.exe virus =(

View previous topic View next topic Go down

.exe virus =(

Post by DoingItWell on Sat Mar 13, 2010 5:18 am

i have a nasty virus on my Vista laptop, and when i try to open any .exe file, it says file not found, i tried downloading "spyware doctor" and nothing, tried malwarebytes and nothing... i'm desperate for cure... and i really need to put a password..dam kids downloading everything and anything.

DoingItWell
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-03-13
OS OS : Vista
Points Points : 24633
# Likes # Likes : 0

View user profile

Back to top Go down

Re: .exe virus =(

Post by Belahzur on Sat Mar 13, 2010 1:20 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: .exe virus =(

Post by DoingItWell on Sat Mar 27, 2010 6:11 am

OTL Extras logfile created on: 3/26/2010 10:50:37 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2, v.113 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.16497)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 384.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 68.15 Gb Free Space | 58.15% Space Free | Partition Type: NTFS
Drive D: | 180.90 Gb Total Space | 179.59 Gb Free Space | 99.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-PC
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Users\Admin\AppData\Local\av.exe File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17954055-910F-4C94-B2D5-7EF5C4BB4A1C}" = rport=138 | protocol=17 | dir=out | app=system |
"{34A886EC-4C75-4230-9F6C-66C0D56EB0E8}" = lport=445 | protocol=6 | dir=in | app=system |
"{5AFA71FB-B019-4A12-8D89-314F25B80DD1}" = lport=137 | protocol=17 | dir=in | app=system |
"{5C936CE6-3C22-46F0-B046-5E6257B7860F}" = rport=445 | protocol=6 | dir=out | app=system |
"{649E68BC-9193-46A3-87FE-D6E737E323C3}" = rport=139 | protocol=6 | dir=out | app=system |
"{84CD2155-A8E8-470D-A1A4-DE3B9CB4C4B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{92BD238A-199D-4E21-B5CA-388399293CFD}" = lport=139 | protocol=6 | dir=in | app=system |
"{B85BF24D-B94F-4E98-82AA-1904F70AC724}" = lport=138 | protocol=17 | dir=in | app=system |
"{E6A3744F-9E2B-47FA-9B89-D1D79D180C32}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA561D4A-1704-41B3-990B-DD28C8FA1653}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052E0105-57DF-4499-860A-E17B21932163}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{087756BF-B15B-437A-8474-C2E34952524A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E7C4A52-7480-4DFE-94DB-B546B626DB6C}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{2431EB65-DE7E-4554-B278-5D03FDF90879}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{2F8307F3-C617-4DF1-B711-ECA3B75DEAC4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4F931B4D-0F16-4259-8C69-8CEDA6EBF49A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4FA34AEC-83BB-4110-9900-92CC3B997EA8}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{65F05041-F8C6-48F3-A979-1AAD161A8A31}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6A9E952D-AF74-4AB6-B6C4-5A53D29D5CFF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6CC4BBBE-AAAF-4C13-A2EB-7A34F761914E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F6EA2BE-9684-4B51-A8E2-92C1BA04F013}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{96A63336-67D1-42D0-9378-40FF51E73A9E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A8CBA0AA-5473-4D6A-906B-4EB02355F1B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B64B5E83-C95D-462A-B0EB-66EC24FC2202}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C897EEF7-FDD7-4A14-8155-7C6D1275E85E}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{EF4F33C5-638C-45CA-B38E-8E39E393BDAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F4ADF83A-51FB-4BB6-A502-25E07C0C32C2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{530358B3-C129-4B07-879F-B7BC871C8F02}C:\program files\steam\steamapps\toothgoat\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\toothgoat\counter-strike\hl.exe |
"UDP Query User{83052008-3AAD-4E85-BD3C-0FDE2734D113}C:\program files\steam\steamapps\toothgoat\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\toothgoat\counter-strike\hl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG8Uninstall" = AVG Free 8.5
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"LimeWire" = LimeWire 5.3.6
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2010 10:21:12 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/18/2010 10:22:09 PM | Computer Name = Admin-PC | Source = VSS | ID = 8194
Description =

Error - 3/18/2010 10:24:48 PM | Computer Name = Admin-PC | Source = VSS | ID = 8194
Description =

Error - 3/19/2010 1:58:18 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/19/2010 1:19:00 PM | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3685 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f48 Start Time: 01cac7879879e061 Termination Time: 16

Error - 3/19/2010 11:59:21 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 5:30:16 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2010 11:59:46 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2010 9:47:17 PM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/27/2010 1:35:16 AM | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/11/2010 2:41:30 PM | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/11/2010 2:48:20 PM | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2010 3:00:19 PM | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2010 3:12:19 PM | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2010 3:24:20 PM | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2010 3:36:19 PM | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2010 3:48:21 PM | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2010 4:00:24 PM | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2010 4:12:23 PM | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description =

Error - 3/11/2010 4:24:54 PM | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:19:46 PM on 3/11/2010 was unexpected.


< End of report >

DoingItWell
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-03-13
OS OS : Vista
Points Points : 24633
# Likes # Likes : 0

View user profile

Back to top Go down

Re: .exe virus =(

Post by DoingItWell on Sat Mar 27, 2010 6:11 am

OTL logfile created on: 3/26/2010 10:50:36 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2, v.113 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.16497)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 384.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 68.15 Gb Free Space | 58.15% Space Free | Partition Type: NTFS
Drive D: | 180.90 Gb Total Space | 179.59 Gb Free Space | 99.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-PC
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/26 22:46:13 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2009/08/28 08:45:09 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 08:44:50 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/02 14:50:54 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/26 22:46:13 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
MOD - [2009/08/28 08:45:09 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/10/17 22:14:16 | 001,683,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.16497_none_5cc0004408832c27\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/27 07:11:09 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/28 08:44:50 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 08:45:09 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 08:45:09 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/01/13 09:56:06 | 000,346,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005/12/22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "dabeatminerz.com"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/27 07:37:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/27 07:37:38 | 000,000,000 | ---D | M]

[2009/08/19 12:01:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2009/08/19 12:01:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/26 22:46:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7spt7ktk.default\extensions
[2009/01/08 23:41:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7spt7ktk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/14 01:58:23 | 000,002,042 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7spt7ktk.default\searchplugins\facebook.xml
[2009/03/26 13:45:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2935fa61-dcd9-11dd-89ba-00a0d18366f2}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{fdced3bf-ee7a-11de-96b0-00a0d18366f2}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{fdced3bf-ee7a-11de-96b0-00a0d18366f2}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = secfile] -- "C:\Users\Admin\AppData\Local\av.exe" /START "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/26 22:46:01 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2010/03/12 21:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater

========== Files - Modified Within 30 Days ==========

[2010/03/26 23:00:02 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010/03/26 23:00:02 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/03/26 22:48:26 | 001,572,864 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT
[2010/03/26 22:47:20 | 000,022,528 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/26 22:46:13 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2010/03/26 22:39:42 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/26 22:39:42 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/26 22:39:42 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/26 22:34:37 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/26 22:34:37 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/26 22:34:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/26 22:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/26 22:34:20 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/26 13:00:02 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At38.job
[2010/03/26 13:00:02 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/03/26 12:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010/03/26 12:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/03/26 11:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010/03/26 11:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/03/26 10:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010/03/26 10:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/03/26 09:13:45 | 057,782,050 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/26 09:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010/03/26 09:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/03/26 08:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/03/26 08:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010/03/26 07:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/03/26 07:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010/03/26 06:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/03/26 06:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010/03/26 05:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/03/26 05:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010/03/26 04:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/03/26 04:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010/03/26 03:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/03/26 03:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010/03/26 02:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/03/26 02:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010/03/26 01:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010/03/26 01:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/03/26 00:31:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/03/26 00:27:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010/03/25 22:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At47.job
[2010/03/25 22:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/03/25 21:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At46.job
[2010/03/25 21:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/03/25 20:00:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At45.job
[2010/03/25 20:00:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/03/25 19:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At44.job
[2010/03/25 19:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/03/21 18:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At43.job
[2010/03/21 18:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/03/21 17:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At42.job
[2010/03/21 17:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/03/21 16:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At41.job
[2010/03/21 16:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/03/21 15:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010/03/21 15:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/03/21 14:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job
[2010/03/21 14:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/03/16 18:05:16 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/16 18:05:16 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/16 18:04:50 | 002,102,363 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/03/12 21:47:49 | 001,250,920 | ---- | M] () -- C:\Users\Admin\Desktop\Google Updater.exe
[2010/03/01 12:39:15 | 000,011,048 | -HS- | M] () -- C:\Users\Admin\AppData\Local\3363AB316jO

========== Files Created - No Company Name ==========

[2010/03/12 21:59:30 | 937,476,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/12 21:47:30 | 001,250,920 | ---- | C] () -- C:\Users\Admin\Desktop\Google Updater.exe
[2010/02/27 04:26:27 | 000,011,048 | -HS- | C] () -- C:\Users\Admin\AppData\Local\3363AB316jO
[2009/03/03 20:28:42 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/19 13:12:15 | 000,000,552 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d8caps.dat
[2009/01/07 11:56:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/07 10:03:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/07 10:01:07 | 000,022,528 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/07 09:45:33 | 000,007,944 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008/06/03 03:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003/01/07 08:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >

DoingItWell
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-03-13
OS OS : Vista
Points Points : 24633
# Likes # Likes : 0

View user profile

Back to top Go down

Re: .exe virus =(

Post by Belahzur on Sat Mar 27, 2010 5:27 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O37 - HKCU\...exe [@ = secfile] -- "C:\Users\Admin\AppData\Local\av.exe" /START "%1" %* File not found
    [2010/03/01 12:39:15 | 000,011,048 | -HS- | M] () -- C:\Users\Admin\AppData\Local\3363AB316jO

    :files
    C:\Windows\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum