« previous next »
Pages: [1]

Author Topic: A few viruses  (Read 989 times)

Offline mikey6969

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
A few viruses
« on: April 18, 2010, 01:19:47 PM »
Hello, my computer is suffering from a few viruses right now. One called us.exe, it pops up constantly on my AVG like every minute or so.

Also, recently google links have been taking me to spam websites or ads. This hasn't happened before I picked up a virus.


Logfile of HijackThis v1.99.1
Scan saved at 2:20:34 PM, on 4/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://lib.verycd.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Messenger MessengerWudfSvc (MessengerWudfSvc) - Unknown owner - C:\WINDOWS\system32\8FCDDED630k.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
A few viruses
« Reply #1 on: April 18, 2010, 03:00:59 PM »
Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Under the Custom Scan box paste this in, the contents in Blue
[color=\"#0000FF\"]netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]


  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mikey6969

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
A few viruses
« Reply #2 on: April 19, 2010, 01:00:03 AM »
Here's the logfile

OTL logfile created on: 4/19/2010 1:31:54 AM - Run 1
OTL by OldTimer - Version 3.2.1.2     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 80.71 Gb Free Space | 34.66% Space Free | Partition Type: NTFS
Drive D: | 3.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 1.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: COMPANY-38BC4F5
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/04/18 22:30:29 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/04/01 22:31:24 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/20 11:40:57 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2009/08/26 12:05:53 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/26 12:05:41 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/26 12:05:19 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/24 15:10:20 | 001,388,544 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/11/25 22:14:40 | 000,311,296 | ---- | M] () -- C:\Program Files\Mouse Driver\MouseDrv.exe
PRC - [2006/09/14 16:09:07 | 000,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2006/07/21 16:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2006/05/04 16:26:36 | 002,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/04/18 22:30:29 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/08/26 12:05:19 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/16 18:48:00 | 002,849,757 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/06 16:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/08/03 20:56:58 | 000,066,048 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\8FCDDED630k.exe -- (MessengerWudfSvc)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/08/26 12:05:52 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/26 12:05:52 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/08 12:09:23 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/16 14:33:02 | 003,597,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/12/19 19:09:59 | 000,016,224 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006/10/09 16:10:05 | 000,611,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/12 19:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/03 18:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/09/16 15:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Reg Error: Unknown registry data type
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = Reg Error: Unknown registry data type
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Reg Error: Unknown registry data type
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p="
 
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 13:38:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/01 22:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 10:45:38 | 000,000,000 | ---D | M]
 
[2008/10/03 19:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/18 14:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hwdgy37d.default\extensions
[2010/04/11 01:37:25 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hwdgy37d.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/12 21:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hwdgy37d.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/04/16 20:29:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hwdgy37d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/19 17:46:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hwdgy37d.default\searchplugins\ask.xml
[2008/06/26 02:00:17 | 000,000,271 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hwdgy37d.default\searchplugins\search.xml
[2007/09/12 19:41:45 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hwdgy37d.default\searchplugins\siteadvisor.xml
[2010/04/16 15:48:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/05 23:56:12 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
 
O1 HOSTS File: ([2010/04/16 17:27:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WireLessMouse] C:\Program Files\Mouse Driver\StartAutorun.exe MouseDrv.exe File not found
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools:  = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip:  = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: verycd.com ([lib] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 22:50:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/06 16:25:29 | 000,000,031 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/10/29 22:19:10 | 000,000,225 | R--- | M] () - J:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/10/29 22:19:10 | 000,000,225 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/09/19 22:50:11 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/04/19 01:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Sexy_Magical_Girl1thru5_Mahou_Shoujo_AI(2)
[2010/04/18 22:30:28 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/04/17 22:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010/04/16 22:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\WBGames
[2010/04/16 22:47:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/16 20:22:36 | 000,562,856 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Administrator\Desktop\ChromeSetup(2).exe
[2010/04/16 20:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/04/16 18:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/04/16 18:07:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/16 18:07:38 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/16 18:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/16 18:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/16 18:06:10 | 005,918,776 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.45.exe
[2010/04/16 17:10:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/16 17:07:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/16 17:07:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/16 17:07:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/16 16:32:09 | 034,596,344 | ---- | C] (PC Tools                                                    ) -- C:\Documents and Settings\Administrator\Desktop\7.0.0.538f-sdasetup.exe
[2010/04/16 16:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/04/16 16:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/04/16 16:03:20 | 000,562,840 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Administrator\Desktop\ChromeSetup.exe
[2010/04/16 15:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/16 15:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/09 16:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/08 16:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/04/08 16:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/04/04 23:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Highschool_of_the_Dead_[XLG]_v6_c24_LQ
[2010/04/04 01:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)
[2010/04/02 10:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mouse Driver
[2009/07/28 18:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/30 14:05:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/30 14:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/30 14:05:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/01/31 16:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/04/19 01:41:35 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 01:40:39 | 270,322,498 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sexy_Magical_Girl1thru5_Mahou_Shoujo_AI(2).zip
[2010/04/19 01:28:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-879983540-682003330-500UA.job
[2010/04/18 22:30:29 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/04/18 20:28:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-879983540-682003330-500Core.job
[2010/04/18 17:39:58 | 059,034,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/18 16:39:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/18 16:39:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/18 16:39:16 | 000,173,776 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/04/18 16:37:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/18 16:37:51 | 029,360,128 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/04/18 16:37:49 | 019,741,548 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/04/18 16:35:00 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sexy_Magical_Girl1thru5_Mahou_Shoujo_AI.zip
[2010/04/18 15:32:06 | 000,020,235 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sigpic116111_3.gif
[2010/04/18 14:03:23 | 000,000,167 | --S- | M] () -- C:\WINDOWS\System32\267382892.dat
[2010/04/18 12:03:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/17 22:07:40 | 011,048,840 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\veetle-0.9.17.exe
[2010/04/17 17:53:22 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/04/17 10:45:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/16 20:23:45 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/04/16 20:22:36 | 000,562,856 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Desktop\ChromeSetup(2).exe
[2010/04/16 18:07:44 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/16 18:06:13 | 005,918,776 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.45.exe
[2010/04/16 17:55:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/16 17:27:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/16 17:10:19 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/16 17:01:08 | 003,916,775 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\Wombocombo.exe
[2010/04/16 16:28:38 | 034,596,344 | ---- | M] (PC Tools                                                    ) -- C:\Documents and Settings\Administrator\Desktop\7.0.0.538f-sdasetup.exe
[2010/04/16 16:14:35 | 000,018,502 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\IGI4W75
[2010/04/16 16:14:35 | 000,018,502 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IGI4W75
[2010/04/16 16:03:26 | 000,562,840 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Desktop\ChromeSetup.exe
[2010/04/15 03:14:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/11 19:11:02 | 000,016,750 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mike.docx
[2010/04/11 15:26:48 | 000,011,860 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Job Search.xlsx
[2010/04/11 12:19:33 | 000,107,674 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Michael Resume.JPG
[2010/04/11 11:44:58 | 000,104,043 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Michael Resume.pdf
[2010/04/09 21:23:25 | 003,090,004 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Utada Hikaru - Taking My Money Back.mp3
[2010/04/09 21:23:06 | 004,124,871 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Utada - Come Back To Me.mp3
[2010/04/09 20:31:28 | 004,626,422 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Utada Hikaru - Prisoner of Love.mp3
[2010/04/09 20:31:05 | 003,953,925 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ul_Rn7rxLW0.mp3
[2010/04/09 16:45:06 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/09 11:10:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/08 16:25:45 | 000,001,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/04/08 15:03:43 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/04/01 09:31:43 | 000,015,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Presenation 4 Y.Sensee edit(2).docx
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 19:36:57 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Heroes of Newerth.lnk
[2010/03/25 12:23:42 | 185,173,117 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\[FAKKU]_Samayou_Midara_na_Lunatics_Vol.2_[720x480_H264_AAC]_[E6B81EBB].mkv
[2010/03/20 15:37:34 | 000,012,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Presenation 4.docx
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/04/19 01:31:10 | 270,322,498 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sexy_Magical_Girl1thru5_Mahou_Shoujo_AI(2).zip
[2010/04/18 15:32:02 | 000,020,235 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sigpic116111_3.gif
[2010/04/18 14:36:21 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sexy_Magical_Girl1thru5_Mahou_Shoujo_AI.zip
[2010/04/17 22:07:09 | 011,048,840 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\veetle-0.9.17.exe
[2010/04/16 20:23:45 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/04/16 20:23:02 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-879983540-682003330-500UA.job
[2010/04/16 20:23:02 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-879983540-682003330-500Core.job
[2010/04/16 18:27:40 | 000,000,167 | --S- | C] () -- C:\WINDOWS\System32\267382892.dat
[2010/04/16 18:07:44 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/16 17:10:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/16 17:10:13 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/16 17:07:17 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/16 17:07:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/16 17:07:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/16 17:07:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/16 17:07:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/16 17:00:03 | 003,916,775 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\Wombocombo.exe
[2010/04/16 15:53:09 | 000,018,502 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\IGI4W75
[2010/04/16 15:53:09 | 000,018,502 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IGI4W75
[2010/04/11 23:55:54 | 000,011,860 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Job Search.xlsx
[2010/04/11 11:44:58 | 000,104,043 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Michael Resume.pdf
[2010/04/09 21:23:19 | 003,090,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Utada Hikaru - Taking My Money Back.mp3
[2010/04/09 21:22:57 | 004,124,871 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Utada - Come Back To Me.mp3
[2010/04/09 20:31:17 | 004,626,422 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Utada Hikaru - Prisoner of Love.mp3
[2010/04/09 20:30:55 | 003,953,925 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ul_Rn7rxLW0.mp3
[2010/04/09 16:44:14 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/09 12:44:34 | 000,107,674 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Michael Resume.JPG
[2010/04/08 16:25:45 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/04/08 15:03:43 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/04/01 09:31:42 | 000,015,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Presenation 4 Y.Sensee edit(2).docx
[2010/03/25 12:13:30 | 185,173,117 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\[FAKKU]_Samayou_Midara_na_Lunatics_Vol.2_[720x480_H264_AAC]_[E6B81EBB].mkv
[2010/03/22 10:48:57 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/20 15:37:33 | 000,012,495 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Presenation 4.docx
[2009/08/10 18:55:16 | 000,002,099 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2009/08/04 17:28:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\initdebug.nfo
[2009/07/28 18:05:16 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Administrator\dxva_sig.txt
[2009/07/28 18:03:48 | 029,360,128 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009/07/28 17:19:29 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/28 17:19:29 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/28 17:19:27 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/28 17:19:26 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/28 17:19:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/04/15 05:41:28 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/04/15 05:41:28 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2009/04/15 05:41:28 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/04/15 05:41:28 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/04/15 05:41:28 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/04/15 05:41:28 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/04/15 05:41:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/04/15 05:41:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/04/15 05:41:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009/04/15 05:41:28 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/04/15 05:41:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/04/15 05:41:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/04/15 05:41:28 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009/04/15 05:41:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/15 05:41:28 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/04/15 05:41:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/04/15 05:41:28 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/04/15 05:41:28 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/04/15 05:41:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/18 20:00:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2009/03/15 22:52:39 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Settings.cfg
[2008/06/26 02:03:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\NULL
[2008/05/19 09:32:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/03/18 21:22:32 | 000,000,372 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2007/12/31 19:08:33 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
[2007/11/06 17:36:58 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8FCDDED630.sys
[2007/11/06 17:30:10 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/12 12:26:37 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVSyf.DLL
[2007/07/12 12:26:18 | 000,000,356 | ---- | C] () -- C:\WINDOWS\System32\CNCASv51.ini
[2007/07/12 12:25:51 | 000,000,599 | ---- | C] () -- C:\WINDOWS\System32\CNCMP51.INI
[2007/05/10 22:25:46 | 000,000,004 | -HS- | C] () -- C:\Documents and Settings\Administrator\win_rhtdo53x4
[2007/04/21 10:27:36 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\turing_files.ini
[2007/04/15 19:58:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/02/14 10:14:10 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/04 15:01:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2006/10/09 19:51:13 | 000,061,440 | ---- | C] () -- C:\WINDOWS\ContextMenuExt.dll
[2006/10/09 16:10:05 | 000,611,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/06 14:18:26 | 000,000,052 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/09/30 10:28:56 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/30 10:22:42 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Administrator\reglog.txt
[2006/09/27 15:40:03 | 000,005,924 | ---- | C] () -- C:\Documents and Settings\Administrator\Server.dat
[2006/09/27 15:40:03 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\version.dat
[2006/09/27 04:33:49 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/23 16:54:45 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/20 01:29:58 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2006/09/20 01:29:58 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2006/09/19 22:54:07 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2006/09/19 22:54:07 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2004/08/03 20:56:44 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ONETW.DRV
[2004/07/17 07:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1998/06/10 01:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
[color=\"#E56717\"]========== Custom Scans ==========[/color]
 
 
[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
 
 
[color=\"#A23BEC\"]< MD5 for: AGP440.SYS  >[/color]
[2004/08/03 21:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
 
[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/03 21:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2004/08/03 18:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2004/08/03 18:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
 
[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2004/08/03 20:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2004/08/03 20:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 20:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
 
[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 20:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll
 
[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL  >[/color]
[2004/08/03 20:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\erdnt\cache\scecli.dll
[2004/08/03 20:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 20:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll
 
[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[14 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2006/10/09 16:10:05 | 000,611,064 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav  >[/color]
[2006/09/19 18:41:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/09/19 18:41:31 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/09/19 18:41:31 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
[color=\"#E56717\"]========== Files - Unicode (All) ==========[/color]
[2010/02/20 13:14:11 | 004,010,771 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\FLOW(???) - DAYS.mp3) -- C:\Documents and Settings\Administrator\Desktop\FLOW(フロウ) - DAYS.mp3
[2010/02/20 13:14:05 | 016,944,203 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\Traveling by Utada Hikaru [??????].mp4) -- C:\Documents and Settings\Administrator\Desktop\Traveling by Utada Hikaru [宇多田ヒカル].mp4
[2010/02/20 13:00:12 | 016,944,203 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\Traveling by Utada Hikaru [??????].mp4) -- C:\Documents and Settings\Administrator\Desktop\Traveling by Utada Hikaru [宇多田ヒカル].mp4
[2010/02/20 11:46:36 | 004,010,771 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\FLOW(???) - DAYS.mp3) -- C:\Documents and Settings\Administrator\Desktop\FLOW(フロウ) - DAYS.mp3
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88050731
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
< End of report >











OTL Extras logfile created on: 4/19/2010 1:31:54 AM - Run 1
OTL by OldTimer - Version 3.2.1.2     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 80.71 Gb Free Space | 34.66% Space Free | Partition Type: NTFS
Drive D: | 3.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 1.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: COMPANY-38BC4F5
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [opennew] -- explorer.exe /e, %1 (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"25023:TCP" = 25023:TCP:*:Enabled:BitComet 25023 TCP
"25023:UDP" = 25023:UDP:*:Enabled:BitComet 25023 UDP
"33101:TCP" = 33101:TCP:*:Enabled:eMule 33101
"24280:UDP" = 24280:UDP:*:Enabled:eMule 24280
"94:TCP" = 94:TCP:*:Enabled:VRS Recording System Web Control Panel
"8000:UDP" = 8000:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8001:UDP" = 8001:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8002:UDP" = 8002:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8003:UDP" = 8003:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8004:UDP" = 8004:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8005:UDP" = 8005:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8006:UDP" = 8006:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8007:UDP" = 8007:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8008:UDP" = 8008:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"8009:UDP" = 8009:UDP:*:Enabled:Axon Virtual PBX RTP Incoming Audio (UDP)
"5060:UDP" = 5060:UDP:*:Enabled:Axon Virtual PBX Sip Incoming Calls (UDP)
&
Logged

Offline mikey6969

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
A few viruses
« Reply #3 on: April 19, 2010, 01:02:17 AM »
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Steam App 10" = Counter-Strike
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 4/13/2010 3:21:37 PM | Computer Name = COMPANY-38BC4F5 | Source = WindowsLiveMessenger | ID = 15728647
Description =
 
Error - 4/15/2010 4:29:35 AM | Computer Name = COMPANY-38BC4F5 | Source = Application Error | ID = 1000
Description = Faulting application ventrilo.exe, version 3.0.0.0, faulting module
 unknown, version 0.0.0.0, fault address 0x4b435553.
 
Error - 4/16/2010 3:55:16 PM | Computer Name = COMPANY-38BC4F5 | Source = Application Error | ID = 1000
Description = Faulting application vhk.exe, version 0.0.0.0, faulting module vhk.exe,
 version 0.0.0.0, fault address 0x00003550.
 
Error - 4/16/2010 6:24:22 PM | Computer Name = COMPANY-38BC4F5 |
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
A few viruses
« Reply #4 on: April 19, 2010, 08:44:31 AM »
CD emulation software such as Daemon tools interfere with our steps, can I have you take the following steps to disable it please
Don't reenable till we are done here, I'll let you know

To disable CD Emulation programs using DeFogger please perform these steps:

   1. Please download [color=\"#0000FF\"]DeFogger[/color] to your desktop.
   2. Once downloaded, double-click on the DeFogger icon to start the tool.
   3. The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
   4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
   5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
   6. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Afterwards
Download ComboFix from only this location
[color=\"#0000FF\"]Link[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]
With AVG 8.5 do the following:
open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar.

    * Click on Open AVG Interface.
    * Double click on Resident Shield
    * Deselect the option to "Enable Resident Shield."
    * Save changes, and exit the application.
You can reenable the protection after we have totally ran ComboFix
    * To re-enable AVG 8.5, please select "Enable Resident Shield" again.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
« Last Edit: April 19, 2010, 08:45:08 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mikey6969

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
A few viruses
« Reply #5 on: April 19, 2010, 12:09:09 PM »
ComboFix 10-04-18.04 - Administrator 04/19/2010  12:49:02.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.3071.2524 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\267382892.dat
c:\windows\system32\8FCDDED630k.exe

Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - Kitty had a snack http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MESSENGERWUDFSVC
-------\Service_MessengerWudfSvc


(((((((((((((((((((((((((   Files Created from 2010-03-19 to 2010-04-19  )))))))))))))))))))))))))))))))
.

2010-04-18 02:08 . 2010-04-18 02:08   --------   d-----w-   c:\program files\Veetle
2010-04-17 00:17 . 2010-04-17 02:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2010-04-16 22:07 . 2010-04-16 22:07   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-04-16 22:07 . 2010-03-30 04:46   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 22:07 . 2010-04-16 22:07   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-04-16 22:07 . 2010-04-16 22:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-16 22:07 . 2010-03-30 04:45   20824   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-16 20:04 . 2010-04-17 00:23   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-04-16 20:04 . 2010-04-17 00:22   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-04-09 20:43 . 2010-04-09 20:43   --------   d-----w-   c:\documents and settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-04-08 20:25 . 2010-04-08 20:25   --------   d-----w-   C:\ProgramData
2010-04-08 20:25 . 2010-04-08 20:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Electronic Arts
2010-04-02 14:52 . 2010-04-02 14:52   --------   d-----w-   c:\program files\Mouse Driver

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 17:01 . 2007-07-01 04:53   --------   d-----w-   c:\program files\Steam
2010-04-18 21:50 . 2009-11-07 04:51   --------   d-----w-   c:\program files\Conquer 2.0
2010-04-15 07:17 . 2007-09-11 00:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-13 07:43 . 2006-09-23 19:21   --------   d-----w-   c:\program files\SpeedFan
2010-04-11 05:36 . 2010-02-12 02:02   --------   d-----w-   c:\program files\Heroes of Newerth
2010-04-08 20:28 . 2009-07-03 22:23   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2010-04-08 20:23 . 2006-09-23 20:53   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-04-08 20:22 . 2009-01-13 18:42   --------   d-----w-   c:\program files\Electronic Arts
2010-03-26 05:52 . 2009-11-14 04:27   --------   d-----w-   c:\documents and settings\Administrator\Application Data\uTorrent
2010-03-22 14:48 . 2006-12-06 20:18   --------   d-----w-   c:\program files\Common Files\Adobe
2010-03-13 18:45 . 2010-03-13 18:45   --------   d-----w-   c:\program files\Common Files\NSV
2010-03-11 12:38 . 2004-08-04 00:56   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 00:56   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 00:56   17408   ------w-   c:\windows\system32\corpol.dll
2010-03-11 08:41 . 2010-03-11 08:41   0   ----a-w-   c:\documents and settings\Administrator\ntuser.tmp
2010-03-09 11:09 . 2004-08-04 00:56   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-03-09 00:35 . 2007-05-23 19:34   --------   d-----w-   c:\program files\DivX
2010-03-09 00:35 . 2010-03-09 00:35   --------   d-----w-   c:\program files\Common Files\DivX Shared
2010-03-06 19:08 . 2007-07-12 16:28   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Canon
2010-02-27 02:06 . 2010-02-27 02:03   --------   d-----w-   c:\program files\Sengoku Rance English
2010-02-25 20:46 . 2006-09-20 03:07   85344   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 12:31 . 2004-08-03 23:15   454016   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 17:35 . 2004-08-03 23:18   2143744   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 16:57 . 2004-08-03 22:59   2021888   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:36 . 2004-08-04 00:56   100864   ----a-w-   c:\windows\system32\6to4svc.dll
2010-02-11 11:08 . 2004-08-03 23:07   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys
2008-03-27 20:24 . 2007-11-06 21:36   88   --sh--r-   c:\windows\system32\8FCDDED630.sys
2008-03-27 20:24 . 2007-11-06 21:30   2516   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2009-06-08 16:11 . 2009-04-30 18:18   9906208   --sha-w-   c:\windows\system32\drivers\fidbox.dat
2009-06-08 16:11 . 2009-04-30 18:18   379936   --sha-w-   c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam\steam.exe" [2010-02-20 1217872]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-17 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"WireLessMouse"="c:\program files\Mouse Driver\StartAutorun.exe" [2005-11-30 94208]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-26 16:05   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\ilaglike[censored]\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\kamakazzi619\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\kamakazzi619\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Conquer 2.0\\Proxy.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25023:TCP"= 25023:TCP:BitComet 25023 TCP
"25023:UDP"= 25023:UDP:BitComet 25023 UDP
"33101:TCP"= 33101:TCP:eMule 33101
"24280:UDP"= 24280:UDP:eMule 24280
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"8000:UDP"= 8000:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/8/2009 12:09 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/8/2009 12:09 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/8/2009 12:09 PM 297752]
S0 uzrvbke;uzrvbke;

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?]
S3 XDva212;XDva212;\??\c:\windows\system32\XDva212.sys --> c:\windows\system32\XDva212.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/9/2006 4:10 PM 611064]
.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-879983540-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-17 00:22]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-879983540-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-17 00:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mStart Page = about:blank
mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: verycd.com\lib
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hwdgy37d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 13:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  


c:\documents and settings\Administrator\Application Data\Microsoft\Windows Live\Toolbar\Feeds\rssE9.tmp
c:\documents and settings\Administrator\Application Data\Microsoft\Windows Live\Toolbar\Feeds\rssEA.tmp

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\dooep.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1044)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\Mouse Driver\MouseDrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Winamp\winamp.exe
.
**************************************************************************
.
Completion time: 2010-04-19  13:10:06 - machine was rebooted
ComboFix-quarantined-files.txt  2010-04-19 17:10
ComboFix2.txt  2010-04-16 21:59
ComboFix3.txt  2007-05-13 22:52

Pre-Run: 87,184,109,568 bytes free
Post-Run: 87,315,509,248 bytes free

- - End Of File - - 433A37A9FFA9796672BC22B3B1055F28
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
A few viruses
« Reply #6 on: April 19, 2010, 07:57:00 PM »
Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.
 If TFC prompts you to reboot, please do so immediately.

Back in Windows, you have Malwarebytes AntiMalware installed
Can you open it from START>>All Programs, or from the shortcut on desktop
When it opens
Click on the UPDATE tab, then CHECK FOR UPDATES
After successful update, recheck for Updates to ensure you have them all

Afterwards:
  • Click on the SCANNER tab
  • Select "Perform Quick Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
       
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Keep me informed how things are now running please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mikey6969

  • Newbie
  • *
  • Posts: 27
  • Karma: +0/-0
    • View Profile
A few viruses
« Reply #7 on: April 20, 2010, 01:14:06 PM »
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4013

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4/20/2010 1:56:50 PM
mbam-log-2010-04-20 (13-56-50).txt

Scan type: Quick scan
Objects scanned: 105308
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Well, right now, the annoying virus seems to be gone and the ad problem seems to be fixed as well, is there another step I should be taking?
« Last Edit: April 20, 2010, 01:15:23 PM by mikey6969 »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
A few viruses
« Reply #8 on: April 23, 2010, 07:21:24 PM »
Sorry for the delay, can I have you do the following
Delete your copy of ComboFix on desktop, then Redownload a fresh copy from this link
and again Save it onlly to your desktop
[color=\"#0000FF\"]Link [/color]
Run it again and post the  fresh log that opens
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »