Need Help on Removing a Virus

View previous topic View next topic Go down

Need Help on Removing a Virus

Post by crestfall77 on Sun May 23, 2010 4:16 am

i Think a Virus has infected my computer and can't open my antivirus and other stuffs such as command prompt and regedit.

Here is the OTL.txt

OTL logfile created on: 5/23/2010 1:32:18 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = D:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 579.00 Mb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 48.83 Gb Total Space | 23.60 Gb Free Space | 48.34% Space Free | Partition Type: NTFS
Drive D: | 62.95 Gb Total Space | 16.29 Gb Free Space | 25.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THESERVER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/23 13:32:05 | 000,012,288 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Temp\winaewmbr.exe
PRC - [2010/05/23 12:06:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/05/18 05:36:02 | 000,095,232 | ---- | M] () -- D:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
PRC - [2010/05/13 10:56:32 | 000,926,208 | ---- | M] (IVT Corporation) -- D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2010/05/03 22:31:43 | 000,405,672 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/05/03 22:31:43 | 000,337,064 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/04/29 02:15:02 | 002,703,608 | ---- | M] (Veoh Networks) -- D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/04/27 10:47:12 | 000,393,302 | ---- | M] (IVT Corporation) -- D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2010/04/27 10:44:52 | 000,102,503 | ---- | M] (IVT Corporation) -- D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) -- D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2010/04/13 06:46:36 | 001,135,912 | ---- | M] () -- D:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/01 11:34:36 | 000,320,824 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\Search Protection\YspService.exe
PRC - [2010/02/24 09:29:26 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) -- D:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/11/13 13:39:52 | 001,358,632 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/08/30 10:58:38 | 000,122,880 | ---- | M] (ZSMCSNAP) -- D:\WINDOWS\vmsnap3.exe
PRC - [2006/06/28 17:54:06 | 000,049,152 | ---- | M] (Vimicro) -- D:\WINDOWS\Domino.exe
PRC - [2005/10/15 17:07:16 | 001,105,920 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2005/08/24 15:11:40 | 000,139,776 | ---- | M] (Alexander Avdonin) -- D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
PRC - [2004/08/04 09:26:56 | 000,013,312 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\savedump.exe


========== Modules (SafeList) ==========

MOD - [2010/05/23 12:06:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2005/10/16 21:55:06 | 001,053,696 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll
MOD - [2004/08/04 07:31:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/13 10:56:32 | 000,926,208 | ---- | M] (IVT Corporation) [Auto | Running] -- D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2010/05/03 22:31:43 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/05/03 22:31:43 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/05/03 22:31:43 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/27 10:44:52 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Running] -- D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2010/02/25 00:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- D:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/24 09:29:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- D:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/08 07:59:00 | 000,649,216 | ---- | M] (Nokia.) [On_Demand | Stopped] -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (asc3360pr)
DRV - [2010/05/15 07:37:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/19 16:15:04 | 000,036,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2010/04/06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010/04/06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010/04/06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2010/04/06 18:32:32 | 000,022,024 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\btcombus.sys -- (BTCOMBUS)
DRV - [2010/04/06 18:32:28 | 000,025,992 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btcomport.sys -- (BTCOM)
DRV - [2010/03/01 09:06:44 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/17 14:01:50 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/12/30 11:55:18 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 11:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/12/21 16:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/01 14:23:58 | 000,392,122 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006/08/16 15:35:00 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/08/14 14:51:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/11 21:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 21:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 10:57:42 | 000,428,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303)
DRV - [2005/10/14 05:35:58 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\AV, = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\FM, = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - D:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://flvdirect.iamwired.net/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6.6.117
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.2.0185
FF - prefs.js..keyword.URL: "http://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/04/18 14:09:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/04/28 11:35:59 | 000,000,000 | ---D | M]

[2010/04/18 14:10:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/22 19:27:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1smhtn3p.default\extensions
[2010/04/19 05:25:16 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1smhtn3p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/15 07:37:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1smhtn3p.default\extensions\DTToolbar@toolbarnet.com
[2010/05/05 05:07:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1smhtn3p.default\extensions\toolbar@ask.com
[2010/05/15 07:37:39 | 000,002,059 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1smhtn3p.default\searchplugins\daemon-search.xml
[2010/04/22 14:37:59 | 000,000,266 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1smhtn3p.default\searchplugins\Search.xml
[2010/05/22 19:27:53 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/24 01:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - D:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - D:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (no name) - {e406a9e5-446b-86ea-0042-210b52c1273f} - No CLSID value found.
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - D:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - D:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] D:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Domino] D:\WINDOWS\Domino.exe (Vimicro)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SearchSettings] D:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SkyTel] D:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VMSnap3] D:\WINDOWS\vmsnap3.exe (ZSMCSNAP)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [H/PC Connection Agent] D:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TaskSwitchXP] D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKCU..\Run: [VeohPlugin] D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [YSearchProtection] D:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O4 - Startup: D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = D:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCAD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - D:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\Administrator\Desktop\Yod3D\desktopwallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Administrator\Desktop\Yod3D\desktopwallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/12 19:20:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{92df3c70-5c8a-11df-84a1-0019dbbfdbd6}\Shell - "" = AutoRun
O33 - MountPoints2\{92df3c70-5c8a-11df-84a1-0019dbbfdbd6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{92df3c70-5c8a-11df-84a1-0019dbbfdbd6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{92df3c74-5c8a-11df-84a1-0019dbbfdbd6}\Shell - "" = AutoRun
O33 - MountPoints2\{92df3c74-5c8a-11df-84a1-0019dbbfdbd6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{92df3c74-5c8a-11df-84a1-0019dbbfdbd6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{daf369a8-4ae9-11df-96fb-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{daf369a8-4ae9-11df-96fb-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{daf369a8-4ae9-11df-96fb-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 12:20:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/05/23 12:20:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/23 12:20:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/23 12:20:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/05/23 12:20:32 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010/05/23 06:23:57 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\Recent
[2010/05/22 06:18:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\Roms
[2010/05/22 06:15:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\Songs
[2010/05/22 06:14:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\Pictures
[2010/05/22 06:08:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\SGH-i900 My Documents
[2010/05/22 06:08:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\OneNote Notebooks
[2010/05/22 05:42:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\Phone
[2010/05/20 20:31:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\Bluetooth
[2010/05/20 20:30:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\bluesoleil
[2010/05/20 19:54:01 | 000,000,000 | ---D | C] -- D:\Program Files\IVT Corporation
[2010/05/20 19:53:53 | 000,090,624 | ---- | C] (Nokia) -- D:\WINDOWS\System32\nmwcdcls.dll
[2010/05/20 19:53:52 | 000,000,000 | ---D | C] -- D:\Program Files\Nokia
[2010/05/20 19:53:50 | 000,018,816 | ---- | C] (Nokia) -- D:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/05/20 19:53:38 | 000,000,000 | ---D | C] -- D:\Program Files\PC Connectivity Solution
[2010/05/20 19:53:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Installations
[2010/05/20 08:10:04 | 000,030,592 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\rndismpx.sys
[2010/05/20 08:08:56 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft ActiveSync
[2010/05/20 07:57:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\wshirda.dll
[2010/05/20 07:57:55 | 000,151,552 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\irftp.exe
[2010/05/20 05:29:18 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\NtmsData
[2010/05/18 19:59:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\Frozen Throne
[2010/05/18 05:40:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\FALCOM
[2010/05/18 05:36:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2010/05/18 05:36:07 | 000,000,000 | ---D | C] -- D:\Program Files\ViiKiiDesktopPlugin
[2010/05/18 05:36:06 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe AIR
[2010/05/18 05:11:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\YS Naptism
[2010/05/16 18:17:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\Designer
[2010/05/16 11:40:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\vlc
[2010/05/15 07:59:26 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- D:\WINDOWS\DIIUnin.exe
[2010/05/15 07:37:39 | 000,000,000 | ---D | C] -- D:\Program Files\DAEMON Tools Toolbar
[2010/05/15 07:37:34 | 000,000,000 | ---D | C] -- D:\Program Files\DAEMON Tools Lite
[2010/05/15 07:37:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010/05/15 07:37:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/15 05:22:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\Raycity
[2010/05/14 07:16:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\Payroll System
[2010/05/13 16:49:13 | 000,000,000 | ---D | C] -- D:\Program Files\Garena
[2010/05/11 15:38:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\DivX
[2010/05/11 15:38:33 | 002,083,312 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\pxsfs.dll
[2010/05/11 15:38:33 | 000,678,384 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\px.dll
[2010/05/11 15:38:33 | 000,559,600 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\pxdrv.dll
[2010/05/11 15:38:33 | 000,440,816 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\pxwave.dll
[2010/05/11 15:38:33 | 000,219,632 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\pxmas.dll
[2010/05/11 15:38:33 | 000,133,616 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\pxafs.dll
[2010/05/11 15:38:33 | 000,125,424 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\pxinsi64.exe
[2010/05/11 15:38:33 | 000,123,888 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\pxcpyi64.exe
[2010/05/11 15:38:33 | 000,100,848 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\vxblock.dll
[2010/05/11 15:38:33 | 000,072,176 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\pxhpinst.exe
[2010/05/11 15:38:33 | 000,068,080 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\pxinsa64.exe
[2010/05/11 15:38:33 | 000,068,080 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\pxcpya64.exe
[2010/05/11 15:38:33 | 000,009,200 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/05/11 15:38:33 | 000,009,072 | ---- | C] (Sonic Solutions) -- D:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/05/11 15:38:09 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\DivX Shared
[2010/05/11 15:38:01 | 000,000,000 | ---D | C] -- D:\Program Files\DivX
[2010/05/11 15:28:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\DivX
[2010/05/11 14:32:25 | 003,786,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx9_37.dll
[2010/05/11 14:32:25 | 003,734,536 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx9_36.dll
[2010/05/11 14:32:25 | 000,681,472 | ---- | C] (KM-Software) -- D:\Documents and Settings\Administrator\My Documents\msvcrt(DEBUG).dll
[2010/05/11 14:32:25 | 000,329,224 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\DXErr.exe
[2010/05/11 14:32:25 | 000,209,416 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dxcpl.exe
[2010/05/11 14:32:25 | 000,167,936 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dxgi.dll
[2010/05/11 14:32:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dwmapi.dll
[2010/05/11 14:32:24 | 003,727,720 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx9_35.dll
[2010/05/11 14:32:24 | 003,497,832 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx9_34.dll
[2010/05/11 14:32:24 | 003,495,784 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx9_33.dll
[2010/05/11 14:32:24 | 001,162,656 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ntdllnew.dll
[2010/05/11 14:32:24 | 000,462,864 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx10_37.dll
[2010/05/11 14:32:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx10_36.dll
[2010/05/11 14:32:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx10_35.dll
[2010/05/11 14:32:24 | 000,443,752 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx10_34.dll
[2010/05/11 14:32:24 | 000,443,752 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx10_33.dll
[2010/05/11 14:32:24 | 000,440,080 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx10.dll
[2010/05/11 07:20:48 | 000,621,056 | ---- | C] (DiBcom SA) -- D:\WINDOWS\System32\drivers\mod7700.sys
[2010/05/11 07:20:48 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\WINDOWS\System32\drivers\ewusbnet.sys
[2010/05/11 07:20:48 | 000,102,656 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\WINDOWS\System32\drivers\ewusbfake.sys
[2010/05/11 07:20:48 | 000,102,400 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\WINDOWS\System32\drivers\ewusbmdm.sys
[2010/05/11 07:20:48 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- D:\WINDOWS\System32\drivers\ewdcsc.sys
[2010/05/11 07:20:33 | 000,000,000 | ---D | C] -- D:\Program Files\Smart Bro
[2010/05/08 22:52:38 | 000,026,488 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\spupdsvc.exe
[2010/05/08 22:44:56 | 000,000,000 | ---D | C] -- D:\Program Files\MSXML 4.0
[2010/05/08 22:44:04 | 000,017,272 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\spmsg.dll
[2010/05/08 18:05:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Search Settings
[2010/05/08 18:05:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\YouTube Downloader
[2010/05/08 17:57:23 | 000,000,000 | ---D | C] -- D:\WINDOWS\Sun
[2010/05/08 17:54:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\DownLoad
[2010/05/08 17:27:06 | 000,000,000 | ---D | C] -- D:\Program Files\Application Updater
[2010/05/08 17:27:04 | 000,000,000 | ---D | C] -- D:\Program Files\YouTube Downloader Toolbar
[2010/05/08 17:25:42 | 000,000,000 | ---D | C] -- D:\Program Files\YouTube Downloader
[2010/05/08 04:44:11 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\CatRoot_bak
[2010/05/08 04:33:13 | 000,272,128 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\bthport.sys
[2010/05/08 04:33:02 | 000,352,640 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\srv.sys
[2010/05/08 04:32:46 | 000,546,304 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hhctrl.ocx
[2010/05/08 04:32:22 | 000,457,216 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/05/08 04:32:17 | 000,470,528 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\aclayers.dll
[2010/05/08 04:31:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\fontsub.dll
[2010/05/08 04:31:26 | 000,060,416 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\colbact.dll
[2010/05/08 04:31:24 | 002,143,744 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/05/08 04:31:23 | 002,186,880 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/05/08 04:31:22 | 002,021,888 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/05/08 04:31:21 | 002,063,744 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/05/08 04:28:20 | 000,202,752 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\rmcast.sys
[2010/05/08 04:28:08 | 000,331,776 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\msadce.dll
[2010/05/08 04:27:55 | 000,683,520 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/05/08 04:27:24 | 000,332,800 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\netapi32.dll
[2010/05/08 04:27:22 | 001,172,480 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\msxml3.dll
[2010/05/08 04:23:50 | 000,000,000 | -H-D | C] -- D:\WINDOWS\$hf_mig$
[2010/05/06 08:58:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/05/05 05:13:09 | 000,274,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mucltui.dll
[2010/05/05 05:13:09 | 000,016,736 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mucltui.dll.mui
[2010/05/05 05:12:48 | 000,021,728 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\wucltui.dll.mui
[2010/05/05 05:12:48 | 000,017,632 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\wuaueng.dll.mui
[2010/05/05 05:12:48 | 000,015,072 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\wuaucpl.cpl.mui
[2010/05/05 05:12:48 | 000,015,064 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\wuapi.dll.mui
[2010/05/04 22:06:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
[2010/05/04 05:26:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2010/05/04 05:22:13 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- D:\WINDOWS\System32\lameACM.acm
[2010/05/04 05:22:12 | 000,217,088 | ---- | C] ([You must be registered and logged in to see this link.] -- D:\WINDOWS\System32\yv12vfw.dll
[2010/05/04 05:22:12 | 000,151,552 | ---- | C] (fccHandler) -- D:\WINDOWS\System32\ac3acm.acm
[2010/05/04 05:22:07 | 000,000,000 | ---D | C] -- D:\Program Files\K-Lite Codec Pack
[2010/05/04 05:15:55 | 000,000,000 | ---D | C] -- D:\My Music
[2010/05/04 05:12:07 | 000,000,000 | ---D | C] -- D:\Program Files\VideoLAN
[2010/05/03 22:47:50 | 000,000,000 | ---D | C] -- D:\Program Files\Ask.com
[2010/05/03 22:47:31 | 000,000,000 | ---D | C] -- D:\Program Files\uTorrent
[2010/05/03 22:47:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/05/03 22:35:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Avira
[2010/05/03 22:26:12 | 000,028,520 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/05/03 22:26:11 | 000,124,784 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avipbb.sys
[2010/05/03 22:26:11 | 000,060,936 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avgntflt.sys
[2010/05/03 22:26:11 | 000,045,416 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avgntdd.sys
[2010/05/03 22:26:11 | 000,022,360 | ---- | C] (Avira GmbH) -- D:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/05/03 22:26:10 | 000,000,000 | ---D | C] -- D:\Program Files\Avira
[2010/05/03 22:26:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Avira
[2010/05/03 22:06:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\Downloaded Files
[2010/05/03 22:06:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\VitySoft
[2010/05/03 08:02:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\Adobe CS3
[2010/05/02 08:46:38 | 000,000,000 | ---D | C] -- D:\WINDOWS\Minidump
[2010/04/30 18:00:02 | 000,000,000 | ---D | C] -- D:\Program Files\PopCap Games
[2010/04/28 11:36:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/04/28 11:35:59 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\deploytk.dll
[2010/04/28 11:35:59 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javacpl.cpl
[2010/04/28 11:35:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Sun
[2010/04/27 18:30:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2010/04/27 18:30:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Opera
[2010/04/27 18:30:41 | 000,000,000 | ---D | C] -- D:\Program Files\Opera
[2010/04/27 10:48:10 | 000,010,240 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\BsMonUI.dll
[2010/04/27 10:48:06 | 000,018,944 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\BsMonSvr.dll
[2010/04/27 10:47:52 | 000,503,897 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\BsUI.dll
[2010/04/27 10:47:44 | 000,057,430 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\btfunc.dll
[2010/04/27 10:47:36 | 000,278,647 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\outlookAddin.dll
[2010/04/27 10:47:08 | 000,053,248 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\HtmPrintHelper.dll
[2010/04/27 10:47:02 | 000,114,774 | ---- | C] (Versit Consortium (Apple Computer, AT&T, IBM and Siemens)) -- D:\WINDOWS\System32\versit.dll
[2010/04/27 10:46:52 | 000,626,789 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\BsShell.dll
[2010/04/27 10:46:36 | 000,618,582 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\Bscdlg.dll
[2010/04/27 10:46:14 | 000,127,076 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\BsProfileFunc.dll
[2010/04/27 10:45:44 | 000,151,642 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\BsCommon.dll
[2010/04/27 10:45:36 | 000,094,314 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\BsHelpCSps.dll
[2010/04/27 10:45:34 | 000,606,323 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\BlueSoleilCSps.dll
[2010/04/27 10:44:24 | 000,028,766 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\PlayerCtrl.dll
[2010/04/27 10:44:20 | 000,106,595 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\Bs2Res.dll
[2010/04/27 10:44:18 | 000,139,360 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\BsMobileSDK.dll
[2010/04/27 10:44:04 | 000,258,132 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\BsSDK.dll
[2010/04/27 10:43:18 | 000,028,760 | ---- | C] (IVT Corporation) -- D:\WINDOWS\System32\BsTrace.dll
[2010/04/27 06:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- D:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/25 21:16:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NOS
[2010/04/25 13:25:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\Documents and Settings\Administrator\*.tmp files -> D:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 13:29:12 | 000,001,192 | ---- | M] () -- D:\WINDOWS\System32\bscs.ini
[2010/05/23 13:29:10 | 000,000,752 | ---- | M] () -- D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
[2010/05/23 13:29:05 | 000,081,191 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2010/05/23 13:29:02 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/05/23 13:29:01 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/05/23 13:24:06 | 002,359,296 | -H-- | M] () -- D:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/23 13:24:06 | 000,006,510 | ---- | M] () -- D:\WINDOWS\System32\LOCALSERVICE.INI
[2010/05/23 13:24:06 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Administrator\ntuser.ini
[2010/05/23 13:18:08 | 000,000,354 | ---- | M] () -- D:\WINDOWS\tasks\At1.job
[2010/05/23 13:01:00 | 000,000,250 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/05/23 12:32:49 | 000,015,872 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 12:20:37 | 000,000,696 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 07:26:10 | 000,009,369 | RHS- | M] () -- D:\WINDOWS\System32\setting.ini
[2010/05/23 07:26:05 | 000,000,103 | RHS- | M] () -- D:\WINDOWS\System32\autorun.ini
[2010/05/23 07:17:51 | 000,000,268 | ---- | M] () -- D:\WINDOWS\system.ini
[2010/05/23 06:25:36 | 000,355,666 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/23 06:25:36 | 000,311,998 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/05/23 06:25:36 | 000,039,566 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/05/22 21:31:51 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2010/05/22 20:57:55 | 000,128,274 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Outing Swimming.jpg
[2010/05/22 20:08:37 | 000,021,840 | ---- | M] () -- D:\WINDOWS\System32\SIntfNT.dll
[2010/05/22 20:08:37 | 000,017,212 | ---- | M] () -- D:\WINDOWS\System32\SIntf32.dll
[2010/05/22 20:08:37 | 000,012,067 | ---- | M] () -- D:\WINDOWS\System32\SIntf16.dll
[2010/05/22 10:10:38 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/05/22 10:04:20 | 004,810,048 | -H-- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/05/22 06:08:11 | 000,001,437 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\SGH-i900 My Documents.LNK
[2010/05/22 06:08:02 | 000,000,947 | ---- | M] () -- D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/05/20 20:41:42 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\SHORTCUT.INI
[2010/05/20 20:41:42 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\REMOTEDEVICE.INI
[2010/05/20 20:41:42 | 000,000,000 | ---- | M] () -- D:\WINDOWS\BsMobileModel.ini
[2010/05/20 20:31:15 | 000,000,101 | ---- | M] () -- D:\WINDOWS\System32\LOCALDEVICE.INI
[2010/05/20 19:54:43 | 000,000,032 | ---- | M] () -- D:\WINDOWS\0
[2010/05/20 19:54:42 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\BSPRINT.INI
[2010/05/20 19:54:08 | 000,001,680 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\BlueSoleil Space.lnk
[2010/05/20 19:54:00 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\0
[2010/05/20 08:10:57 | 000,002,528 | ---- | M] () -- D:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/05/19 21:35:49 | 000,681,472 | ---- | M] (KM-Software) -- D:\Documents and Settings\Administrator\My Documents\msvcrt(DEBUG).dll
[2010/05/19 21:34:48 | 000,001,908 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\cc_20100519_2134.reg
[2010/05/18 05:43:24 | 000,000,564 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\YsF.lnk
[2010/05/18 05:43:24 | 000,000,561 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\YsF Setup.lnk
[2010/05/16 19:03:09 | 003,722,688 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\YouTube- Final Fantasy X Battle Theme.mp3
[2010/05/15 08:04:00 | 000,031,673 | ---- | M] () -- D:\WINDOWS\DIIUnin.dat
[2010/05/15 07:59:26 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- D:\WINDOWS\DIIUnin.exe
[2010/05/15 07:59:26 | 000,002,829 | ---- | M] () -- D:\WINDOWS\DIIUnin.pif
[2010/05/15 07:37:38 | 000,691,696 | ---- | M] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2010/05/15 07:34:32 | 000,000,719 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/13 17:12:18 | 000,009,836 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\cc_20100513_1712.reg
[2010/05/11 14:32:26 | 000,002,938 | ---- | M] () -- D:\WINDOWS\System32\unins000.dat
[2010/05/11 14:32:20 | 000,716,153 | ---- | M] () -- D:\WINDOWS\System32\unins000.exe
[2010/05/11 07:20:52 | 000,000,694 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Smart Bro.lnk
[2010/05/09 06:05:46 | 000,263,024 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/08 22:47:25 | 000,000,552 | ---- | M] () -- D:\WINDOWS\win.ini
[2010/05/08 17:25:44 | 000,000,797 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\YouTube Downloader.lnk
[2010/05/08 17:02:41 | 000,000,168 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Smart#.rtf
[2010/05/03 22:06:38 | 000,000,792 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\frd.lnk
[2010/05/03 08:04:37 | 000,000,922 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Photoshop.lnk
[2010/04/30 18:00:08 | 000,000,994 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Play Plants vs. Zombies.lnk
[2010/04/30 18:00:02 | 000,000,000 | ---- | M] () -- D:\WINDOWS\popcreg.dat
[2010/04/30 18:00:02 | 000,000,000 | ---- | M] () -- D:\WINDOWS\popcinfot.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 11:35:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\deploytk.dll
[2010/04/28 11:35:53 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
[2010/04/28 11:35:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
[2010/04/28 11:35:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
[2010/04/28 11:35:53 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javacpl.cpl
[2010/04/27 19:42:53 | 002,359,350 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\Ultimate.bmp
[2010/04/27 10:48:10 | 000,010,240 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\BsMonUI.dll
[2010/04/27 10:48:06 | 000,018,944 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\BsMonSvr.dll
[2010/04/27 10:47:52 | 000,503,897 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\BsUI.dll
[2010/04/27 10:47:44 | 000,057,430 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\btfunc.dll
[2010/04/27 10:47:36 | 000,278,647 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\outlookAddin.dll
[2010/04/27 10:47:08 | 000,053,248 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\HtmPrintHelper.dll
[2010/04/27 10:47:02 | 000,114,774 | ---- | M] (Versit Consortium (Apple Computer, AT&T, IBM and Siemens)) -- D:\WINDOWS\System32\versit.dll
[2010/04/27 10:46:52 | 000,626,789 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\BsShell.dll
[2010/04/27 10:46:36 | 000,618,582 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\Bscdlg.dll
[2010/04/27 10:46:14 | 000,127,076 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\BsProfileFunc.dll
[2010/04/27 10:45:44 | 000,151,642 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\BsCommon.dll
[2010/04/27 10:45:36 | 000,094,314 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\BsHelpCSps.dll
[2010/04/27 10:45:34 | 000,606,323 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\BlueSoleilCSps.dll
[2010/04/27 10:44:24 | 000,028,766 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\PlayerCtrl.dll
[2010/04/27 10:44:20 | 000,106,595 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\Bs2Res.dll
[2010/04/27 10:44:18 | 000,139,360 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\BsMobileSDK.dll
[2010/04/27 10:44:04 | 000,258,132 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\BsSDK.dll
[2010/04/27 10:43:30 | 000,028,672 | ---- | M] () -- D:\WINDOWS\System32\BsMobileCSps.dll
[2010/04/27 10:43:18 | 000,028,760 | ---- | M] (IVT Corporation) -- D:\WINDOWS\System32\BsTrace.dll
[2010/04/27 06:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- D:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 18:02:36 | 000,262,144 | ---- | M] () -- D:\Documents and Settings\All Users\ntuser.dat
[2010/04/25 13:25:28 | 000,002,344 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\Documents and Settings\Administrator\*.tmp files -> D:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/23 12:20:37 | 000,000,696 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 07:26:10 | 000,009,369 | RHS- | C] () -- D:\WINDOWS\System32\setting.ini
[2010/05/23 07:26:05 | 000,000,354 | ---- | C] () -- D:\WINDOWS\tasks\At1.job
[2010/05/23 07:26:05 | 000,000,103 | RHS- | C] () -- D:\WINDOWS\System32\autorun.ini
[2010/05/22 20:57:55 | 000,128,274 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Outing Swimming.jpg
[2010/05/22 06:08:11 | 000,001,437 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\SGH-i900 My Documents.LNK
[2010/05/22 06:08:02 | 000,000,947 | ---- | C] () -- D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/05/20 20:41:42 | 000,000,000 | ---- | C] () -- D:\WINDOWS\BsMobileModel.ini
[2010/05/20 20:31:50 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\SHORTCUT.INI
[2010/05/20 20:31:19 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\REMOTEDEVICE.INI
[2010/05/20 20:31:15 | 000,006,510 | ---- | C] () -- D:\WINDOWS\System32\LOCALSERVICE.INI
[2010/05/20 20:31:00 | 000,000,101 | ---- | C] () -- D:\WINDOWS\System32\LOCALDEVICE.INI
[2010/05/20 19:54:42 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\BSPRINT.INI
[2010/05/20 19:54:07 | 000,001,680 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\BlueSoleil Space.lnk
[2010/05/20 19:54:00 | 000,000,032 | ---- | C] () -- D:\WINDOWS\0
[2010/05/20 19:54:00 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\0
[2010/05/20 08:10:57 | 000,002,528 | ---- | C] () -- D:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/05/20 08:09:52 | 000,001,374 | ---- | C] () -- D:\WINDOWS\imsins.BAK
[2010/05/19 21:34:45 | 000,001,908 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\cc_20100519_2134.reg
[2010/05/18 05:43:24 | 000,000,561 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\YsF Setup.lnk
[2010/05/18 05:41:49 | 000,000,564 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\YsF.lnk
[2010/05/18 05:36:12 | 000,000,752 | ---- | C] () -- D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
[2010/05/16 19:02:58 | 003,722,688 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\YouTube- Final Fantasy X Battle Theme.mp3
[2010/05/15 08:06:50 | 000,021,840 | ---- | C] () -- D:\WINDOWS\System32\SIntfNT.dll
[2010/05/15 08:06:50 | 000,017,212 | ---- | C] () -- D:\WINDOWS\System32\SIntf32.dll
[2010/05/15 08:06:50 | 000,012,067 | ---- | C] () -- D:\WINDOWS\System32\SIntf16.dll
[2010/05/15 07:59:27 | 000,031,673 | ---- | C] () -- D:\WINDOWS\DIIUnin.dat
[2010/05/15 07:59:26 | 000,002,829 | ---- | C] () -- D:\WINDOWS\DIIUnin.pif
[2010/05/15 07:37:38 | 000,691,696 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2010/05/15 07:34:32 | 000,000,719 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/13 17:12:15 | 000,009,836 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\cc_20100513_1712.reg
[2010/05/13 10:56:38 | 000,001,192 | ---- | C] () -- D:\WINDOWS\System32\bscs.ini
[2010/05/11 14:32:25 | 000,046,469 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\crysis.rtf
[2010/05/11 14:32:25 | 000,000,236 | ---- | C] () -- D:\Program Files\Common Files\dx.reg
[2010/05/11 14:32:23 | 001,029,126 | ---- | C] () -- D:\WINDOWS\System32\d3d10.dll
[2010/05/11 14:32:23 | 000,874,502 | ---- | C] () -- D:\WINDOWS\System32\kernel32new.dll
[2010/05/11 14:32:23 | 000,716,153 | ---- | C] () -- D:\WINDOWS\System32\unins000.exe
[2010/05/11 14:32:23 | 000,681,478 | ---- | C] () -- D:\WINDOWS\System32\msvcrtnew.dll
[2010/05/11 14:32:23 | 000,187,398 | ---- | C] () -- D:\WINDOWS\System32\d3d10core.dll
[2010/05/11 14:32:23 | 000,002,938 | ---- | C] () -- D:\WINDOWS\System32\unins000.dat
[2010/05/11 07:20:52 | 000,000,694 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Smart Bro.lnk
[2010/05/08 17:25:44 | 000,000,797 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\YouTube Downloader.lnk
[2010/05/08 17:02:41 | 000,000,168 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Smart#.rtf
[2010/05/04 11:58:44 | 000,000,582 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\GrandChase.lnk
[2010/05/04 05:22:15 | 000,165,376 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2010/05/04 05:22:15 | 000,000,038 | ---- | C] () -- D:\WINDOWS\avisplitter.ini
[2010/05/04 05:22:13 | 000,000,414 | ---- | C] () -- D:\WINDOWS\System32\lame_acm.xml
[2010/05/04 05:22:12 | 000,881,664 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2010/05/04 05:22:12 | 000,205,824 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2010/05/04 05:22:10 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/05/04 05:22:09 | 000,085,504 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2010/05/04 05:04:38 | 000,015,872 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/03 22:47:54 | 000,000,250 | ---- | C] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/05/03 22:06:38 | 000,000,792 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\frd.lnk
[2010/05/03 08:04:37 | 000,000,922 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Photoshop.lnk
[2010/04/30 18:00:07 | 000,000,994 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Play Plants vs. Zombies.lnk
[2010/04/30 18:00:02 | 000,000,000 | ---- | C] () -- D:\WINDOWS\popcreg.dat
[2010/04/30 18:00:02 | 000,000,000 | ---- | C] () -- D:\WINDOWS\popcinfot.dat
[2010/04/27 19:42:53 | 002,359,350 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\Ultimate.bmp
[2010/04/27 10:43:30 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\BsMobileCSps.dll
[2010/04/26 18:02:36 | 000,262,144 | ---- | C] () -- D:\Documents and Settings\All Users\ntuser.dat
[2010/04/26 18:02:36 | 000,001,024 | -H-- | C] () -- D:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/04/25 13:25:28 | 000,002,344 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/04/06 18:33:10 | 000,025,864 | ---- | C] () -- D:\WINDOWS\System32\drivers\btnetBus.sys
[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\BsVistaCommon.dll
[2006/08/16 15:35:00 | 001,662,976 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/16 15:35:00 | 001,470,464 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2006/08/16 15:35:00 | 001,019,904 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2006/08/16 15:35:00 | 000,581,632 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 15:35:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2006/08/16 15:35:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/16 15:35:00 | 000,196,608 | ---- | C] () -- D:\WINDOWS\System32\nvapi.dll
[2005/12/01 21:26:21 | 000,000,114 | ---- | C] () -- D:\WINDOWS\System32\oeminfo.ini
[2005/11/22 15:49:22 | 000,394,240 | ---- | C] () -- D:\WINDOWS\System32\HMTCD.dll
[2001/08/24 01:00:00 | 000,061,440 | ---- | C] () -- D:\WINDOWS\System32\CopyToSendTo.dll
< End of report >

crestfall77
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-05-23
OS OS : XP
Points Points : 23888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help on Removing a Virus

Post by crestfall77 on Sun May 23, 2010 5:39 am

Here is the Extras.txt

OTL Extras logfile created on: 5/23/2010 12:08:37 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = D:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 41.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 48.83 Gb Total Space | 23.60 Gb Free Space | 48.34% Space Free | Partition Type: NTFS
Drive D: | 62.95 Gb Total Space | 16.28 Gb Free Space | 25.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THESERVER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.inf [@ = inffile] -- D:\WINDOWS\System32\NOTEPAD2.EXE ()
.ini [@ = inifile] -- D:\WINDOWS\System32\NOTEPAD2.EXE ()
.txt [@ = txtfile] -- D:\WINDOWS\System32\NOTEPAD2.EXE ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [edit] -- D:\WINDOWS\system32\NOTEPAD2.EXE %1 ()
batfile [open] -- "%1" %*
cmdfile [edit] -- D:\WINDOWS\system32\NOTEPAD2.EXE %1 ()
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [open] -- D:\WINDOWS\system32\NOTEPAD2.EXE %1 ()
inifile [open] -- D:\WINDOWS\system32\NOTEPAD2.EXE %1 ()
jsfile [edit] -- D:\WINDOWS\system32\Notepad2.exe %1 ()
jsefile [edit] -- D:\WINDOWS\system32\Notepad2.exe %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- D:\WINDOWS\system32\NOTEPAD2.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- D:\WINDOWS\system32\NOTEPAD2.EXE %1 ()
vbefile [edit] -- D:\WINDOWS\system32\Notepad2.exe %1 ()
vbsfile [edit] -- D:\WINDOWS\system32\Notepad2.exe %1 ()
wsffile [edit] -- D:\WINDOWS\system32\Notepad2.exe %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe" = D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe" = D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe" = D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe" = D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- (IVT Corporation)
"F:\mp3\mp3.exe" = F:\mp3\mp3.exe:*:Enabled:ipsec -- File not found
"D:\WINDOWS\Explorer.EXE" = D:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqsuysk.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqsuysk.exe:*:Enabled:ipsec -- ()
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windpqobe.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windpqobe.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fhtyg.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fhtyg.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvmcd.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvmcd.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\silm.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\silm.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bwxk.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bwxk.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\asdnqy.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\asdnqy.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpbikqo.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpbikqo.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\patvt.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\patvt.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\whwx.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\whwx.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvxifw.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvxifw.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxjxyt.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxjxyt.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xvdrf.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xvdrf.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpdtps.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpdtps.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winahjc.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winahjc.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwmjsq.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwmjsq.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwngp.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwngp.exe:*:Enabled:ipsec -- File not found
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winilor.exe" = D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winilor.exe:*:Enabled:ipsec -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{475CEB7F-F373-743A-AC19-7CE00D01A74A}" = ViiKii Desktop Plug-in
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8AA80787-4900-4E5A-B8C1-43D32672D6F9}" = BlueSoleil 6.4.314.3
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{BBD9FAD7-F782-4548-B00F-E612322950F6}" = GameClub Launcher (Remove only)
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH PC Camera H
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Attribute Changer" = Attribute Changer 5.23
"Avira AntiVir Desktop" = Avira AntiVir Premium
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Garena" = Garena 2010
"iDate" = iDate(Remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Marat" = Marat
"MorphGear" = MorphGear
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Plants vs. Zombies" = Plants vs. Zombies
"RealAlt_is1" = Real Alternative 1.45
"RegShot" = RegShot 1.7
"Smart Bro" = Smart Bro
"TaskSwitchXP" = TaskSwitchXP
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1" = ViiKii Desktop Plug-in
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0
"YSF_WIN" = YsF

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2010 8:01:35 AM | Computer Name = THESERVER | Source = ESENT | ID = 490
Description = svchost (1056) An attempt to open the file "D:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/11/2010 8:01:35 AM | Computer Name = THESERVER | Source = ESENT | ID = 470
Description = Catalog Database (1056) Database D:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 5/13/2010 11:49:53 PM | Computer Name = THESERVER | Source = ESENT | ID = 490
Description = svchost (1060) An attempt to open the file "D:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/18/2010 5:32:17 AM | Computer Name = THESERVER | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "D:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/19/2010 5:29:22 PM | Computer Name = THESERVER | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer ContentIndexingService
called routine VsServiceChangeState which failed with status 0x80070424 (converted
to 0x800423f4).

Error - 5/19/2010 5:34:28 PM | Computer Name = THESERVER | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer ContentIndexingService
called routine VsServiceChangeState which failed with status 0x80070424 (converted
to 0x800423f4).

Error - 5/19/2010 5:34:48 PM | Computer Name = THESERVER | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer ContentIndexingService
called routine VsServiceChangeState which failed with status 0x80070424 (converted
to 0x800423f4).

Error - 5/19/2010 5:35:03 PM | Computer Name = THESERVER | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer ContentIndexingService
called routine VsServiceChangeState which failed with status 0x80070424 (converted
to 0x800423f4).

Error - 5/21/2010 7:04:47 PM | Computer Name = THESERVER | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 10.0.0.3802, faulting module
wmp.dll, version 10.0.0.4074, fault address 0x000748f0.

Error - 5/21/2010 7:05:37 PM | Computer Name = THESERVER | Source = Application Error | ID = 1000
Description = Faulting application wcesmgr.exe, version 4.5.5096.0, faulting module
wmp.dll, version 10.0.0.4074, fault address 0x003d3a6b.

[ System Events ]
Error - 5/20/2010 8:36:49 AM | Computer Name = THESERVER | Source = Service Control Manager | ID = 7000
Description = The BsMobileCS service failed to start due to the following error:
%%1053

Error - 5/20/2010 8:36:49 AM | Computer Name = THESERVER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service BsMobileCS
with arguments "-Service" in order to run the server: {5408AB86-5A2A-4BC5-A406-A0E805A8BF93}

Error - 5/20/2010 8:36:49 AM | Computer Name = THESERVER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service BsMobileCS
with arguments "-Service" in order to run the server: {5408AB86-5A2A-4BC5-A406-A0E805A8BF93}

Error - 5/20/2010 8:36:49 AM | Computer Name = THESERVER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service BsMobileCS
with arguments "-Service" in order to run the server: {5408AB86-5A2A-4BC5-A406-A0E805A8BF93}

Error - 5/20/2010 8:36:49 AM | Computer Name = THESERVER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BsMobileCS service to
connect.

Error - 5/20/2010 8:36:49 AM | Computer Name = THESERVER | Source = Service Control Manager | ID = 7000
Description = The BsMobileCS service failed to start due to the following error:
%%1053

Error - 5/20/2010 8:36:49 AM | Computer Name = THESERVER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BsMobileCS service to
connect.

Error - 5/20/2010 8:36:49 AM | Computer Name = THESERVER | Source = Service Control Manager | ID = 7000
Description = The BsMobileCS service failed to start due to the following error:
%%1053

Error - 5/20/2010 8:36:49 AM | Computer Name = THESERVER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BsMobileCS service to
connect.

Error - 5/20/2010 8:36:49 AM | Computer Name = THESERVER | Source = Service Control Manager | ID = 7000
Description = The BsMobileCS service failed to start due to the following error:
%%1053


< End of report >

crestfall77
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-05-23
OS OS : XP
Points Points : 23888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need Help on Removing a Virus

Post by Belahzur on Sun May 23, 2010 2:09 pm

I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Sality. Sality is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


For more information, please see [You must be registered and logged in to see this link.]

Instructions how to format and reinstall Windows can be found [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum