22:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime[2010/02/12 18:22:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe[2010/02/12 18:22:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll[2010/02/12 18:22:15 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe[2010/02/12 18:22:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll[2010/02/12 18:22:14 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime[2010/02/12 18:22:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe[2010/02/12 18:22:13 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll[2010/02/12 18:22:13 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys[2010/02/12 18:22:12 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys[2010/02/12 18:22:12 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys[2010/02/12 18:22:10 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll[2010/02/12 18:22:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll[2010/02/12 18:22:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll[2010/02/12 18:22:09 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll[2010/02/12 18:22:08 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll[2010/02/12 18:22:07 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll[2010/02/12 18:22:06 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe[2010/02/12 18:22:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll[2010/02/12 18:22:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll[2010/02/12 18:22:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll[2010/02/12 18:22:04 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll[2010/02/12 18:22:04 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll[2010/02/12 18:22:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll[2010/02/12 18:22:03 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll[2010/02/12 18:22:02 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll[2010/02/12 18:22:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe[2010/02/12 18:22:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll[2010/02/12 18:22:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll[2010/02/12 18:22:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll[2010/02/12 18:22:00 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll[2010/02/12 18:22:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll[2010/02/12 18:21:59 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe[2010/02/12 18:21:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll[2010/02/12 18:21:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll[2010/02/12 18:21:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll[2010/02/12 18:21:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll[2010/02/12 18:21:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll[2010/02/12 18:21:56 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll[2010/02/12 18:21:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll[2010/02/12 18:21:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll[2010/02/12 18:21:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll[2010/02/12 18:21:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll[2010/02/12 18:21:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll[2010/02/12 18:21:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll[2010/02/12 18:21:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll[2010/02/12 18:21:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll[2010/02/12 18:21:49 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll[2010/02/12 18:21:48 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll[2010/02/12 18:21:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll[2010/02/12 18:21:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll[2010/02/12 18:21:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll[2010/02/12 18:21:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll[2010/02/12 18:21:46 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll[2010/02/12 18:21:45 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll[2010/02/12 18:21:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime[2010/02/12 18:21:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll[2010/02/12 18:21:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe[2010/02/12 18:21:42 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe[2010/02/12 18:21:41 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys[2010/02/12 18:21:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe[2010/02/12 18:21:40 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime[2010/02/12 18:21:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe[2010/02/12 18:21:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll[2010/02/12 18:21:37 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll[2010/02/12 18:21:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll[2010/02/12 18:21:36 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll[2010/02/12 18:21:35 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe[2010/02/12 18:21:35 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll[2010/02/12 18:21:34 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime[2010/02/12 18:21:33 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll[2010/02/12 18:21:32 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime[2010/02/12 18:21:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll[2010/02/12 18:21:31 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll[2010/02/12 18:21:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll[2010/02/12 18:21:30 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll[2010/02/12 18:21:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll[2010/02/12 18:21:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll[2010/02/12 18:21:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll[2010/02/12 18:21:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll[2010/02/12 18:21:24 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll[2010/02/12 18:21:23 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll[2010/02/12 18:21:22 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe[2010/02/12 18:21:17 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe[2010/02/12 18:21:16 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex[2010/02/12 18:21:16 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll[2010/02/12 18:21:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe[2010/02/12 18:21:07 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys[2010/02/12 18:21:07 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll[2010/02/12 18:21:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll[2010/02/12 18:21:06 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll[2010/02/12 18:21:06 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll[2010/02/12 18:21:05 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll[2010/02/12 18:21:04 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll[2010/02/12 18:21:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll[2010/02/12 18:21:03 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll[2010/02/12 18:21:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll[2010/02/12 18:21:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll[2010/02/12 18:21:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll[2010/02/12 18:20:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll[2010/02/12 18:20:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll[2010/02/12 18:20:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll[2010/02/12 18:20:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll[2010/02/12 18:20:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll[2010/02/12 18:20:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll[2010/02/12 18:20:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll[2010/02/12 18:20:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll[2010/02/12 18:20:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll[2010/02/12 18:20:55 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll[2010/02/12 18:20:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll[2010/02/12 18:20:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll[2010/02/12 18:20:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll[2010/02/12 18:20:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll[2010/02/12 18:20:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll[2010/02/12 18:20:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll[2010/02/12 18:20:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll[2010/02/12 18:20:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll[2010/02/12 18:20:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll[2010/02/12 18:20:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll[2010/02/12 18:20:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll[2010/02/12 18:20:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll[2010/02/12 18:20:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll[2010/02/12 18:20:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll[2010/02/12 18:20:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll[2010/02/12 18:20:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll[2010/02/12 18:20:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll[2010/02/12 18:20:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll[2010/02/12 18:20:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll[2010/02/12 18:20:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll[2010/02/12 18:20:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll[2010/02/12 18:20:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll[2010/02/12 18:20:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll[2010/02/12 18:20:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll[2010/02/12 18:20:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll[2010/02/12 18:20:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll[2010/02/12 18:20:43 | 000,006,144 | ---- | C] (Microsoft Cor
« Last Edit: March 14, 2010, 01:13:14 AM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I am at dead end......help me out from viruses
« Reply #13 on: March 14, 2010, 12:28:37 PM »
Double  click on OTL.exe and Run it
  • Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    Quote
    :OTL
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O33 - MountPoints2\{f74ded13-2adb-11df-96e6-0050dadccf0e}\Shell\explore\Command - "" = E:\forever.exe -- File not found
    NetSvcs: b-11df-96e6-0050dadccf0e}\Shell\explore\Command - "" = E:\forever.exe -- File not found
    :Reg
    :Files
    :Commands
    [EmptyTemp]
    [Reboot]

  • Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition:
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
       
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
« Last Edit: March 14, 2010, 12:29:28 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« Reply #14 on: March 15, 2010, 09:39:22 AM »
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f74ded13-2adb-11df-96e6-0050dadccf0e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f74ded13-2adb-11df-96e6-0050dadccf0e}\ not found.
File E:\forever.exe not found.
b-11df-96e6-0050dadccf0e}\Shell\explore\Command removed from NetSvcs value successfully!
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Administrator
->Temp folder emptied: 589851086 bytes
->Temporary Internet Files folder emptied: 2088129 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 10539 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10582221 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 577.00 mb
 
 
OTL by OldTimer - Version 3.1.37.1 log created on 03152010_193132

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



[color=\"#4b0082\"]********************************************************************************
*[/color][/b]

[color=\"#dda0dd\"]however i receved error before restart " C:\temp is unreadable & corrupt plz run chkdsk utility"like this[/color]
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I am at dead end......help me out from viruses
« Reply #15 on: March 15, 2010, 06:18:41 PM »
I'm just waiting on the log from Malwarebytes Antimalware
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« Reply #16 on: March 16, 2010, 08:28:53 AM »
Malwarebytes' Anti-Malware 1.44
Database version: 3870
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18372

3/15/2010 8:54:32 PM
mbam-log-2010-03-15 (20-54-32).txt

Scan type: Full Scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 240775
Time elapsed: 1 hour(s), 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
H:\System Volume Information\_restore{6DF58F70-6722-473B-9F8E-8CFED2E86F53}\RP8\A0006178.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{6DF58F70-6722-473B-9F8E-8CFED2E86F53}\RP8\A0006185.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{6DF58F70-6722-473B-9F8E-8CFED2E86F53}\RP8\A0006209.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{6DF58F70-6722-473B-9F8E-8CFED2E86F53}\RP8\A0006308.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{6DF58F70-6722-473B-9F8E-8CFED2E86F53}\RP8\A0006382.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{6DF58F70-6722-473B-9F8E-8CFED2E86F53}\RP16\A0008628.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{6DF58F70-6722-473B-9F8E-8CFED2E86F53}\RP16\A0008638.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{6DF58F70-6722-473B-9F8E-8CFED2E86F53}\RP16\A0008681.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{6DF58F70-6722-473B-9F8E-8CFED2E86F53}\RP16\A0008740.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{6DF58F70-6722-473B-9F8E-8CFED2E86F53}\RP16\A0008823.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
I:\softwares\antivirus\Spyware and Ad-ware Remover\setup.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
I:\softwares\Burning tolls\Nero 6.6.0.15\Key.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
I:\softwares\Copying & Repairing Tools\Copy Rator 1.4\Setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
I:\softwares\Downloaders\New Idm\Patch-UnREaL\Patch 5.xx (2009-01-22).exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\softwares\Grabbers\Youtube Google Video Grabber v.1.0.0.0 (Retail)\Setup.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
J:\Softs_Dvd\antivirus\Spyware and Ad-ware Remover\setup.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
J:\Softs_Dvd\Burning tolls\Nero 6.6.0.15\Key.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
J:\Softs_Dvd\Copying & Repairing Tools\Copy Rator 1.4\Setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
J:\Softs_Dvd\Copying & Repairing Tools\CryptCD Pro v5.0\KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
J:\Softs_Dvd\doc converter softwares\PDF Stamp 2.2.0\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
J:\Softs_Dvd\Downloaders\Internet.Download.Manager.v5.02.9.Incl.Keymaker-CORE\Internet Download Manager 5.07 Final\IDM.patch.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
J:\Softs_Dvd\Grabbers\Youtube Google Video Grabber v.1.0.0.0 (Retail)\Setup.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
J:\Softs_Dvd\New\Vocabulary Builders\Vocaboly 1.2 Vocabolary Builder\Keygen_Vocaboly.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{148E06C7-6EED-4C23-AF67-9F490930725A}\RP3\A0000273.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{148E06C7-6EED-4C23-AF67-9F490930725A}\RP9\A0003234.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\owcstp16.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Logged

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« Reply #17 on: March 16, 2010, 08:32:41 AM »
i also recved somt times error  of "generic Host Process win32" & after this error my audio device
 stop working & n i hav to install audio drivers again for voice....
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I am at dead end......help me out from viruses
« Reply #18 on: March 16, 2010, 09:04:03 AM »
One more scanner please
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
       
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
       
  • Click the green arrow at the right, and the scan will start.
       
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
       
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
       
  • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.
NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Keep me informed how things are now running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline faraz

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-0
    • View Profile
I am at dead end......help me out from viruses
« Reply #19 on: March 19, 2010, 03:06:06 PM »
plz find the attched file .............. i m still recving these errors
Logged
Pages: [1] 2
« previous next »