Antimalware Doctor virus

View previous topic View next topic Go down

Antimalware Doctor virus

Post by cutenik211 on 26th July 2010, 9:28 pm

I dont know what happened, this Program Antimalware Doctor just installed itself in my computer, i dont know where it came from. Then My AVG software warn me that i was infected With trojan virus, i tried to removed but My avg closed off and every time i open it. it wont let me and it wont let me go to the Internet too. Im using my Laptop right now what should i do? This is really urgent. :O

cutenik211
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-08-22
Gender Gender : Female
OS OS : XP
Points Points : 27008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by Belahzur on 26th July 2010, 9:30 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by cutenik211 on 26th July 2010, 9:56 pm

I have a bit of a problem, My Internet on my computer is not working. so i download it in my Laptop and tranfer it in my computer with a usb memory stick. The problem is everytime i click on it says OTL.EXE is infected. and something about a antivirus to be activated. Sad tearing

cutenik211
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-08-22
Gender Gender : Female
OS OS : XP
Points Points : 27008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by cutenik211 on 26th July 2010, 10:24 pm

Nevermind what i wrote from above, i found away in able to use the OTL.exe by putting the in safe mode here are the logs Smile
________________________________________________________________OTL logfile created on: 7/26/2010 4:51:17 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = I:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 6.03 Gb Free Space | 8.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 955.72 Mb Total Space | 955.16 Mb Free Space | 99.94% Space Free | Partition Type: FAT

Computer Name: JGAZA-BDC3015D9
Current User Name: nikki
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/26 16:36:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2010/07/15 12:04:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/26 16:36:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
MOD - [2004/08/04 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe -- (WMP54Gv4SVC)
SRV - [2010/07/21 08:42:48 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 12:05:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/07/15 12:05:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 12:04:44 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 09:46:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/13 20:12:46 | 000,000,000 | ---D | M] [Kernel | On_Demand | Stopped] -- C:\svchost.exe\ -- (catchme)
DRV - [2009/07/14 13:54:00 | 007,741,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/02 15:15:26 | 006,008,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/06/06 14:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/07/05 18:08:28 | 000,241,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/03/17 20:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2004/08/12 19:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/04/16 01:20:14 | 000,090,700 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2002/10/01 15:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPCA561.SYS -- (CA561) ICatch (VI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {1CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-star.net/?sid=10101045100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 08:43:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/21 23:59:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 14:19:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 14:19:38 | 000,000,000 | ---D | M]

[2010/06/03 21:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nikki\Application Data\Mozilla\Extensions
[2010/06/03 21:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nikki\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/26 16:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nikki\Application Data\Mozilla\Firefox\Profiles\es52l3bd.default\extensions
[2009/12/28 09:32:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\nikki\Application Data\Mozilla\Firefox\Profiles\es52l3bd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/18 13:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nikki\Application Data\Mozilla\Firefox\Profiles\es52l3bd.default\extensions\DefaultManager@Microsoft
[2010/03/12 23:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nikki\Application Data\Mozilla\Firefox\Profiles\es52l3bd.default\extensions\personas@christopher.beard
[2010/07/26 16:10:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/26 16:10:47 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
[2010/07/26 07:38:42 | 000,002,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2009/10/14 19:03:54 | 000,343,356 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11796 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (adShotHlpr Object) - {DA3F1CDD-8C2D-4446-B6AE-09680DAFDF05} - C:\WINDOWS\system32\oxigp.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bojudyju] C:\Documents and Settings\nikki\Local Settings\Application Data\fyvwcpkcx\mauyloqtssd.exe ()
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MChk] C:\WINDOWS\System32\bxigp.exe File not found
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [sta] C:\WINDOWS\System32\oxigp.dll ()
O4 - HKCU..\Run: [releaseversion70700.exe] C:\Documents and Settings\nikki\Application Data\930958B218DCB44CA4D6371563044EDD\releaseversion70700.exe (MS)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Xhaba] C:\WINDOWS\sxlsex80.DLL (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\nikki\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\nikki\Application Data\930958B218DCB44CA4D6371563044EDD\releaseversion70700.exe (MS)
O4 - Startup: C:\Documents and Settings\nikki\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\nikki\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\nikki\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: RTHDBPL = C:\DOCUME~1\nikki\LOCALS~1\Temp\soenxrwcma.tmp ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: jgyo0w = C:\DOCUME~1\nikki\LOCALS~1\Temp\19aqp.exe File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] Files\Sally's Spa\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} [You must be registered and logged in to see this link.] Files\Sally's Spa\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/30 02:46:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/26 16:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nikki\Application Data\Sky-Banners
[2010/07/26 16:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nikki\Local Settings\Application Data\fyvwcpkcx
[2010/07/26 16:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/26 16:10:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\nikki\Application Data\SystemProc
[2010/07/26 16:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nikki\Application Data\930958B218DCB44CA4D6371563044EDD
[2010/07/22 14:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nikki\My Documents\Any DVD Converter Professional
[2010/07/22 14:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nikki\Application Data\AnvSoft
[2010/07/22 14:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/07/22 14:13:27 | 018,330,576 | ---- | C] (Any-DVD-Converter.com ) -- C:\Documents and Settings\nikki\Desktop\any-dvd-converter.exe
[2010/07/22 13:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nikki\Application Data\NCH Swift Sound
[2010/07/20 14:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nikki\Local Settings\Application Data\Identities
[2010/07/20 14:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nikki\My Documents\VideoPad Projects
[2010/07/20 14:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/07/20 14:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/07/20 14:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/07/20 14:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/07/20 14:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nikki\Application Data\NCH Software
[2010/07/20 13:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2010/07/20 13:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2010/07/17 18:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/15 12:05:18 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Files - Modified Within 30 Days ==========

[2010/07/26 16:50:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/26 16:49:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/26 16:48:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/26 16:48:17 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\nikki\NTUSER.DAT
[2010/07/26 16:48:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\nikki\ntuser.ini
[2010/07/26 16:47:48 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\nikki\Desktop\Shortcut to OTL.lnk
[2010/07/26 16:46:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9387AF0C-9827-4C56-8418-C356C23D5B76}.job
[2010/07/26 16:45:14 | 000,002,767 | ---- | M] () -- C:\WINDOWS\icokonib.dll
[2010/07/26 16:44:31 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\nikki\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
[2010/07/26 16:43:32 | 000,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/26 16:43:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/26 16:43:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/26 16:12:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\nikki\Local Settings\Application Data\prvlcl.dat
[2010/07/26 16:11:28 | 000,001,219 | ---- | M] () -- C:\Documents and Settings\nikki\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/07/26 16:11:28 | 000,001,207 | ---- | M] () -- C:\Documents and Settings\nikki\Desktop\Antimalware Doctor.lnk
[2010/07/26 16:11:28 | 000,001,185 | ---- | M] () -- C:\Documents and Settings\nikki\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/07/26 16:11:04 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2010/07/26 16:11:04 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/26 14:18:11 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\nikki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/26 14:04:52 | 062,552,093 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/22 20:17:14 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2010/07/22 16:22:39 | 000,007,168 | -H-- | M] () -- C:\Documents and Settings\nikki\My Documents\photothumb.db
[2010/07/22 16:21:50 | 000,003,744 | ---- | M] () -- C:\Documents and Settings\nikki\.recently-used.xbel
[2010/07/22 14:13:53 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\nikki\Desktop\Any DVD Converter Professional.lnk
[2010/07/22 14:13:27 | 018,330,576 | ---- | M] (Any-DVD-Converter.com ) -- C:\Documents and Settings\nikki\Desktop\any-dvd-converter.exe
[2010/07/22 13:57:56 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/07/22 13:56:05 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\mixpadShakeIcon.job
[2010/07/20 14:44:33 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PhotoPad Image Editor.lnk
[2010/07/20 14:05:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MixPad Audio Mixer.lnk
[2010/07/20 14:05:49 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\photostageSevenDays.job
[2010/07/20 14:05:48 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2010/07/20 14:05:42 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PhotoStage Slideshow Producer.lnk
[2010/07/20 14:05:33 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2010/07/20 14:04:37 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2010/07/20 13:36:36 | 000,626,775 | ---- | M] () -- C:\Documents and Settings\nikki\My Documents\By Your Side_0001.wma
[2010/07/20 13:32:49 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\nikki\Desktop\SolveigMM AVI Trimmer.lnk
[2010/07/17 18:00:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/07/17 15:17:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/15 23:11:22 | 000,294,912 | ---- | M] () -- C:\WINDOWS\System32\oxigp.dll
[2010/07/15 12:10:28 | 000,000,096 | -H-- | M] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/07/15 12:05:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 12:05:18 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 12:04:44 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/12 22:51:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/30 21:11:10 | 000,032,784 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2010/07/26 16:47:48 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\nikki\Desktop\Shortcut to OTL.lnk
[2010/07/26 16:45:14 | 000,002,767 | ---- | C] () -- C:\WINDOWS\icokonib.dll
[2010/07/26 16:11:28 | 000,001,219 | ---- | C] () -- C:\Documents and Settings\nikki\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/07/26 16:11:28 | 000,001,207 | ---- | C] () -- C:\Documents and Settings\nikki\Desktop\Antimalware Doctor.lnk
[2010/07/26 16:11:28 | 000,001,185 | ---- | C] () -- C:\Documents and Settings\nikki\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/07/26 16:11:04 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job
[2010/07/26 16:11:02 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/22 20:17:12 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2010/07/22 16:21:50 | 000,003,744 | ---- | C] () -- C:\Documents and Settings\nikki\.recently-used.xbel
[2010/07/22 14:13:53 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\nikki\Desktop\Any DVD Converter Professional.lnk
[2010/07/22 13:57:55 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/07/22 13:56:03 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\mixpadShakeIcon.job
[2010/07/20 14:44:33 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhotoPad Image Editor.lnk
[2010/07/20 14:05:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MixPad Audio Mixer.lnk
[2010/07/20 14:05:48 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\photostageSevenDays.job
[2010/07/20 14:05:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2010/07/20 14:05:42 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhotoStage Slideshow Producer.lnk
[2010/07/20 14:05:33 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2010/07/20 14:04:37 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2010/07/20 13:36:34 | 000,626,775 | ---- | C] () -- C:\Documents and Settings\nikki\My Documents\By Your Side_0001.wma
[2010/07/20 13:32:49 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\nikki\Desktop\SolveigMM AVI Trimmer.lnk
[2010/07/15 23:11:22 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\oxigp.dll
[2009/11/02 22:57:55 | 000,000,126 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2009/11/02 22:38:19 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2009/11/02 22:38:19 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2009/09/07 17:56:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/07 17:56:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/07 11:09:33 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/07 11:09:32 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/26 00:35:08 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4943.dll
[2009/04/24 18:53:56 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/09/17 23:55:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 23:55:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 23:55:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 23:55:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 23:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/08/30 11:52:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2008/08/24 22:00:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/08/24 22:00:11 | 000,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/02/12 22:05:38 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\SCLS.DLL
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Files - Unicode (All) ==========
[2009/12/24 16:50:04 | 000,340,176 | ---- | M] ()(C:\Documents and Settings\nikki\My Documents\Super Junior Happy - ??? ??.wmv.sfk) -- C:\Documents and Settings\nikki\My Documents\Super Junior Happy - 파자마 파티.wmv.sfk
[2009/12/24 16:48:49 | 000,340,176 | ---- | C] ()(C:\Documents and Settings\nikki\My Documents\Super Junior Happy - ??? ??.wmv.sfk) -- C:\Documents and Settings\nikki\My Documents\Super Junior Happy - 파자마 파티.wmv.sfk
[2009/07/18 21:05:01 | 033,765,358 | R--- | C] ()(C:\Documents and Settings\nikki\My Documents\Super Junior Happy - ??? ??.wmv) -- C:\Documents and Settings\nikki\My Documents\Super Junior Happy - 파자마 파티.wmv
[2009/07/18 21:04:04 | 033,765,358 | R--- | M] ()(C:\Documents and Settings\nikki\My Documents\Super Junior Happy - ??? ??.wmv) -- C:\Documents and Settings\nikki\My Documents\Super Junior Happy - 파자마 파티.wmv

========== Alternate Data Streams ==========

@Alternate Data Stream - 493 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E3940D6
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DF74DCB
< End of report >

cutenik211
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-08-22
Gender Gender : Female
OS OS : XP
Points Points : 27008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by cutenik211 on 26th July 2010, 10:25 pm

OTL Extras logfile created on: 7/26/2010 4:51:17 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = I:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 6.03 Gb Free Space | 8.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 955.72 Mb Total Space | 955.16 Mb Free Space | 99.94% Space Free | Partition Type: FAT

Computer Name: JGAZA-BDC3015D9
Current User Name: nikki
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:blizzard
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft -- (Blizzard Entertainment)
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe" = C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe:*:Enabled:WMP54Gv4 -- (Linksys)
"C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" = C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe:*:Enabled:SeaPort -- (Microsoft Corp.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14E94112-5F6B-4049-B177-4C7E69D3C3A0}_is1" = Dragonica Online - Open Beta Test
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{475CEB7F-F373-743A-AC19-7CE00D01A74A}" = ViiKii Desktop Plug-in
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = Philips PC Camera
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.6
"Any Video Converter_is1" = Any Video Converter 2.7.6
"AVG9Uninstall" = AVG Free 9.0
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative PD0620" = Creative WebCam Instant Driver (1.00.08.0416)
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Instant User's Guide English" = Creative WebCam Instant User's Guide (English)
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"Fraps" = Fraps
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.5.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotoPad" = PhotoPad Image Editor
"PhotoScape" = PhotoScape
"PhotoStage" = PhotoStage Slideshow Producer
"SCLS" = MSU Screen Capture Lossless Codec v1.2 (Remove Only)
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SystemRequirementsLab" = System Requirements Lab
"Tales of Pirates Online_is1" = Tales of Pirates Online
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"VideoPad" = VideoPad Video Editor
"ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1" = ViiKii Desktop Plug-in
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = GIMP 2.6.6
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2010 8:29:10 PM | Computer Name = JGAZA-BDC3015D9 | Source = Application Error | ID = 1000
Description = Faulting application dragonica.exe, version 0.10.30.2, faulting module
unknown, version 0.0.0.0, fault address 0x042d0acb.

Error - 7/11/2010 9:43:42 PM | Computer Name = JGAZA-BDC3015D9 | Source = Application Error | ID = 1000
Description = Faulting application dragonica.exe, version 0.10.30.2, faulting module
unknown, version 0.0.0.0, fault address 0x042b0b04.

Error - 7/12/2010 6:36:04 PM | Computer Name = JGAZA-BDC3015D9 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/12/2010 6:36:04 PM | Computer Name = JGAZA-BDC3015D9 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 7:28:32 PM | Computer Name = JGAZA-BDC3015D9 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module wmvcore.dll, version 11.0.5705.5043, fault address 0x000fd9bd.

Error - 7/18/2010 9:00:08 PM | Computer Name = JGAZA-BDC3015D9 | Source = MsiInstaller | ID = 11720
Description = Product: Skype Toolbars -- Error 1720. There is a problem with this
Windows Installer package. A script required for this install to complete could
not be run. Contact your support personnel or package vendor. Custom action TerminateSkypeNames2.9634CD8B_3E2F_4F6E_AAFB_AD3F948985A2
script error -2146828218, Microsoft VBscript runtime error: Permission denied:
'GetObject' Line 5, Column 6,

Error - 7/19/2010 4:11:00 AM | Computer Name = JGAZA-BDC3015D9 | Source = MsiInstaller | ID = 11720
Description = Product: Skype Toolbars -- Error 1720. There is a problem with this
Windows Installer package. A script required for this install to complete could
not be run. Contact your support personnel or package vendor. Custom action TerminateSkypeNames2.9634CD8B_3E2F_4F6E_AAFB_AD3F948985A2
script error -2146828218, Microsoft VBscript runtime error: Permission denied:
'GetObject' Line 5, Column 6,

Error - 7/20/2010 9:25:52 AM | Computer Name = JGAZA-BDC3015D9 | Source = MsiInstaller | ID = 11720
Description = Product: Skype Toolbars -- Error 1720. There is a problem with this
Windows Installer package. A script required for this install to complete could
not be run. Contact your support personnel or package vendor. Custom action TerminateSkypeNames2.9634CD8B_3E2F_4F6E_AAFB_AD3F948985A2
script error -2146828218, Microsoft VBscript runtime error: Permission denied:
'GetObject' Line 5, Column 6,

Error - 7/20/2010 8:15:44 PM | Computer Name = JGAZA-BDC3015D9 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 7/22/2010 2:52:22 PM | Computer Name = JGAZA-BDC3015D9 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

[ OSession Events ]
Error - 7/13/2010 1:54:29 PM | Computer Name = JGAZA-BDC3015D9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1535
seconds with 540 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/26/2010 5:49:38 PM | Computer Name = JGAZA-BDC3015D9 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/26/2010 5:50:28 PM | Computer Name = JGAZA-BDC3015D9 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/26/2010 5:50:53 PM | Computer Name = JGAZA-BDC3015D9 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 7/26/2010 5:50:53 PM | Computer Name = JGAZA-BDC3015D9 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 7/26/2010 5:50:53 PM | Computer Name = JGAZA-BDC3015D9 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 7/26/2010 5:50:53 PM | Computer Name = JGAZA-BDC3015D9 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 7/26/2010 5:50:53 PM | Computer Name = JGAZA-BDC3015D9 | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 7/26/2010 5:50:53 PM | Computer Name = JGAZA-BDC3015D9 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 7/26/2010 5:50:53 PM | Computer Name = JGAZA-BDC3015D9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Beep Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 7/26/2010 5:50:55 PM | Computer Name = JGAZA-BDC3015D9 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}


< End of report >

cutenik211
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-08-22
Gender Gender : Female
OS OS : XP
Points Points : 27008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by Belahzur on 27th July 2010, 9:10 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (adShotHlpr Object) - {DA3F1CDD-8C2D-4446-B6AE-09680DAFDF05} - C:\WINDOWS\system32\oxigp.dll ()
    O4 - HKLM..\Run: [bojudyju] C:\Documents and Settings\nikki\Local Settings\Application Data\fyvwcpkcx\mauyloqtssd.exe ()
    O4 - HKLM..\Run: [sta] C:\WINDOWS\System32\oxigp.dll ()
    O4 - HKCU..\Run: [releaseversion70700.exe] C:\Documents and Settings\nikki\Application Data\930958B218DCB44CA4D6371563044EDD\releaseversion70700.exe (MS)
    O4 - HKCU..\Run: [Xhaba] C:\WINDOWS\sxlsex80.DLL (CyberLink Corp.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: RTHDBPL = C:\DOCUME~1\nikki\LOCALS~1\Temp\soenxrwcma.tmp ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: jgyo0w = C:\DOCUME~1\nikki\LOCALS~1\Temp\19aqp.exe File not found
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2010/07/26 16:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nikki\Local Settings\Application Data\fyvwcpkcx
    [2010/07/26 16:11:28 | 000,001,219 | ---- | M] () -- C:\Documents and Settings\nikki\Start Menu\Programs\Startup\Antimalware Doctor.lnk
    [2010/07/26 16:11:28 | 000,001,207 | ---- | M] () -- C:\Documents and Settings\nikki\Desktop\Antimalware Doctor.lnk
    [2010/07/26 16:11:28 | 000,001,185 | ---- | M] () -- C:\Documents and Settings\nikki\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum