axel davis virus

View previous topic View next topic Go down

axel davis virus

Post by creative on 18th March 2010, 7:21 pm

hi guys,

i need some help if you would plse.

have found axel davis on this machine and dispite having a fully paid up version of e-set it seems to be gradually slowing down our machine.

sadly, before i found this forum i have tried to get rid (i know, i'm a plonker), so i have followed instrutions thuis far and here is the log file.

ed on: 18/03/2010 19:07:11 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Newquay Kitchens\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 282.07 Gb Total Space | 233.81 Gb Free Space | 82.89% Space Free | Partition Type: NTFS
Drive D: | 16.00 Gb Total Space | 2.76 Gb Free Space | 17.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 464.62 Gb Total Space | 421.22 Gb Free Space | 90.66% Space Free | Partition Type: NTFS

Computer Name: UNIT10NK
Current User Name: Newquay Kitchens
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/18 19:06:42 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Newquay Kitchens\Desktop\OTL.exe
PRC - [2009/10/12 12:34:56 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
PRC - [2009/09/28 19:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/28 19:34:16 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/09/11 06:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 06:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/06/08 15:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/05/26 21:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 18:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/04/07 10:39:20 | 000,031,768 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoService.exe
PRC - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/07/10 17:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe


========== Modules (SafeList) ==========

MOD - [2010/03/18 19:06:42 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Newquay Kitchens\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0067021253935898mcinstcleanup) McAfee Application Installer Cleanup (0067021253935898)
SRV - [2009/09/28 19:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/09/11 06:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 06:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/06/08 15:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/07/24 18:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/04/07 10:39:20 | 000,031,768 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoService.exe -- (BMUService)
SRV - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/09/11 06:26:24 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/09/11 06:26:20 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/09/11 06:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 06:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/19 08:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/20 23:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/12 18:55:36 | 004,635,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/30 08:00:36 | 005,851,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/07 16:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/04/18 03:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006/05/05 23:34:02 | 000,057,344 | ---- | M] (XSS) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SMINST\virtdisk.sys -- (VirtDisk)
DRV - [2005/09/20 18:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/05/08 17:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.1.1

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/03/04 09:01:53 | 000,000,000 | ---D | M]

[2010/03/10 11:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Newquay Kitchens\Application Data\Mozilla\Extensions
[2010/03/11 13:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Newquay Kitchens\Application Data\Mozilla\Firefox\Profiles\es8jgv4e.default\extensions
[2010/03/07 10:24:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Newquay Kitchens\Application Data\Mozilla\Firefox\Profiles\es8jgv4e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2006/02/28 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {13510606-30FA-11D2-B383-444553540000} [You must be registered and logged in to see this link.] (WebClient Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/01 00:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/18 19:06:21 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Newquay Kitchens\Desktop\OTL.exe
[2010/03/18 18:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\Malwarebytes
[2010/03/18 18:19:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/18 18:18:58 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/18 18:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/18 18:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/18 18:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/18 07:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2010/03/17 20:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\My Documents\Worktop Pricelists
[2010/03/09 23:43:15 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/07 14:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\CutePDF Writer
[2010/03/07 10:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\Mozilla
[2010/03/07 10:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\Mozilla
[2010/03/06 15:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/03/06 12:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\My Documents\Adobe Reader 9 Installer
[2010/03/06 10:00:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Newquay Kitchens\Recent
[2010/03/05 14:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\Windows Search
[2010/03/05 13:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/03/05 13:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\PCHealth
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/03/05 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/03/05 13:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/03/05 12:56:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Newquay Kitchens\IECompatCache
[2010/03/05 12:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\Adobe
[2010/03/05 12:56:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Newquay Kitchens\PrivacIE
[2010/03/05 12:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\AskToolbar
[2010/03/05 12:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\Sage
[2010/03/05 12:34:15 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/03/05 12:34:15 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/03/05 12:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\HP
[2010/03/05 12:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\Identities
[2010/03/05 12:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\ESET
[2010/03/05 12:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\Windows Desktop Search
[2010/03/05 12:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\LogMeIn
[2010/03/05 12:12:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Newquay Kitchens\IETldCache
[2010/03/05 12:12:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\Microsoft
[2010/03/05 12:12:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data
[2010/03/05 12:12:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Newquay Kitchens\My Documents\My Pictures
[2010/03/05 12:12:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Newquay Kitchens\My Documents\My Music
[2010/03/05 12:12:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Newquay Kitchens\My Documents
[2010/03/05 12:12:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Newquay Kitchens\Favorites
[2010/03/05 12:12:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Newquay Kitchens\Cookies
[2010/03/05 12:12:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Newquay Kitchens\PrintHood
[2010/03/05 12:12:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Newquay Kitchens\NetHood
[2010/03/05 12:12:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings
[2010/03/05 12:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\Sun
[2010/03/05 12:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\SiteAdvisor
[2010/03/05 12:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\Seven Zip
[2010/03/05 12:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\SampleView
[2010/03/05 12:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\Microsoft Help
[2010/03/05 12:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\Microsoft
[2010/03/05 12:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\Macromedia
[2010/03/05 12:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Application Data\Identities
[2010/03/05 12:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Desktop
[2010/03/05 12:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\ApplicationHistory
[2010/03/05 12:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\Adobe
[2010/03/05 12:12:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Newquay Kitchens\SendTo
[2010/03/05 12:12:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Newquay Kitchens\Start Menu
[2010/03/05 12:12:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Newquay Kitchens\Templates
[2010/03/04 11:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\My Documents\Sage Data
[2010/03/04 10:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/03/04 10:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2010/03/04 10:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2010/03/04 10:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\BUFFALO
[2010/03/04 09:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/04 09:01:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/04 09:01:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/04 09:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/04 09:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010/03/04 09:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/03/03 20:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/03/03 20:49:25 | 000,083,288 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/03/03 20:49:25 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2010/03/03 20:49:25 | 000,028,984 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/03/03 20:49:17 | 000,087,352 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/03/03 20:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2010/03/03 17:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/03/03 17:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/03 17:19:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/03/03 17:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/03/03 17:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/03/03 17:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/03 17:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/02/28 10:55:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010/02/28 10:55:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2010/02/28 10:55:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2010/02/28 10:55:30 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2010/02/28 10:55:30 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2010/02/27 09:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Newquay Kitchens\My Documents\penny c
[2010/02/24 20:40:37 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2008/12/23 09:32:46 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/18 19:06:42 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Newquay Kitchens\Desktop\OTL.exe
[2010/03/18 19:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/18 18:42:17 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Newquay Kitchens\Desktop\HiJackThis.lnk
[2010/03/18 18:42:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/18 18:40:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/18 18:40:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/18 18:39:58 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/18 18:39:04 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Newquay Kitchens\NTUSER.DAT
[2010/03/18 18:39:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Newquay Kitchens\ntuser.ini
[2010/03/18 18:19:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 07:57:23 | 004,805,506 | -H-- | M] () -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\IconCache.db
[2010/03/18 04:36:10 | 000,000,848 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010/03/17 19:56:41 | 000,001,344 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/17 19:55:54 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2010/03/12 14:10:18 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Newquay Kitchens\edgespro.bin
[2010/03/12 10:55:09 | 000,465,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/12 10:55:09 | 000,079,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/08 12:17:28 | 000,106,972 | ---- | M] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\Flat_Pack_Kitchens.pdf
[2010/03/08 07:55:24 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/06 12:20:59 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\Newquay Kitchens\Desktop\Shortcut to articad.lnk
[2010/03/05 17:48:22 | 000,133,595 | ---- | M] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\turnberry.jpg
[2010/03/05 17:32:52 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\COMPLAINTS FORM (2).doc
[2010/03/05 13:50:25 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/05 13:34:03 | 000,556,160 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/05 13:09:59 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\fusioncache.dat
[2010/03/03 20:49:16 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/02/25 11:06:29 | 000,139,615 | ---- | M] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\croft oak plan.jpg
[2010/02/24 20:41:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/17 17:52:13 | 000,287,438 | ---- | M] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\moulin boundry 002.jpg
[2010/02/17 17:51:36 | 000,291,441 | ---- | M] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\moulin boundry 001.jpg
[2010/02/17 17:49:29 | 000,351,159 | ---- | M] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\moulin boundry.jpg
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/18 18:19:04 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 18:15:16 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\Desktop\HiJackThis.lnk
[2010/03/12 14:10:18 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\edgespro.bin
[2010/03/10 11:19:05 | 001,318,429 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\red.jpg
[2010/03/08 12:17:27 | 000,106,972 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\Flat_Pack_Kitchens.pdf
[2010/03/08 07:55:24 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/06 12:20:59 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\Desktop\Shortcut to articad.lnk
[2010/03/05 17:48:20 | 000,133,595 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\turnberry.jpg
[2010/03/05 17:32:52 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\COMPLAINTS FORM (2).doc
[2010/03/05 13:14:02 | 000,000,848 | ---- | C] () -- C:\WINDOWS\tasks\Backup.job
[2010/03/05 13:09:59 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\Local Settings\Application Data\fusioncache.dat
[2010/03/05 12:49:26 | 2136,133,632 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/05 12:12:04 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Newquay Kitchens\NTUSER.DAT
[2010/03/05 12:12:04 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Newquay Kitchens\ntuser.ini
[2010/03/03 20:49:15 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/03/03 17:22:00 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/03 12:53:44 | 001,872,046 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\HG Ebony Cappuccino Venice.jpg
[2010/02/25 11:06:27 | 000,139,615 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\croft oak plan.jpg
[2010/02/17 17:51:57 | 000,287,438 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\moulin boundry 002.jpg
[2010/02/17 17:51:21 | 000,291,441 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\moulin boundry 001.jpg
[2010/02/17 17:49:14 | 000,351,159 | ---- | C] () -- C:\Documents and Settings\Newquay Kitchens\My Documents\moulin boundry.jpg
[2010/02/12 08:20:37 | 000,000,129 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/27 09:30:57 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/10/08 09:00:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AXEL.DAVIS.TXT
[2009/10/03 15:15:19 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/10 14:59:26 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2009/07/10 14:59:20 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2009/07/10 14:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2009/07/10 14:59:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2009/07/10 14:59:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2009/07/10 14:59:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2009/07/10 14:59:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2009/07/10 14:58:56 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2009/07/10 14:58:52 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2009/07/10 14:58:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2009/07/10 14:58:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2009/07/04 14:47:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/04 14:10:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2009/03/04 11:40:02 | 000,001,204 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2008/12/23 09:33:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll
[2008/12/23 09:33:26 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/12/22 10:26:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2008/12/22 10:26:30 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2008/12/01 15:36:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2008/12/01 15:36:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2008/12/01 15:36:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2008/12/01 15:35:56 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2008/12/01 15:35:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2008/12/01 15:35:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/01 16:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 16:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2006/06/02 10:54:00 | 000,004,801 | ---- | C] () -- C:\WINDOWS\UN060501.INI
[2006/02/28 02:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/02/28 02:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/02/28 02:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/02/28 02:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/02/28 02:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/05/08 10:12:22 | 000,000,829 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
< End of report >
and also from hijack this

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 19:13:49, on 18/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Newquay Kitchens\Desktop\OTL.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-115879832-2072478701-2934677578-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'number 2')
O4 - HKUS\S-1-5-21-115879832-2072478701-2934677578-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-115879832-2072478701-2934677578-500 Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (User 'Administrator')
O4 - S-1-5-21-115879832-2072478701-2934677578-500 Startup: Memeo AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (User 'Administrator')
O4 - S-1-5-21-115879832-2072478701-2934677578-500 User Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (User 'Administrator')
O4 - S-1-5-21-115879832-2072478701-2934677578-500 User Startup: Memeo AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (User 'Administrator')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {13510606-30FA-11D2-B383-444553540000} (WebClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0067021253935898) (0067021253935898mcinstcleanup) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\006702~1.EXE (file missing)
O23 - Service: MEMEOI~1|Memeo AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Sage SData Service - Sage (UK) Limited - C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe

--
End of file - 8257 bytes


here's hoping.

creative
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2010-03-18
OS OS : windows xp
Points Points : 24573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: axel davis virus

Post by Belahzur on 18th March 2010, 11:16 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum