Antimalware Doctor virus

View previous topic View next topic Go down

Antimalware Doctor virus

Post by nathaliedaigle on Thu Sep 09, 2010 10:25 pm

Hello,
I know I was here before for the same problem, but i'm actually just doing this for my sister, the virus is on her laptop now... can you's help me out? thanks in advance...
I'll post the first logs from the OTL scan.


nathaliedaigle
Novice
Novice

Status :
Online
Offline

Posts Posts : 35
Joined Joined : 2010-07-22
OS : windows vista

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by nathaliedaigle on Thu Sep 09, 2010 10:28 pm

OTL logfile created on: 09/09/2010 4:38:18 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Chantal\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.96 Gb Total Space | 65.77 Gb Free Space | 46.66% Space Free | Partition Type: NTFS
Drive D: | 8.09 Gb Total Space | 1.79 Gb Free Space | 22.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANTAL-PC
Current User Name: Chantal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/09 16:37:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chantal\Desktop\OTL.com
PRC - [2010/09/09 16:13:14 | 001,062,912 | ---- | M] (MS) -- C:\Users\Chantal\AppData\Roaming\4A846979E7A4D5AC33D22D3195D3E3EA\mediafix70700en02.exe
PRC - [2010/08/25 21:33:23 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/08/01 00:42:40 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/18 13:13:17 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/31 09:35:15 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/31 09:35:07 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/07/31 09:35:03 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/31 09:34:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/31 09:34:34 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/29 03:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/01 20:10:54 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2007/03/29 14:59:42 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe
PRC - [2007/03/29 14:59:42 | 000,073,728 | ---- | M] (Starz) -- C:\Program Files\Vongo\Tray.exe
PRC - [2007/03/28 21:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/09/09 16:37:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chantal\Desktop\OTL.com
MOD - [2009/07/31 09:35:15 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
MOD - [2006/11/02 06:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
MOD - [2006/11/02 06:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/31 09:35:03 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/31 09:34:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/06/25 18:59:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/08 14:42:15 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/29 14:59:42 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2007/03/28 21:45:38 | 000,118,877 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/28 21:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/09 18:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/10/21 03:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/31 09:35:16 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/07/31 09:35:15 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/09 17:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/08 09:55:00 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/05/08 09:54:46 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2007/02/28 15:26:00 | 004,465,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/22 13:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 05:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/13 00:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/03 12:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 12:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/12/22 18:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/30 14:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/15 14:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 09:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 07:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 06:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 06:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 06:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 06:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 06:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 06:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 06:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 06:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 06:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 06:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 06:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 06:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 06:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 06:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 06:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 06:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 06:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 06:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 06:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 06:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 06:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 06:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 06:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 06:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 06:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 06:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 06:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 06:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 06:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 06:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 06:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 06:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 06:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 06:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 06:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 05:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 05:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 05:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 05:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 05:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 05:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 04:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 04:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 04:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 04:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/19 00:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/19 00:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/19 00:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/18 23:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/08/05 06:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {33a329ee-7f7d-471e-ac67-15c54d970678} - C:\Program Files\Jaybob's_Movies\tbJayb.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {33a329ee-7f7d-471e-ac67-15c54d970678} - C:\Program Files\Jaybob's_Movies\tbJayb.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mail.redcow.ca"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 13:03:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/06 22:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/06 22:59:29 | 000,000,000 | ---D | M]

[2008/09/10 18:49:14 | 000,000,000 | ---D | M] -- C:\Users\Chantal\AppData\Roaming\Mozilla\Extensions
[2010/05/31 13:13:20 | 000,000,000 | ---D | M] -- C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\extensions
[2010/01/23 16:11:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/17 15:34:28 | 000,000,000 | ---D | M] -- C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2010/02/24 12:31:57 | 000,001,595 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\searchplugins\amazondotcom.xml
[2009/05/06 10:12:41 | 000,001,595 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\searchplugins\ebay.xml
[2009/02/09 23:24:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 18:41:30 | 000,000,736 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Jaybob's Movies Toolbar) - {33a329ee-7f7d-471e-ac67-15c54d970678} - C:\Program Files\Jaybob's_Movies\tbJayb.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Jaybob's Movies Toolbar) - {33a329ee-7f7d-471e-ac67-15c54d970678} - C:\Program Files\Jaybob's_Movies\tbJayb.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Jaybob's Movies Toolbar) - {33A329EE-7F7D-471E-AC67-15C54D970678} - C:\Program Files\Jaybob's_Movies\tbJayb.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe File not found
O4 - HKCU..\Run: [mediafix70700en02.exe] C:\Users\Chantal\AppData\Roaming\4A846979E7A4D5AC33D22D3195D3E3EA\mediafix70700en02.exe (MS)
O4 - HKCU..\Run: [nxacwrmeos.exe] C:\Users\Chantal\AppData\Local\Temp\nxacwrmeos.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chantal\Pictures\Randomly_Backgrounds_by_Za29.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chantal\Pictures\Randomly_Backgrounds_by_Za29.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/04 15:59:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 12:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{1ea04d78-bf6c-11de-aefb-001636d7a5a8}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\{a6238ce5-adb9-11dd-9b9f-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{a6238ce5-adb9-11dd-9b9f-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {77A7A6CE-B2B4-C577-DFCB-D8BF43BF0E9E} - Java (Sun)
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {984FC254-1146-D27F-6284-1C648C4E9E90} -
ActiveX: {9F4E6918-9D38-44A4-DA40-3669316033BE} - Microsoft Windows Media Player 11.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/09/09 16:37:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Chantal\Desktop\OTL.com
[2010/09/09 16:12:59 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010/09/09 16:12:57 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/09 16:12:48 | 000,000,000 | ---D | C] -- C:\Users\Chantal\AppData\Roaming\4A846979E7A4D5AC33D22D3195D3E3EA
[2010/08/30 17:49:45 | 000,000,000 | ---D | C] -- C:\Users\Chantal\Desktop\The Real L Word
[2010/08/26 23:03:17 | 000,000,000 | ---D | C] -- C:\Users\Chantal\AppData\Roaming\skypePM
[2010/08/26 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\Chantal\AppData\Roaming\Skype
[2010/08/26 23:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/26 23:01:03 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/26 22:59:08 | 023,173,416 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Chantal\Desktop\SkypeSetupFull-Beta.exe
[2007/07/04 21:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/09 16:51:32 | 003,145,728 | -HS- | M] () -- C:\Users\Chantal\ntuser.dat
[2010/09/09 16:37:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chantal\Desktop\OTL.com
[2010/09/09 16:22:53 | 002,990,234 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/09 16:22:52 | 001,332,718 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/09 16:22:52 | 000,005,058 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/09 16:19:18 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/09/09 16:18:39 | 000,013,119 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\nvModes.001
[2010/09/09 16:16:23 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/09 16:16:23 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/09 16:16:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/09 16:16:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/09 16:13:25 | 000,001,100 | ---- | M] () -- C:\Users\Chantal\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/09/08 20:18:19 | 000,013,119 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\nvModes.dat
[2010/09/08 18:49:17 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F650F526-C568-4D3A-87C2-E03AC2725E1E}.job
[2010/09/08 18:37:28 | 064,416,311 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/04 03:50:51 | 002,813,657 | -H-- | M] () -- C:\Users\Chantal\AppData\Local\IconCache.db
[2010/09/02 16:03:58 | 008,111,839 | ---- | M] () -- C:\Users\Chantal\Desktop\Placebo-Trigger Happy Hands-[You must be registered and logged in to see this link.]
[2010/08/30 20:44:10 | 000,043,008 | ---- | M] () -- C:\Users\Chantal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/30 19:23:21 | 008,043,877 | ---- | M] () -- C:\Users\Chantal\Desktop\ly Haines - Knock You Out [Album Mix] ([You must be registered and logged in to see this link.] ( Upload By Hellmanns).mp3
[2010/08/30 17:06:42 | 000,001,102 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\wklnhst.dat
[2010/08/30 15:02:13 | 000,046,539 | ---- | M] () -- C:\Users\Chantal\Documents\001.jpg
[2010/08/26 23:03:20 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/08/26 23:01:09 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/26 23:00:23 | 023,173,416 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Chantal\Desktop\SkypeSetupFull-Beta.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/09 16:13:25 | 000,001,100 | ---- | C] () -- C:\Users\Chantal\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/09/02 16:03:54 | 008,111,839 | ---- | C] () -- C:\Users\Chantal\Desktop\Placebo-Trigger Happy Hands-[You must be registered and logged in to see this link.]
[2010/08/30 19:23:19 | 008,043,877 | ---- | C] () -- C:\Users\Chantal\Desktop\ly Haines - Knock You Out [Album Mix] ([You must be registered and logged in to see this link.] ( Upload By Hellmanns).mp3
[2010/08/30 15:02:38 | 000,046,539 | ---- | C] () -- C:\Users\Chantal\Documents\001.jpg
[2010/08/26 23:03:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/26 23:01:09 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/07/24 22:52:02 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010/07/24 22:52:02 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010/02/25 01:11:35 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/02/24 13:27:01 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/02/24 13:27:01 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/26 22:33:00 | 000,000,004 | ---- | C] () -- C:\Users\Chantal\AppData\Roaming\E2433E
[2009/12/26 22:32:59 | 000,870,128 | ---- | C] () -- C:\Users\Chantal\AppData\Roaming\mcs.rma
[2009/11/21 05:58:16 | 000,017,687 | ---- | C] () -- C:\Windows\System32\93bethiefz570.dll
[2009/10/26 08:47:31 | 000,005,826 | ---- | C] () -- C:\Windows\System32\25416nz5-a-virus6cc9.dll
[2009/10/18 19:03:17 | 000,000,091 | ---- | C] () -- C:\Windows\CDGUIDE.INI
[2009/10/18 19:02:24 | 000,000,680 | ---- | C] () -- C:\Users\Chantal\AppData\Local\d3d9caps.dat
[2009/10/07 19:29:45 | 000,017,389 | ---- | C] () -- C:\Windows\System32\24018haz5tool59f.dll
[2009/10/05 00:49:05 | 000,015,067 | ---- | C] () -- C:\Windows\System32\5730bzc5d9or1569.dll
[2009/09/26 07:27:26 | 000,017,041 | ---- | C] () -- C:\Windows\System32\6503spy29z.dll
[2009/09/23 15:54:02 | 000,011,499 | ---- | C] () -- C:\Windows\System32\95664zot-a-vir5s34d.dll
[2009/09/03 20:34:00 | 000,017,375 | ---- | C] () -- C:\Windows\System32\4fe095dwzre852.dll
[2009/08/17 20:19:42 | 000,001,102 | ---- | C] () -- C:\Users\Chantal\AppData\Roaming\wklnhst.dat
[2009/08/16 18:58:41 | 000,003,616 | ---- | C] () -- C:\Windows\System32\89855roj53z.dll
[2009/08/02 07:01:16 | 000,004,717 | ---- | C] () -- C:\Windows\System32\3ddsza9se2595.dll
[2009/08/01 11:41:59 | 000,018,131 | ---- | C] () -- C:\Windows\System32\59955ha9ktool2zb.dll
[2009/07/19 06:49:01 | 000,018,364 | ---- | C] () -- C:\Windows\System32\29962wor578dz.dll
[2009/06/13 11:49:12 | 000,005,744 | ---- | C] () -- C:\Windows\System32\994535irzs392.dll
[2009/06/09 17:16:42 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/05/14 06:23:24 | 000,003,290 | ---- | C] () -- C:\Windows\System32\9599spambotz19.dll
[2009/05/09 08:47:49 | 000,005,491 | ---- | C] () -- C:\Windows\System32\4695hacktool2cz5.dll
[2009/05/07 06:08:43 | 000,010,456 | ---- | C] () -- C:\Windows\System32\z9635worm90c.dll
[2009/04/17 16:46:33 | 000,014,697 | ---- | C] () -- C:\Windows\cb7bac5doo92z46.dll
[2009/04/17 16:46:33 | 000,011,089 | ---- | C] () -- C:\Windows\z66e5hrea929511.dll
[2009/04/17 16:46:31 | 000,009,369 | ---- | C] () -- C:\Windows\6febbackdo5r10z39.dll
[2009/04/17 16:46:31 | 000,008,120 | ---- | C] () -- C:\Windows\6aa1th59f122z.dll
[2009/04/17 16:46:30 | 000,017,748 | ---- | C] () -- C:\Windows\4a99ste5z1120.dll
[2009/04/17 16:46:30 | 000,016,569 | ---- | C] () -- C:\Windows\56zfa9dware1504.dll
[2009/04/17 16:46:30 | 000,010,313 | ---- | C] () -- C:\Windows\5879azdware19385.dll
[2009/04/17 16:46:30 | 000,007,684 | ---- | C] () -- C:\Windows\55fdzhre5926101.dll
[2009/04/17 16:46:30 | 000,003,522 | ---- | C] () -- C:\Windows\5995vir96z.dll
[2009/04/17 16:46:29 | 000,008,800 | ---- | C] () -- C:\Windows\43f5az9ware1250.dll
[2009/04/17 16:46:29 | 000,006,593 | ---- | C] () -- C:\Windows\33b4spywar9z453.dll
[2009/04/17 16:46:29 | 000,004,996 | ---- | C] () -- C:\Windows\335zste9l5090.dll
[2009/04/17 16:46:29 | 000,003,776 | ---- | C] () -- C:\Windows\30995virzs352.dll
[2009/04/17 16:46:28 | 000,017,562 | ---- | C] () -- C:\Windows\16523vi9zs2e5.dll
[2009/04/17 16:46:28 | 000,016,728 | ---- | C] () -- C:\Windows\289359zy678.dll
[2009/04/17 16:46:28 | 000,013,934 | ---- | C] () -- C:\Windows\1795z9orm4af5.dll
[2009/04/17 16:46:28 | 000,013,327 | ---- | C] () -- C:\Windows\1856download9rz113.dll
[2009/04/17 16:46:28 | 000,012,448 | ---- | C] () -- C:\Windows\1z9139or5167.dll
[2009/04/17 16:46:28 | 000,010,957 | ---- | C] () -- C:\Windows\1513z9ambo519a.dll
[2009/04/17 16:46:28 | 000,006,125 | ---- | C] () -- C:\Windows\13777not-a-5iruz299.dll
[2009/04/17 16:46:27 | 000,017,200 | ---- | C] () -- C:\Windows\134cadd9zre495.dll
[2009/04/17 14:52:35 | 000,012,665 | ---- | C] () -- C:\Windows\System32\15520wozmdf9.dll
[2009/04/17 14:52:31 | 000,015,542 | ---- | C] () -- C:\Windows\System32\28e9ad9wa5e1343z.dll
[2009/04/17 14:52:30 | 000,005,121 | ---- | C] () -- C:\Windows\2034tr5z395.dll
[2009/04/17 14:52:27 | 000,002,600 | ---- | C] () -- C:\Windows\8z95pa9bot145.dll
[2009/04/17 14:52:17 | 000,002,789 | ---- | C] () -- C:\Windows\System32\30883za9ktoo54ad.dll
[2009/04/17 14:52:10 | 000,011,970 | ---- | C] () -- C:\Windows\32754vir9sz99.dll
[2009/04/17 14:52:08 | 000,010,917 | ---- | C] () -- C:\Windows\System32\545azdwa9e2085.dll
[2009/04/17 14:52:07 | 000,008,127 | ---- | C] () -- C:\Windows\System32\98csp5rse2425z.dll
[2009/04/17 14:52:02 | 000,016,209 | ---- | C] () -- C:\Windows\26957hacktz5l4c8.dll
[2009/04/17 14:52:02 | 000,008,781 | ---- | C] () -- C:\Windows\7az0spar5e9022.dll
[2009/04/17 14:52:02 | 000,004,339 | ---- | C] () -- C:\Windows\System32\21b6th59at1816z.dll
[2009/04/17 14:52:02 | 000,004,197 | ---- | C] () -- C:\Windows\System32\667fzac5door4449.dll
[2009/04/17 14:51:54 | 000,003,714 | ---- | C] () -- C:\Windows\System32\4bb7spyw9re1z515.dll
[2009/04/17 14:51:52 | 000,010,013 | ---- | C] () -- C:\Windows\System32\46a4thi5z30759.dll
[2009/04/17 14:51:49 | 000,012,006 | ---- | C] () -- C:\Windows\System32\935fviz529.dll
[2009/04/17 14:51:29 | 000,016,019 | ---- | C] () -- C:\Windows\dz1thief23569.dll
[2009/04/17 14:51:28 | 000,005,551 | ---- | C] () -- C:\Windows\9989t5oj42dz.dll
[2009/02/11 17:45:02 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/01/12 06:08:17 | 000,009,774 | ---- | C] () -- C:\Windows\30dzdownload5r9243.dll
[2009/01/09 06:41:06 | 000,007,212 | ---- | C] () -- C:\Windows\System32\126bdownlzade95560.dll
[2008/12/17 20:32:38 | 000,014,702 | ---- | C] () -- C:\Windows\System32\30z719p5mbot192.dll
[2008/12/11 00:36:49 | 000,009,305 | ---- | C] () -- C:\Windows\bb95hiefz529.dll
[2008/11/28 20:44:31 | 000,014,851 | ---- | C] () -- C:\Windows\d775ownlzader1519.dll
[2008/11/25 10:19:20 | 000,004,253 | ---- | C] () -- C:\Windows\System32\1053zworm9d55.dll
[2008/11/18 09:17:28 | 000,013,808 | ---- | C] () -- C:\Windows\System32\7859thzeat5871.dll
[2008/11/15 11:49:54 | 000,017,596 | ---- | C] () -- C:\Windows\3z095troj3d8.dll
[2008/11/13 07:52:34 | 000,015,614 | ---- | C] () -- C:\Windows\3ez9thie5731.dll
[2008/10/19 22:02:31 | 000,009,585 | ---- | C] () -- C:\Windows\System32\596downlzader976.dll
[2008/10/16 21:07:45 | 000,007,270 | ---- | C] () -- C:\Windows\1z112vi5us5d9.dll
[2008/10/12 09:29:15 | 000,005,486 | ---- | C] () -- C:\Windows\System32\23564wo9m57fz.dll
[2008/10/06 11:56:15 | 000,008,682 | ---- | C] () -- C:\Windows\15659virzs717.dll
[2008/09/27 17:22:04 | 000,002,758 | ---- | C] () -- C:\Windows\System32\77dzdownloa59r2877.dll
[2008/09/20 21:50:53 | 000,004,844 | ---- | C] () -- C:\Windows\4e5t9iefz032.dll
[2008/09/17 02:51:15 | 000,018,060 | ---- | C] () -- C:\Windows\6597sparse57z.dll
[2008/09/08 20:40:52 | 000,043,008 | ---- | C] () -- C:\Users\Chantal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/08 13:31:34 | 000,013,119 | ---- | C] () -- C:\Users\Chantal\AppData\Roaming\nvModes.dat
[2008/09/08 13:31:34 | 000,013,119 | ---- | C] () -- C:\Users\Chantal\AppData\Roaming\nvModes.001
[2008/09/08 13:13:35 | 000,000,000 | ---- | C] () -- C:\Users\Chantal\AppData\Local\QSwitch.txt
[2008/09/08 13:13:35 | 000,000,000 | ---- | C] () -- C:\Users\Chantal\AppData\Local\DSwitch.txt
[2008/09/08 13:13:35 | 000,000,000 | ---- | C] () -- C:\Users\Chantal\AppData\Local\AtStart.txt
[2008/09/03 03:47:58 | 000,008,319 | ---- | C] () -- C:\Windows\System32\7z59t9rea519143.dll
[2008/08/10 11:31:39 | 000,018,121 | ---- | C] () -- C:\Windows\System32\30397wzrm99b5.dll
[2008/07/27 22:13:40 | 000,011,414 | ---- | C] () -- C:\Windows\System32\9746sz5al415.dll
[2008/07/24 08:56:02 | 000,008,929 | ---- | C] () -- C:\Windows\3a8ct5rzat9899.dll
[2008/07/06 12:00:18 | 000,015,704 | ---- | C] () -- C:\Windows\24956wozm54b.dll
[2008/06/27 17:38:12 | 000,013,053 | ---- | C] () -- C:\Windows\System32\7z68addware2594.dll
[2008/06/26 10:37:41 | 000,006,519 | ---- | C] () -- C:\Windows\System32\15975spy439z.dll
[2008/06/24 20:30:26 | 000,007,742 | ---- | C] () -- C:\Windows\System32\6982s9zw5re1186.dll
[2008/06/20 21:04:52 | 000,010,758 | ---- | C] () -- C:\Windows\11955not-a-virus960z.dll
[2008/06/20 03:41:54 | 000,009,444 | ---- | C] () -- C:\Windows\48c2backdz9r5541.dll
[2008/06/18 07:58:39 | 000,015,730 | ---- | C] () -- C:\Windows\System32\28z3ad9w5re1949.dll
[2008/06/11 04:59:49 | 000,014,096 | ---- | C] () -- C:\Windows\System32\585759zj1e2.dll
[2008/06/05 00:32:59 | 000,014,319 | ---- | C] () -- C:\Windows\System32\598f5zyware22149.dll
[2008/05/20 14:34:11 | 000,013,362 | ---- | C] () -- C:\Windows\980abaczdoor21745.dll
[2008/05/18 06:55:06 | 000,009,228 | ---- | C] () -- C:\Windows\System32\5554thie9267z.dll
[2008/05/14 18:50:51 | 000,011,093 | ---- | C] () -- C:\Windows\9d80addware56z.dll
[2008/05/09 13:49:45 | 000,006,652 | ---- | C] () -- C:\Windows\76309pyzf5.dll
[2008/04/28 07:58:02 | 000,017,561 | ---- | C] () -- C:\Windows\System32\58991zpambot210.dll
[2008/04/23 19:35:13 | 000,005,277 | ---- | C] () -- C:\Windows\System32\1dzbspyw9re1953.dll
[2008/04/23 10:54:16 | 000,018,093 | ---- | C] () -- C:\Windows\System32\15696virzs49d.dll
[2008/04/16 03:08:34 | 000,012,289 | ---- | C] () -- C:\Windows\System32\21894vzru54a9.dll
[2008/03/24 08:30:22 | 000,003,008 | ---- | C] () -- C:\Windows\System32\1581stea9z595.dll
[2008/03/19 08:25:47 | 000,010,715 | ---- | C] () -- C:\Windows\4309stza52980.dll
[2008/03/16 05:58:23 | 000,010,810 | ---- | C] () -- C:\Windows\18edaz9ware16045.dll
[2008/03/12 18:34:37 | 000,010,682 | ---- | C] () -- C:\Windows\System32\3190s5zr9e2548.dll
[2008/03/11 06:05:37 | 000,014,815 | ---- | C] () -- C:\Windows\26z1spyw9re586.dll
[2008/03/08 10:13:28 | 000,007,854 | ---- | C] () -- C:\Windows\5d9fstezl2225.dll
[2008/03/04 03:58:14 | 000,007,720 | ---- | C] () -- C:\Windows\System32\27805spambotz869.dll
[2008/02/28 19:57:21 | 000,011,908 | ---- | C] () -- C:\Windows\System32\2cf1s9zal4275.dll
[2008/02/25 13:55:12 | 000,003,839 | ---- | C] () -- C:\Windows\2292spzw5re1101.dll
[2008/02/21 04:40:26 | 000,012,688 | ---- | C] () -- C:\Windows\System32\675c9parse2617z.dll
[2008/02/18 13:02:56 | 000,005,040 | ---- | C] () -- C:\Windows\2956ztro5156.dll
[2008/02/17 14:20:05 | 000,012,372 | ---- | C] () -- C:\Windows\30f9thie53z.dll
[2008/02/17 13:59:12 | 000,008,788 | ---- | C] () -- C:\Windows\System32\1z528vir9s229.dll
[2008/02/11 01:36:21 | 000,007,725 | ---- | C] () -- C:\Windows\System32\54z01sp91b3.dll
[2008/02/09 06:04:27 | 000,013,633 | ---- | C] () -- C:\Windows\29850vzru569c.dll
[2008/02/04 15:25:08 | 000,013,621 | ---- | C] () -- C:\Windows\System32\3dz5v9r697.dll
[2008/02/02 21:10:24 | 000,004,145 | ---- | C] () -- C:\Windows\System32\45409hreat221z4.dll
[2008/01/12 00:05:20 | 000,014,102 | ---- | C] () -- C:\Windows\System32\22849viru9z59.dll
[2008/01/10 10:31:47 | 000,006,402 | ---- | C] () -- C:\Windows\62d3thz95628.dll
[2008/01/09 15:45:20 | 000,006,559 | ---- | C] () -- C:\Windows\z018n95-a-virus781.dll
[2007/05/04 15:45:22 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 09:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/19 15:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 21:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 09:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 08:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtmsft.dll
[2009/03/08 08:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtrans.dll
[2006/11/02 06:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2008/09/09 22:27:43 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 07:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2006/11/02 07:34:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2006/11/02 07:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 07:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 07:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 04:09:42 | 000,009,029 | ---- | M] () -- C:\WINDOWS\System32\ANSI.SYS
[2008/09/09 22:28:39 | 000,224,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clfs.sys
[2006/11/02 04:09:45 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\country.sys
[2006/11/02 04:09:41 | 000,004,768 | ---- | M] () -- C:\WINDOWS\System32\HIMEM.SYS
[2006/11/02 04:09:44 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\KEY01.SYS
[2006/11/02 04:09:44 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\KEYBOARD.SYS
[2006/11/02 04:09:29 | 000,027,866 | ---- | M] () -- C:\WINDOWS\System32\NTDOS.SYS
[2006/11/02 04:09:35 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\NTDOS404.SYS
[2006/11/02 04:09:38 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\NTDOS411.SYS
[2006/11/02 04:09:40 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\NTDOS412.SYS
[2006/11/02 04:09:31 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\NTDOS804.SYS
[2006/11/02 04:09:20 | 000,033,952 | ---- | M] () -- C:\WINDOWS\System32\NTIO.SYS
[2006/11/02 04:09:23 | 000,034,672 | ---- | M] () -- C:\WINDOWS\System32\NTIO404.SYS
[2006/11/02 04:09:24 | 000,035,776 | ---- | M] () -- C:\WINDOWS\System32\NTIO411.SYS
[2006/11/02 04:09:26 | 000,035,536 | ---- | M] () -- C:\WINDOWS\System32\NTIO412.SYS
[2006/11/02 04:09:22 | 000,034,672 | ---- | M] () -- C:\WINDOWS\System32\NTIO804.SYS
[2009/08/14 11:01:34 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2006/08/05 06:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2009/04/19 17:39:33 | 000,002,396 | ---- | M] () -- C:\aaw7boot.log
[2007/05/04 15:59:36 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 06:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2009/02/09 17:57:37 | 000,012,507 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 18:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/02/16 18:18:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/16 18:18:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/09 16:15:49 | 2392,850,432 | -HS- | M] () -- C:\pagefile.sys
[2009/01/22 13:23:29 | 000,069,516 | ---- | M] () -- C:\playground.log
[2009/03/11 22:31:55 | 001,265,421 | ---- | M] () -- C:\saida.txt
[2007/05/04 16:23:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/05/04 16:23:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

< %PROGRAMFILES%\*. >
[2009/05/05 22:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter
[2007/05/04 15:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2009/09/13 17:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/25 01:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\Apowersoft
[2010/01/24 21:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/01/22 21:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/09/26 14:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009/03/15 16:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\BitLord
[2010/06/17 07:46:38 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/06/03 11:58:29 | 000,000,000 | ---D | M] -- C:\Program Files\Can You See What I See
[2010/08/26 23:01:07 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/01/31 20:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2007/05/04 14:55:34 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/07/24 00:31:59 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2010/01/31 21:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/02/25 00:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2010/02/24 13:26:37 | 000,000,000 | ---D | M] -- C:\Program Files\FDRLab
[2009/06/05 14:46:29 | 000,000,000 | ---D | M] -- C:\Program Files\Games
[2007/05/04 16:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007/05/04 16:03:36 | 000,000,000 | ---D | M] -- C:\Program Files\Hp
[2007/05/04 15:55:26 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2007/05/04 16:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2010/07/24 22:29:28 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/02 21:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/24 00:06:52 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/07/24 00:08:42 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/02/09 23:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/01/31 20:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Jaybob's_Movies
[2009/07/28 09:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\Last.fm
[2008/09/08 14:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/10/06 17:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 09:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/01/24 22:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/17 07:28:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/06/15 13:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/11/08 04:05:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/05/04 15:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/20 15:01:56 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/06/03 11:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 09:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/04/20 19:13:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/09/08 14:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/13 20:43:15 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars.NET
[2010/05/06 22:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/05/04 16:03:22 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/11/02 09:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/12/26 22:31:00 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2009/02/08 23:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/04/19 14:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\Sandboxie
[2010/08/26 23:01:25 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/08/06 08:37:12 | 000,000,000 | ---D | M] -- C:\Program Files\Soulseek
[2007/05/04 14:53:36 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/07/24 00:32:19 | 000,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2010/07/24 22:52:01 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2006/11/02 10:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/02/09 17:57:53 | 000,000,000 | ---D | M] -- C:\Program Files\Vongo
[2009/06/02 22:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\Wandering Willows
[2008/09/08 15:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2006/11/02 09:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/09/08 15:32:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2006/11/02 09:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/10/06 17:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/04/20 19:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/04/23 15:00:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/29 03:02:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 09:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/11/02 09:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/09/08 15:32:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/08/12 08:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/02/24 13:27:01 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid

nathaliedaigle
Novice
Novice

Status :
Online
Offline

Posts Posts : 35
Joined Joined : 2010-07-22
OS : windows vista

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by nathaliedaigle on Thu Sep 09, 2010 10:28 pm


< %appdata%\*.* >
[2009/12/26 22:33:00 | 000,000,004 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\E2433E
[2009/12/26 22:33:00 | 000,870,128 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\mcs.rma
[2010/09/09 16:18:39 | 000,013,119 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\nvModes.001
[2010/09/08 20:18:19 | 000,013,119 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\nvModes.dat
[2010/08/30 17:06:42 | 000,001,102 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/19 04:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2007/05/04 16:07:05 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/05/04 16:07:05 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/05/04 16:07:05 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 06:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006/11/02 06:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 04:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 06:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/09/08 14:36:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/09/08 14:36:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/09/08 14:36:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/09/08 14:36:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 06:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2008/01/19 04:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 06:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\WINDOWS\System32\drivers\disk.sys
[2006/11/02 06:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\WINDOWS\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 04:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 06:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006/11/02 06:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 06:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\System32\netlogon.dll
[2006/11/02 06:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 04:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 06:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006/11/02 06:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 04:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2006/12/22 18:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\SwSetup\Chipset\WinVista32\IDE\WinVista\sata_ide\nvstor32.sys
[2006/12/22 18:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\WINDOWS\System32\drivers\nvstor32.sys
[2006/12/22 18:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvstor32.inf_07a99397\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 04:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 06:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\System32\scecli.dll
[2006/11/02 06:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/09/08 14:41:40 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2008/09/08 14:41:40 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\WINDOWS\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2008/09/08 14:41:40 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\WINDOWS\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2008/09/08 14:41:40 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\WINDOWS\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/19 02:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2006/11/02 05:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\WINDOWS\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-07 15:52:06

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:D02FBAEC
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:65241CBC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:33384BC0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D7D575C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BDC42529
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3A6BC948
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:60A4BB64
< End of report >

nathaliedaigle
Novice
Novice

Status :
Online
Offline

Posts Posts : 35
Joined Joined : 2010-07-22
OS : windows vista

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by nathaliedaigle on Thu Sep 09, 2010 10:29 pm

OTL Extras logfile created on: 09/09/2010 4:38:18 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Chantal\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.96 Gb Total Space | 65.77 Gb Free Space | 46.66% Space Free | Partition Type: NTFS
Drive D: | 8.09 Gb Total Space | 1.79 Gb Free Space | 22.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHANTAL-PC
Current User Name: Chantal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2653ECE8-3DEB-4AD6-BBE8-61641858E1DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6881F31D-FABD-4535-A82E-CA1C1593D5AC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7FC58263-3EA7-472F-8E1D-D8456013650F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{844B042D-BAF5-4E9E-AC60-417ADF632552}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B090477F-5298-41C2-97B0-1B877DDC9BAB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C952AFF8-EBA5-46AD-A200-94B101C51DB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D11FC440-20F5-44E2-9E5B-56EF6074E0A8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B4D264-41B2-4F74-A852-A7A83B4EAF76}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{07D52546-E287-4B0E-8188-00EA361338AE}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{10DC4676-8AF9-4650-AF9D-DDD34CDAC6DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2BEE9306-5009-4070-B7B8-AF4251DDDCDF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4696A7FD-4491-4E93-86B0-36249B2CE057}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{83F15880-0966-4C2C-B3F7-3633797CC2FB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{87C94487-23F3-493A-9A4D-3FDDE921FAF5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8D0B122D-F95B-4B2C-926E-CF1D2A300F32}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{9321B1B1-4A32-411E-849C-49414E07309B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A8BFA2E1-296F-416C-9D20-4405A2A3A507}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{BE668732-025E-49C9-8F51-EC59057378CB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C981B873-2D1D-4FF7-AE95-5B50B9E5930B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{E2866146-CB8E-4376-B8F3-05C49F74D3F1}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{EC4428E0-2A13-4E88-B9E5-535C734370FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F16D1274-7208-452D-8817-1565EEBC5959}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"TCP Query User{2C7161CC-0844-4D55-B29B-89C846F1D5A0}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{B23315C9-F7F7-4F7A-9473-4647D992E354}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{C7D54AB1-6A71-45A4-AEA6-E873335F72BC}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{CAD69A12-7E54-434F-AD24-4795747C0122}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{82ED979B-22A0-433D-A5BB-402B01F9180B}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{D59E9C84-39DB-4C1B-AD57-A0F6604014BB}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{D83D0F7C-EFDF-49B7-86BE-C54F5E6721D0}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{FE3E7C83-59C0-4898-99C2-D7C77768AF54}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B322F4F-F403-4975-AB54-530459472148}" = Skype Toolbars
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{39523EA4-F914-4447-A551-2513766095F5}" = ESU for Microsoft Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA044B0-A5E4-428E-8731-63BD5DD4FDB2}" = CSI
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V2.4.1
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI-Dark Motives
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{48A25E19-D9AE-4BBE-9411-6F4C5D328B39}" = Skype™ Beta 5.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}" = Vongo
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0F97FBF-9F98-4522-B65D-8980FE38C726}" = HP User Guide 0042
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Art Detective1.10" = Art Detective
"AVG8Uninstall" = AVG 8.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BitLord" = BitLord 1.1
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Hidden in Time - Mirror Mirror 1.00" = Hidden in Time - Mirror Mirror 1.00
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Jaybob's_Movies Toolbar" = Jaybob's_Movies Toolbar
"LastFM_is1" = Last.fm 1.5.4.24567
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"NVIDIA Drivers" = NVIDIA Drivers
"PROR" = Microsoft Office Professional 2007
"Rhapsody" = Rhapsody
"save2pc_is1" = save2pc 4.03
"Soulseek" = SoulSeek Client 156c
"STANDARDR" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Wandering Willows1.0.250" = Wandering Willows
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/03/2009 8:09:05 AM | Computer Name = Chantal-PC | Source = vmauthd | ID = 100
Description =

Error - 31/03/2009 11:56:41 AM | Computer Name = Chantal-PC | Source = vmauthd | ID = 100
Description =

Error - 31/03/2009 8:17:39 PM | Computer Name = Chantal-PC | Source = vmauthd | ID = 100
Description =

Error - 31/03/2009 10:39:08 PM | Computer Name = Chantal-PC | Source = Application Hang | ID = 1002
Description = The program vmplayer.exe version 6.0.2658.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1768 Start Time: 01c9b25f405ab6ca Termination Time: 15

Error - 01/04/2009 7:38:05 AM | Computer Name = Chantal-PC | Source = vmauthd | ID = 100
Description =

Error - 01/04/2009 4:01:44 PM | Computer Name = Chantal-PC | Source = vmauthd | ID = 100
Description =

Error - 01/04/2009 4:48:37 PM | Computer Name = Chantal-PC | Source = Application Hang | ID = 1002
Description = The program vmplayer.exe version 6.0.2658.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c4c Start Time: 01c9b304aa322cf0 Termination Time: 17

Error - 01/04/2009 8:24:16 PM | Computer Name = Chantal-PC | Source = vmauthd | ID = 100
Description =

Error - 02/04/2009 8:25:14 AM | Computer Name = Chantal-PC | Source = vmauthd | ID = 100
Description =

Error - 02/04/2009 9:22:11 AM | Computer Name = Chantal-PC | Source = Application Hang | ID = 1002
Description = The program vmplayer.exe version 6.0.2658.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 152c Start Time: 01c9b38e0fb833c7 Termination Time: 20

[ Media Center Events ]
Error - 23/12/2008 8:33:39 PM | Computer Name = Chantal-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 29/04/2009 5:29:53 PM | Computer Name = Chantal-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 28/05/2009 5:36:08 PM | Computer Name = Chantal-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 07/06/2009 9:39:20 PM | Computer Name = Chantal-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 08/09/2010 11:59:46 AM | Computer Name = Chantal-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
3, function 0. Please contact your system vendor for technical assistance.

Error - 08/09/2010 12:01:46 PM | Computer Name = Chantal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08/09/2010 12:02:42 PM | Computer Name = Chantal-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 08/09/2010 12:02:42 PM | Computer Name = Chantal-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 09/09/2010 1:20:42 PM | Computer Name = Chantal-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:04:18 AM on 09/09/2010 was unexpected.

Error - 09/09/2010 1:22:07 PM | Computer Name = Chantal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/09/2010 1:23:05 PM | Computer Name = Chantal-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 09/09/2010 1:23:06 PM | Computer Name = Chantal-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 09/09/2010 3:16:08 PM | Computer Name = Chantal-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:14:31 PM on 09/09/2010 was unexpected.

Error - 09/09/2010 3:20:44 PM | Computer Name = Chantal-PC | Source = DCOM | ID = 10010
Description =


< End of report >

nathaliedaigle
Novice
Novice

Status :
Online
Offline

Posts Posts : 35
Joined Joined : 2010-07-22
OS : windows vista

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by Belahzur on Thu Sep 09, 2010 11:31 pm

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by nathaliedaigle on Fri Sep 10, 2010 12:38 am

ComboFix 10-09-09.03 - Chantal 09/09/2010 20:59:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.1982.1085 [GMT -3:00]
Running from: c:\users\Chantal\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Chantal\AppData\Roaming\4A846979E7A4D5AC33D22D3195D3E3EA
c:\users\Chantal\AppData\Roaming\4A846979E7A4D5AC33D22D3195D3E3EA\enemies-names.txt
c:\users\Chantal\AppData\Roaming\4A846979E7A4D5AC33D22D3195D3E3EA\local.ini
c:\users\Chantal\AppData\Roaming\4A846979E7A4D5AC33D22D3195D3E3EA\lsrslt.ini
c:\users\Chantal\AppData\Roaming\4A846979E7A4D5AC33D22D3195D3E3EA\mediafix70700en02.exe
c:\users\Chantal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\users\Chantal\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\Chantal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Chantal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Chantal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\Chantal\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
c:\windows\10505v9rus29fz.ocx
c:\windows\1112zspa59ot7bc.ocx
c:\windows\1140zwo9m1fa5.bin
c:\windows\11955not-a-virus960z.dll
c:\windows\12b5zackdoo9413.cpl
c:\windows\12be95rezt27633.bin
c:\windows\13350szy593.ocx
c:\windows\134cadd9zre495.dll
c:\windows\13555not-a-v9rus53z.ocx
c:\windows\13777not-a-5iruz299.dll
c:\windows\1383bazk5oor6509.exe
c:\windows\13926nzt-a-virus5fe.bin
c:\windows\139z95rm4a1.cpl
c:\windows\14119notza-59rus322.cpl
c:\windows\145z5no95a-virus43c.bin
c:\windows\14795spamzo92b2.ocx
c:\windows\14c7addza5e9949.exe
c:\windows\15030ha5ktool9zc.bin
c:\windows\1513z9ambo519a.dll
c:\windows\153spywar92z37.ocx
c:\windows\15659virzs717.dll
c:\windows\15689spambo554z.cpl
c:\windows\15793spzmbo549f.cpl
c:\windows\15z4spars51976.ocx
c:\windows\16355hacktozl59d.ocx
c:\windows\16508t9ojcaz.cpl
c:\windows\16523vi9zs2e5.dll
c:\windows\16778ziru5391.exe
c:\windows\1693thizf3559.exe
c:\windows\1698zvirus7e5.cpl
c:\windows\16z53virus47a9.bin
c:\windows\1732hackto5l99z.ocx
c:\windows\1759zir2528.cpl
c:\windows\1795z9orm4af5.dll
c:\windows\1856download9rz113.dll
c:\windows\18823n5t-a-vizus9ad.bin
c:\windows\18905pamzot1b9.exe
c:\windows\1895thzef2526.cpl
c:\windows\18edaz9ware16045.dll
c:\windows\1904addwaze915.exe
c:\windows\1936tro5z65.cpl
c:\windows\19479hackz5o92f0.exe
c:\windows\19503hackzoo5267.ocx
c:\windows\19564hacktoo57z9.ocx
c:\windows\1984hack5zol1b5.exe
c:\windows\1ad59ac5door2786z.cpl
c:\windows\1bdz9ackdoor5172.ocx
c:\windows\1e6fbaczdoo9551.exe
c:\windows\1f51b9ckdoor385z.cpl
c:\windows\1f98dow9loa5zr66.bin
c:\windows\1f99thi5z2491.exe
c:\windows\1f99vi545z.bin
c:\windows\1z008wo5m7b9.exe
c:\windows\1z112vi5us5d9.dll
c:\windows\1z344t9oj64f5.cpl
c:\windows\1z579hackt5ol159.bin
c:\windows\1z589spambot70b9.bin
c:\windows\1z9139or5167.dll
c:\windows\1z939spy59a.bin
c:\windows\1zabt9reat53105.ocx
c:\windows\1zb5spyware1696.bin
c:\windows\1zd3backdoor29935.cpl
c:\windows\20289spazb5t43e.cpl
c:\windows\2034tr5z395.dll
c:\windows\20792s95zbot775.cpl
c:\windows\20977vi5zs29e.bin
c:\windows\21753not-a-9zrus3cb.exe
c:\windows\2191095yz09.cpl
c:\windows\2216vz53985.cpl
c:\windows\22526vz9us255.bin
c:\windows\2292spzw5re1101.dll
c:\windows\22z5vir1739.exe
c:\windows\23877sp5zbot292.cpl
c:\windows\23947vi5zs79a.exe
c:\windows\24956wozm54b.dll
c:\windows\24z345orm909.cpl
c:\windows\252945pzmbot293.ocx
c:\windows\25394notza-virus65a.cpl
c:\windows\258789ot-a-vir5s393z.ocx
c:\windows\25919troj345z.ocx
c:\windows\259299ot-a-zirus5ef.bin
c:\windows\25e8thrz9t16125.exe
c:\windows\262z75ot-a-vi9us461.ocx
c:\windows\26957hacktz5l4c8.dll
c:\windows\26z1spyw9re586.dll
c:\windows\2701z5py79c.ocx
c:\windows\273919pazbot645.cpl
c:\windows\275485i9us3z.cpl
c:\windows\276zorm955.bin
c:\windows\27z91spy5a6.cpl
c:\windows\286549pamb5t9fz.cpl
c:\windows\289359zy678.dll
c:\windows\28993troz3c15.bin
c:\windows\29253sp9zbot4bc.ocx
c:\windows\292z3hack5o9lb5.cpl
c:\windows\29455zorm665.bin
c:\windows\29543viruz5e65.ocx
c:\windows\2956ztro5156.dll
c:\windows\29850vzru569c.dll
c:\windows\2a5ado9zloader3217.bin
c:\windows\2b24thrz9t93105.bin
c:\windows\2ca69zck5oor2190.ocx
c:\windows\2f05spy9zre1355.ocx
c:\windows\2f3cd9wnloa5erz108.ocx
c:\windows\2z014ha5kto9l73c.ocx
c:\windows\2z333tr5j59e.ocx
c:\windows\2z685worm9c.cpl
c:\windows\2z905not-a-vir5sf8.exe
c:\windows\2z9579o5m52d.bin
c:\windows\302ethz952582.ocx
c:\windows\30517no9-a-vzrus58.bin
c:\windows\30925spy5aaz.bin
c:\windows\3095zspa5bot4ed9.cpl
c:\windows\30995virzs352.dll
c:\windows\30dzdownload5r9243.dll
c:\windows\30f9thie53z.dll
c:\windows\31156hac5tooz907.cpl
c:\windows\3116zw5rm7289.cpl
c:\windows\31f25hzea92453.ocx
c:\windows\321zvirus295.cpl
c:\windows\32754vir9sz99.dll
c:\windows\327tr5j980z.bin
c:\windows\32b6spazse5279.ocx
c:\windows\33205ir9s6zd.exe
c:\windows\3355zownloader1359.cpl
c:\windows\335zste9l5090.dll
c:\windows\33b4spywar9z453.dll
c:\windows\3526zhreat93150.exe
c:\windows\3599thief1779z.ocx
c:\windows\35d0szeal29189.ocx
c:\windows\35edthrezt194905.cpl
c:\windows\369aback5oor230z.ocx
c:\windows\37e0spyz5re3198.cpl
c:\windows\3929sz53c3.cpl
c:\windows\393859r16z8.bin
c:\windows\3949backzoo51260.bin
c:\windows\39e2t5ief6z7.ocx
c:\windows\3a8ct5rzat9899.dll
c:\windows\3b81downlo9dez24785.ocx
c:\windows\3bzdsp5r9e3144.bin
c:\windows\3d95downlzad5r2960.ocx
c:\windows\3ez9thie5731.dll
c:\windows\3f2as5yw9re2z87.ocx
c:\windows\3z095troj3d8.dll
c:\windows\3z409t9o5ca.bin
c:\windows\3z51vir2119.cpl
c:\windows\3z75s5eal2394.ocx
c:\windows\3z774sp9653.ocx
c:\windows\3z929ot-a-virus295.bin
c:\windows\40z9threat91595.ocx
c:\windows\4144szy295.ocx
c:\windows\4309stza52980.dll
c:\windows\4344spar95z784.exe
c:\windows\43f5az9ware1250.dll
c:\windows\4417do9zloader1995.ocx
c:\windows\449noz5a-virus168.exe
c:\windows\4513s5eal1496z.bin
c:\windows\45975irusz2a.bin
c:\windows\45d6th9efz017.cpl
c:\windows\4645haczto5l5b9.ocx
c:\windows\4765downloz9er27905.exe
c:\windows\48c2backdz9r5541.dll
c:\windows\4931tzoj4cc5.bin
c:\windows\495dvzr494.bin
c:\windows\4a99ste5z1120.dll
c:\windows\4b56zir9916.cpl
c:\windows\4d15downloa5ez1902.cpl
c:\windows\4d15s9arse273z.exe
c:\windows\4d8e95zal2943.exe
c:\windows\4dcaspyzare2951.cpl
c:\windows\4e5t9iefz032.dll
c:\windows\4efbac9do5rz25.cpl
c:\windows\4z789ot-5-virus655.ocx
c:\windows\4z8cspy5a9e83.ocx
c:\windows\503zs9e5l2521.cpl
c:\windows\50529izus59b.bin
c:\windows\50a6vir1z569.cpl
c:\windows\50esparsz2893.bin
c:\windows\50z77wo9m6c7.ocx
c:\windows\516c59iefz215.bin
c:\windows\51830hazkto9l769.bin
c:\windows\51casparse962z.exe
c:\windows\5219adzwa5e51.ocx
c:\windows\52z55hreat93603.cpl
c:\windows\5326viz9s25f.exe
c:\windows\532d5zeal1096.bin
c:\windows\53464t9oj59bz.cpl
c:\windows\53zbv5977.ocx
c:\windows\543bzpars91446.cpl
c:\windows\555b9ackzoor523.bin
c:\windows\5569down9oader196z.exe
c:\windows\5571spyz9f5.cpl
c:\windows\5571viz2962.bin
c:\windows\5572a5dwarz2009.exe
c:\windows\55a5vzr9929.cpl
c:\windows\55f1zackdoor3179.exe
c:\windows\55fdzhre5926101.dll
c:\windows\569ztro95cf.bin
c:\windows\56zfa9dware1504.dll
c:\windows\5755th9ef2406z.bin
c:\windows\577dspazse55759.ocx
c:\windows\5864sp95z9.cpl
c:\windows\5879azdware19385.dll
c:\windows\591fzh95at25261.ocx
c:\windows\593th5ez924479.ocx
c:\windows\595faddzare9036.exe
c:\windows\5995vir96z.dll
c:\windows\59a7spy59rz1145.exe
c:\windows\5a919zwnloader558.exe
c:\windows\5bfdbzck5oor9922.bin
c:\windows\5bz9addware1555.ocx
c:\windows\5d9fstezl2225.dll
c:\windows\5e75addw5rez900.exe
c:\windows\5fbzaddw9re459.cpl
c:\windows\5zabdownloader954.bin
c:\windows\606zv9rus552.bin
c:\windows\6145t9ief1z.bin
c:\windows\61855teal2z89.exe
c:\windows\6249downlozder1355.bin
c:\windows\6268z9520f.cpl
c:\windows\62d3thz95628.dll
c:\windows\6428threat9z052.exe
c:\windows\6591backdoorz7435.ocx
c:\windows\6597sparse57z.dll
c:\windows\659fszeal9832.exe
c:\windows\6625tzreat22739.exe
c:\windows\6668hacktozl795.bin
c:\windows\6848ha9kzool1055.cpl
c:\windows\6853dow5lozder9506.cpl
c:\windows\68795ir24z5.bin
c:\windows\6896tzie91580.ocx
c:\windows\6a82szyware27549.exe
c:\windows\6aa1th59f122z.dll
c:\windows\6b53sp59are826z.bin
c:\windows\6c59s5ez9477.bin
c:\windows\6d53dow5loz9er2500.ocx
c:\windows\6d59thzeat994.bin
c:\windows\6febbackdo5r10z39.dll
c:\windows\7426stea56z79.cpl
c:\windows\7477downloader2z59.bin
c:\windows\757ethiz960.cpl
c:\windows\7581vzru9661.cpl
c:\windows\76309pyzf5.dll
c:\windows\7675vz91869.ocx
c:\windows\7818t59eat8z92.exe
c:\windows\78205ack9oorz51.ocx
c:\windows\7985thie9700z.exe
c:\windows\79z9sp5292.ocx
c:\windows\79z9v5r9s6de.cpl
c:\windows\7af495arse2z46.ocx
c:\windows\7az0spar5e9022.dll
c:\windows\7c39ste9l645z.exe
c:\windows\7d8cdowzlo9der1528.ocx
c:\windows\7e9zdownloader5468.ocx
c:\windows\7eb5zownloader9628.exe
c:\windows\7eedspyw9re45z.bin
c:\windows\7f96stealz516.ocx
c:\windows\8035z9oj778.exe
c:\windows\8469vi5us6z49.ocx
c:\windows\8696sp5mbot691z.bin
c:\windows\8z93n5t-a-v9rus65c.ocx
c:\windows\8z95pa9bot145.dll
c:\windows\9108vir56z.bin
c:\windows\91546vizus3415.ocx
c:\windows\918cspyw5ze1176.bin
c:\windows\91z5threat28530.ocx
c:\windows\92435wo5m95z.ocx
c:\windows\929aspy5are3243z.exe
c:\windows\9305hacktool11z9.bin
c:\windows\94302zroj25b.bin
c:\windows\9463z5o99a.bin
c:\windows\9500tzoj392.ocx
c:\windows\9519tzoj6a39.exe
c:\windows\95355orm55z9.ocx
c:\windows\95adspyware945z.cpl
c:\windows\96sparse57z8.exe
c:\windows\97299pyz5.exe
c:\windows\9738z5oj1b6.bin
c:\windows\980abaczdoor21745.dll
c:\windows\9836hackt5olz2f.exe
c:\windows\989dzparse572.cpl
c:\windows\9911z5rm5d9.ocx
c:\windows\99459notza-virus7fb5.ocx
c:\windows\99744worz45.exe
c:\windows\9989t5oj42dz.dll
c:\windows\9d80addware56z.dll
c:\windows\9dcc5ackdooz1854.bin
c:\windows\9f2addwaz523399.exe
c:\windows\9z480worm3c85.ocx
c:\windows\9z794not-a-vir5s7e9.bin
c:\windows\a8zsp9rse2885.exe
c:\windows\bb95hiefz529.dll
c:\windows\c5sp9ware215z.ocx
c:\windows\cb7bac5doo92z46.dll
c:\windows\d775ownlzader1519.dll
c:\windows\dz1thief23569.dll
c:\windows\f02thief9454z.cpl
c:\windows\ff55azkdo9r159.cpl
c:\windows\fz1steal5490.ocx
c:\windows\system32\100z9h9ckt5olda.exe
c:\windows\system32\1040trzj4795.ocx
c:\windows\system32\1053zworm9d55.dll
c:\windows\system32\10614sz9mbot5e5.exe
c:\windows\system32\10904tr5z952.bin
c:\windows\system32\10921wor53z5.exe
c:\windows\system32\10976zo5-a-vir9s2ac.ocx
c:\windows\system32\10990spambot6c5z.ocx
c:\windows\system32\1101sp5m9ot64z.cpl
c:\windows\system32\11118vzrus295.cpl
c:\windows\system32\1139vir593cz.exe
c:\windows\system32\11801spz59ot3ad.exe
c:\windows\system32\1190zpambot625.exe
c:\windows\system32\123w9zm45d5.exe
c:\windows\system32\12409wo5m73z.ocx
c:\windows\system32\126bdownlzade95560.dll
c:\windows\system32\12821wo5mz9f.ocx
c:\windows\system32\13495worm3bz.bin
c:\windows\system32\13569aczdoo5415.cpl
c:\windows\system32\135859otza5virus74.cpl
c:\windows\system32\139075or96az.ocx
c:\windows\system32\13z93spam5o93c8.exe
c:\windows\system32\14382sza95ot413.cpl
c:\windows\system32\14656t59j263z.exe
c:\windows\system32\14b3thi95z29.bin
c:\windows\system32\15188hack59oz315.ocx
c:\windows\system32\15399spa5bo961z.cpl
c:\windows\system32\15520wozmdf9.dll
c:\windows\system32\15696virzs49d.dll
c:\windows\system32\1581stea9z595.dll
c:\windows\system32\15975spy439z.dll
c:\windows\system32\15z95spamb9t331.bin
c:\windows\system32\16910spyzb5.exe
c:\windows\system32\172159ot-z-virusb1.ocx
c:\windows\system32\1743thief25z69.exe
c:\windows\system32\18402vzr5s591.cpl
c:\windows\system32\18556zro9589.cpl
c:\windows\system32\18977spamzot15f5.exe
c:\windows\system32\18a9addwarz259.cpl
c:\windows\system32\18z5addware1059.cpl
c:\windows\system32\19018hackt5olz73.ocx
c:\windows\system32\19106spz5f5.bin
c:\windows\system32\19588w9rmz57.ocx
c:\windows\system32\199745roz4ac.ocx
c:\windows\system32\19a5backdooz252.ocx
c:\windows\system32\19e6threatz895.exe
c:\windows\system32\1aedbac5door9z74.ocx
c:\windows\system32\1dzbspyw9re1953.dll
c:\windows\system32\1fa1thz5f59.cpl
c:\windows\system32\1fdspy59re222z.bin
c:\windows\system32\1z528vir9s229.dll
c:\windows\system32\20560h9cztool54.bin
c:\windows\system32\205989ot-z-virusaa.cpl
c:\windows\system32\20616s5azbot249.bin
c:\windows\system32\20799troj9b5z.bin
c:\windows\system32\21295zpy51d.ocx
c:\windows\system32\21550not-a-z5rus1d9.bin
c:\windows\system32\2156ste9l195z5.exe
c:\windows\system32\21894vzru54a9.dll
c:\windows\system32\21a5s9ea5116z.ocx
c:\windows\system32\21b6th59at1816z.dll
c:\windows\system32\22094spz565.cpl
c:\windows\system32\22245not-azvirus6fc9.bin
c:\windows\system32\2250zworm95f.exe
c:\windows\system32\22559not-a-zirus1e9.exe
c:\windows\system32\22559spzmbot61e.cpl
c:\windows\system32\22849viru9z59.dll
c:\windows\system32\23564wo9m57fz.dll
c:\windows\system32\24018haz5tool59f.dll
c:\windows\system32\24973spy5bcz.cpl
c:\windows\system32\24fdthz5f1859.bin
c:\windows\system32\24z45spambot9c6.cpl
c:\windows\system32\25139wo5mzbe.exe
c:\windows\system32\25416nz5-a-virus6cc9.dll
c:\windows\system32\2556zw9rm5f0.bin
c:\windows\system32\255hacktzol659.bin
c:\windows\system32\25650t9zj7c6.bin
c:\windows\system32\2571z9roj594.bin
c:\windows\system32\25927hacktool49z.exe
c:\windows\system32\25928not-a-virzs54.ocx
c:\windows\system32\25945pzrse908.bin
c:\windows\system32\2595zworm128.ocx
c:\windows\system32\259z5worm977.ocx
c:\windows\system32\25z599roj455.cpl
c:\windows\system32\25z91vi59s75c.ocx
c:\windows\system32\26230spa95ot52z.exe
c:\windows\system32\26437spazbot49b5.bin
c:\windows\system32\267z9troj54d9.exe
c:\windows\system32\26878z5rus392.bin
c:\windows\system32\26955not-a-vzrus4ab.cpl
c:\windows\system32\2761tzoj7589.ocx
c:\windows\system32\27636spambo97dz5.ocx
c:\windows\system32\2773sparse983z5.exe
c:\windows\system32\277z3wo953b7.bin
c:\windows\system32\27805spambotz869.dll
c:\windows\system32\27z8vir2595.bin
c:\windows\system32\28124n9t-a-virz565b.ocx
c:\windows\system32\28656t5zjbc9.ocx
c:\windows\system32\28989hackt5zl50d.bin
c:\windows\system32\28e9ad9wa5e1343z.dll
c:\windows\system32\28z3ad9w5re1949.dll
c:\windows\system32\28z5859rus281.cpl
c:\windows\system32\29337sp9m5ot6caz.ocx
c:\windows\system32\29522spz425.cpl
c:\windows\system32\295cthrz5t8499.bin
c:\windows\system32\296z5t5oj445.exe
c:\windows\system32\29962wor578dz.dll
c:\windows\system32\299notza-vir5s367.ocx
c:\windows\system32\29addownl9a5er2975z.ocx
c:\windows\system32\2b12addw9r52z07.exe
c:\windows\system32\2b459ackdoor18z8.cpl
c:\windows\system32\2c275zr1796.cpl
c:\windows\system32\2cf1s9zal4275.dll
c:\windows\system32\2de95ir1700z.cpl
c:\windows\system32\2f45t95ef2z66.bin
c:\windows\system32\2z334vir5s7fa9.cpl
c:\windows\system32\2z5fstea93115.exe
c:\windows\system32\2z794hacktool452.cpl
c:\windows\system32\2z905spy45a9.cpl
c:\windows\system32\30397wzrm99b5.dll
c:\windows\system32\30883za9ktoo54ad.dll
c:\windows\system32\30z719p5mbot192.dll
c:\windows\system32\3155acktooz94a.cpl
c:\windows\system32\3172ztro955.exe
c:\windows\system32\3190s5zr9e2548.dll
c:\windows\system32\3338back9oorz59.bin
c:\windows\system32\3350vir9436z.exe
c:\windows\system32\3383virz559.exe
c:\windows\system32\33z3sp5mb9tec.ocx
c:\windows\system32\35576hzcktool399.ocx
c:\windows\system32\359adownloaderz748.exe
c:\windows\system32\3670ha5ktozl699.ocx
c:\windows\system32\38949te5l279z.cpl
c:\windows\system32\3930z9d5are1751.cpl
c:\windows\system32\3984hazktoold05.bin
c:\windows\system32\398fbackdo5rz391.ocx
c:\windows\system32\39f5ba5kdooz108.exe
c:\windows\system32\3c5ethreat2631z9.bin
c:\windows\system32\3d90thre5tz243.bin
c:\windows\system32\3ddsza9se2595.dll
c:\windows\system32\3dz5v9r697.dll
c:\windows\system32\3z9a5teal612.bin
c:\windows\system32\40e69te5l739z.cpl
c:\windows\system32\40z5hac9tool58c.cpl
c:\windows\system32\4200spywz9e525.exe
c:\windows\system32\4219ad5ware124z9.exe
c:\windows\system32\4260spzrs95125.cpl
c:\windows\system32\42fzs9eal1655.bin
c:\windows\system32\449cstezl10875.exe
c:\windows\system32\45409hreat221z4.dll
c:\windows\system32\45abdo5zlo9der27.exe
c:\windows\system32\4639hackzool655.bin
c:\windows\system32\4695hacktool2cz5.dll
c:\windows\system32\46a4thi5z30759.dll
c:\windows\system32\475cth9ef5z4.cpl
c:\windows\system32\48zste592280.cpl
c:\windows\system32\4945z9ef3238.cpl
c:\windows\system32\4954troj623z.exe
c:\windows\system32\4980spyware1457z.bin
c:\windows\system32\4bb7spyw9re1z515.dll
c:\windows\system32\4beadd5are20z49.exe
c:\windows\system32\4d47doz5loader9021.bin
c:\windows\system32\4e9ethze9574.bin
c:\windows\system32\4fe095dwzre852.dll
c:\windows\system32\4z10sparse5059.ocx
c:\windows\system32\50b79ir20z4.exe
c:\windows\system32\51194sp9mbzt1f4.bin
c:\windows\system32\5155spambot9adz.bin
c:\windows\system32\516bdo9zloader9085.bin
c:\windows\system32\51730v9rzsf.exe
c:\windows\system32\51935hacktool7zd.exe
c:\windows\system32\51e9spyware268z.bin
c:\windows\system32\5219z5reat7638.cpl
c:\windows\system32\5255zdd9are555.exe
c:\windows\system32\52757spa9zot637.ocx
c:\windows\system32\52f5dzwnl9ader75.exe
c:\windows\system32\52z4s5yware2792.exe
c:\windows\system32\53zdsp95se2233.cpl
c:\windows\system32\545azdwa9e2085.dll
c:\windows\system32\54z01sp91b3.dll
c:\windows\system32\5518szambot3169.bin
c:\windows\system32\5520wo9m567z.cpl
c:\windows\system32\552cspa5se939z.bin
c:\windows\system32\553bdownlo5der2199z.exe
c:\windows\system32\5554thie9267z.dll
c:\windows\system32\55859ir1z62.cpl
c:\windows\system32\5596viruz44f.exe
c:\windows\system32\55spz9are2752.exe
c:\windows\system32\56143zpy5159.cpl
c:\windows\system32\561b9zeal552.cpl
c:\windows\system32\563zhack5ool4859.bin
c:\windows\system32\569fdownlozder1225.bin
c:\windows\system32\57016hacktozl5f9.cpl
c:\windows\system32\5730bzc5d9or1569.dll
c:\windows\system32\57470zpambot19d.cpl
c:\windows\system32\585759zj1e2.dll
c:\windows\system32\5865z9arse951.ocx
c:\windows\system32\58991zpambot210.dll
c:\windows\system32\59257vzrus270.cpl
c:\windows\system32\5945ztro9640.exe
c:\windows\system32\5965troj1z3.bin
c:\windows\system32\596downlzader976.dll
c:\windows\system32\5970zpy10e.ocx
c:\windows\system32\598f5zyware22149.dll
c:\windows\system32\5990tzi5f1251.exe
c:\windows\system32\59955ha9ktool2zb.dll
c:\windows\system32\599dviz2255.cpl
c:\windows\system32\599zvir1542.cpl
c:\windows\system32\5abadownlzader7659.cpl
c:\windows\system32\5b0zspars93129.exe
c:\windows\system32\5b29spywarez243.ocx
c:\windows\system32\5b2ba5kdoor154z9.ocx
c:\windows\system32\5b5asp9wzre3265.exe
c:\windows\system32\5be4s9ezl22985.exe
c:\windows\system32\5c1thzef1699.ocx
c:\windows\system32\5c5dd9wzloader5863.bin
c:\windows\system32\5cda5d9arz991.ocx
c:\windows\system32\5cdcspyz5re20249.ocx
c:\windows\system32\5ebabzck9o5r1888.cpl
c:\windows\system32\5fc9downl5azer2392.cpl
c:\windows\system32\5z10backd5o9331.ocx
c:\windows\system32\5z69st5al1962.ocx
c:\windows\system32\60fth5ef89z.bin
c:\windows\system32\6125addza591570.bin
c:\windows\system32\613fzdd5ar92471.ocx
c:\windows\system32\6315szy9775.cpl
c:\windows\system32\6328s5am9ot6baz.ocx
c:\windows\system32\6349thief156z.ocx
c:\windows\system32\645evir27z19.bin
c:\windows\system32\6499s5arsez255.cpl
c:\windows\system32\6503spy29z.dll
c:\windows\system32\6557h9czt5ol54d.bin
c:\windows\system32\66265p9waze626.cpl
c:\windows\system32\667fzac5door4449.dll
c:\windows\system32\669fdow5loa9er2842z.bin
c:\windows\system32\66bes5arsz2191.exe
c:\windows\system32\675c9parse2617z.dll
c:\windows\system32\678fth9ea527z08.exe
c:\windows\system32\6875thiz9895.bin
c:\windows\system32\68z1thr5at11915.cpl
c:\windows\system32\6934threat2z524.exe
c:\windows\system32\6982s9zw5re1186.dll
c:\windows\system32\699fs5zrse53.cpl
c:\windows\system32\6b2zth5eat97882.cpl
c:\windows\system32\6c99s5ywzre1272.exe
c:\windows\system32\6d53thiefz29.bin
c:\windows\system32\6e19down5oazer519.exe
c:\windows\system32\6e98addwar5z108.cpl
c:\windows\system32\6z4avir96885.cpl
c:\windows\system32\6z81backdo5r930.bin
c:\windows\system32\711cd9wzloader5889.ocx
c:\windows\system32\7295stealz452.ocx
c:\windows\system32\7381downlo9d5z2307.exe
c:\windows\system32\7465troj907z.exe
c:\windows\system32\7506st9a56z9.bin
c:\windows\system32\754dthi9f2054z.cpl
c:\windows\system32\759zownloade51898.bin
c:\windows\system32\7602not-a-95rus5z0.bin
c:\windows\system32\7796th5ez948.ocx
c:\windows\system32\77dzdownloa59r2877.dll
c:\windows\system32\7859thzeat5871.dll
c:\windows\system32\790s9eaz5715.ocx
c:\windows\system32\795troj55z.bin
c:\windows\system32\79zcspyw9r51199.bin
c:\windows\system32\7b95dow9l5zder2839.ocx
c:\windows\system32\7c2cvi5232z9.ocx
c:\windows\system32\7e07add9are188z5.exe
c:\windows\system32\7edcs5zal25769.cpl
c:\windows\system32\7f59ztea9218.exe
c:\windows\system32\7fa9addwarz205.cpl
c:\windows\system32\7z59t9rea519143.dll
c:\windows\system32\7z68addware2594.dll
c:\windows\system32\7za5thief1598.exe
c:\windows\system32\8015hac9tozl3c0.bin
c:\windows\system32\8243spa5zot229.ocx
c:\windows\system32\8371vzru956e5.cpl
c:\windows\system32\89855roj53z.dll
c:\windows\system32\8b2v5r29z4.exe
c:\windows\system32\905zi9us34b.exe
c:\windows\system32\9112zsp549e.exe
c:\windows\system32\922235rojez.bin
c:\windows\system32\92cthreaz25782.bin
c:\windows\system32\92dthreaz2052.bin
c:\windows\system32\92z77tr5j356.ocx
c:\windows\system32\9345not9a-vir5s6az.exe
c:\windows\system32\935fviz529.dll
c:\windows\system32\936bsparze2590.cpl
c:\windows\system32\93bethiefz570.dll
c:\windows\system32\94z5vir1744.exe
c:\windows\system32\95286not-a-viruz2b8.bin
c:\windows\system32\952zsparse420.exe
c:\windows\system32\9550zorm715.exe
c:\windows\system32\95664zot-a-vir5s34d.dll
c:\windows\system32\95820spy1cz.ocx
c:\windows\system32\9585spywarz2535.ocx
c:\windows\system32\9599spambotz19.dll
c:\windows\system32\959zd5wnloader2896.cpl
c:\windows\system32\965spar5e9z09.bin
c:\windows\system32\96921not-a5vizus6d7.bin
c:\windows\system32\9746sz5al415.dll
c:\windows\system32\9809tzief2545.exe
c:\windows\system32\9818sparse20z35.ocx
c:\windows\system32\9821v9rzs53c.exe
c:\windows\system32\9895trojze85.exe
c:\windows\system32\98992trzj5815.exe
c:\windows\system32\98csp5rse2425z.dll
c:\windows\system32\994535irzs392.dll
c:\windows\system32\99z9s5ambot153.bin
c:\windows\system32\9a1add9a5ez531.bin
c:\windows\system32\9b2bthrezt6125.exe
c:\windows\system32\9z07ha5ktool25.exe
c:\windows\system32\9z2875py2b8.ocx
c:\windows\system32\a15s9ywarz1116.exe
c:\windows\system32\az3th5eat16393.exe
c:\windows\system32\cz1s5arse29049.ocx
c:\windows\system32\d95vi56z.cpl
c:\windows\system32\drivers\npf.sys
c:\windows\system32\f725h9efz661.cpl
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\z10599orm5ed.exe
c:\windows\system32\z1913spy49c5.bin
c:\windows\system32\z218695oj5e5.cpl
c:\windows\system32\z595troj4cb.ocx
c:\windows\system32\z59659a5ktool2eb.ocx
c:\windows\system32\z599sp5mbot38f.bin
c:\windows\system32\z59vir1229.ocx
c:\windows\system32\z5da9ownloader2504.cpl
c:\windows\system32\z5de9hief1385.exe
c:\windows\system32\z7081no5-a-vi9us72f.bin
c:\windows\system32\z7555py399.ocx
c:\windows\system32\z7765virus192.ocx
c:\windows\system32\z79669p5mbot1da.bin
c:\windows\system32\z89esparse5768.bin
c:\windows\system32\z922wor99d5.exe
c:\windows\system32\z93245orm168.bin
c:\windows\system32\z9337not-a-9i5us43e.exe
c:\windows\system32\z9635worm90c.dll
c:\windows\system32\zafes5y9are1546.bin
c:\windows\z018n95-a-virus781.dll
c:\windows\z159downloader1825.ocx
c:\windows\z1989wo9m7845.cpl
c:\windows\z33as95al1550.cpl
c:\windows\z510w5rm6089.exe
c:\windows\z519steal2689.cpl
c:\windows\z57749orm79.ocx
c:\windows\z5d7thie58309.cpl
c:\windows\z6059parse979.exe
c:\windows\z66e5hrea929511.dll
c:\windows\z855virus7b19.ocx
c:\windows\z99915py52c.bin
c:\windows\zdbfsp9ware9935.ocx
c:\windows\zdds9ar5e2896.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gaopdxserv.sys
-------\Legacy_NPF
-------\Service_gaopdxserv.sys
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

2010-09-10 00:16 . 2010-09-10 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-09 23:49 . 2010-09-09 23:56 -------- d-----w- C:\32788R22FWJFW
2010-08-27 02:03 . 2010-09-09 22:14 -------- d-----w- c:\users\Chantal\AppData\Roaming\skypePM
2010-08-27 02:01 . 2010-09-10 00:17 -------- d-----w- c:\users\Chantal\AppData\Roaming\Skype
2010-08-27 02:01 . 2010-08-27 02:01 -------- d-----w- c:\program files\Common Files\Skype
2010-08-27 02:01 . 2010-08-27 02:01 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 23:18 . 2008-09-08 16:31 13119 ----a-w- c:\users\Chantal\AppData\Roaming\nvModes.dat
2010-08-30 20:06 . 2009-08-17 23:19 1102 ----a-w- c:\users\Chantal\AppData\Roaming\wklnhst.dat
2010-08-27 02:03 . 2010-08-27 02:03 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-08-27 02:01 . 2008-09-23 04:27 -------- d-----w- c:\programdata\Skype
2010-08-25 06:37 . 2007-05-04 18:33 -------- d-----w- c:\programdata\Microsoft Help
2010-07-25 01:52 . 2010-07-25 01:29 -------- d-----w- c:\program files\Ubisoft
2010-07-25 01:29 . 2007-05-04 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 03:32 . 2010-07-24 03:08 -------- d-----w- c:\program files\Ubi Soft
2010-07-24 03:32 . 2010-07-24 03:32 -------- d-----w- c:\programdata\QuickTime
2010-07-24 03:31 . 2010-07-24 03:31 -------- d-----w- c:\program files\directx
2010-07-24 03:08 . 2010-07-24 03:06 -------- d-----w- c:\program files\iTunes
2010-07-24 03:06 . 2010-07-24 03:06 -------- d-----w- c:\program files\iPod
2010-07-24 03:06 . 2010-01-25 00:27 -------- d-----w- c:\program files\Common Files\Apple
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{33a329ee-7f7d-471e-ac67-15c54d970678}"= "c:\program files\Jaybob's_Movies\tbJayb.dll" [2009-04-27 2088472]

[HKEY_CLASSES_ROOT\clsid\{33a329ee-7f7d-471e-ac67-15c54d970678}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33a329ee-7f7d-471e-ac67-15c54d970678}]
2009-04-27 22:36 2088472 ----a-w- c:\program files\Jaybob's_Movies\tbJayb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{33a329ee-7f7d-471e-ac67-15c54d970678}"= "c:\program files\Jaybob's_Movies\tbJayb.dll" [2009-04-27 2088472]

[HKEY_CLASSES_ROOT\clsid\{33a329ee-7f7d-471e-ac67-15c54d970678}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{33A329EE-7F7D-471E-AC67-15C54D970678}"= "c:\program files\Jaybob's_Movies\tbJayb.dll" [2009-04-27 2088472]

[HKEY_CLASSES_ROOT\clsid\{33a329ee-7f7d-471e-ac67-15c54d970678}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-09-08 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-11 26959144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-08-01 2048352]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-5-4 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-05-08 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-08 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]

.
Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\User_Feed_Synchronization-{F650F526-C568-4D3A-87C2-E03AC2725E1E}.job
- c:\windows\system32\msfeedssync.exe [2010-07-02 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-mediafix70700en02.exe - c:\users\Chantal\AppData\Roaming\4A846979E7A4D5AC33D22D3195D3E3EA\mediafix70700en02.exe
HKLM-Run-WiniBlueSoft - c:\program files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe
AddRemove-WT021402 - c:\program files\HP Games\Family Feud\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-09 21:22
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Vongo\VongoService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\system32\conime.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Vongo\Tray.exe
c:\windows\System32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-09-09 21:33:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-10 00:33
ComboFix2.txt 2009-02-09 20:57

Pre-Run: 66,907,688,960 bytes free
Post-Run: 66,807,652,352 bytes free

- - End Of File - - 8D3DBED33470384258F3E867A2BB8B16

nathaliedaigle
Novice
Novice

Status :
Online
Offline

Posts Posts : 35
Joined Joined : 2010-07-22
OS : windows vista

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by nathaliedaigle on Fri Sep 10, 2010 12:44 am

I was just wondering, Combofix deleted my internet explorer, I can open it if im on msn and click to check my emails, or click on a link someone sent me, is there a way to get a direct link from my desktop back?

nathaliedaigle
Novice
Novice

Status :
Online
Offline

Posts Posts : 35
Joined Joined : 2010-07-22
OS : windows vista

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by Belahzur on Fri Sep 10, 2010 12:51 am

Hello.
Go to this folder:
C:\Program Files\Internet Explorer

Inside there is iexplore.exe, just drag a shortcut onto your Desktop.


Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by nathaliedaigle on Fri Sep 10, 2010 1:08 am

i guess i didnt explain it correctly. When I click on my internet explorer icon, i get a popup saying "C:/ProgramFiles/Internet Explorer/iexplorer.exe Illegal operation attempted on a registry key that has been marked for deletion."

I am now going to run the ESET online scan.

nathaliedaigle
Novice
Novice

Status :
Online
Offline

Posts Posts : 35
Joined Joined : 2010-07-22
OS : windows vista

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by nathaliedaigle on Fri Sep 10, 2010 7:11 am

Scan has completed.
It is giving me the pop up similar to the one above when i try to open the log created "C:/ProgramFiles/ESETESET online scanner/log.exe Illegal operation attempted on a registry key that has been marked for deletion."

nathaliedaigle
Novice
Novice

Status :
Online
Offline

Posts Posts : 35
Joined Joined : 2010-07-22
OS : windows vista

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by Belahzur on Sat Sep 11, 2010 12:42 am

Hmm.
Can you re-run Combofix for me please and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by nathaliedaigle on Sat Sep 11, 2010 2:48 am

will do

nathaliedaigle
Novice
Novice

Status :
Online
Offline

Posts Posts : 35
Joined Joined : 2010-07-22
OS : windows vista

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by nathaliedaigle on Sat Sep 11, 2010 3:23 am

ComboFix 10-09-09.04 - Chantal 11/09/2010 0:00.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.1982.966 [GMT -3:00]
Running from: c:\users\Chantal\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Chantal\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp

.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-11 03:14 . 2010-09-11 03:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-11 03:14 . 2010-09-11 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-11 02:55 . 2010-09-11 02:56 -------- d-----w- C:\32788R22FWJFW
2010-09-11 00:14 . 2010-09-11 00:14 -------- d-----w- c:\program files\7-Zip
2010-09-10 20:50 . 2010-09-10 20:50 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-09-10 20:48 . 2007-10-20 21:21 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2010-09-10 20:44 . 2007-10-20 21:25 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2010-09-10 20:44 . 2010-09-10 20:45 -------- d-----w- c:\windows\LastGood
2010-09-10 20:40 . 2010-09-10 20:40 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2010-09-10 20:23 . 2010-09-10 20:52 163194 ----a-w- c:\windows\hpoins28.dat
2010-09-10 20:23 . 2008-05-12 19:46 796 ------w- c:\windows\hpomdl28.dat
2010-09-10 20:22 . 2008-01-25 12:23 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-09-10 20:22 . 2008-01-25 12:22 729088 ----a-w- c:\windows\system32\hpowiax7.dll
2010-09-10 20:22 . 2008-01-25 12:22 303104 ----a-w- c:\windows\system32\hpovst15.dll
2010-09-10 20:22 . 2008-01-25 12:22 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-09-10 20:22 . 2008-01-25 12:22 581632 ----a-w- c:\windows\system32\hpotscl6.dll
2010-09-10 20:22 . 2008-01-25 12:22 309760 ----a-w- c:\windows\system32\difxapi.dll
2010-09-10 20:15 . 2010-09-10 20:15 -------- d-----w- c:\programdata\Uniblue
2010-09-10 20:15 . 2010-09-10 20:15 -------- d-----w- c:\users\Chantal\AppData\Roaming\Uniblue
2010-09-10 20:15 . 2010-09-10 20:15 -------- d-----w- c:\program files\Uniblue
2010-09-10 01:17 . 2010-09-10 01:17 -------- d-----w- c:\program files\ESET
2010-08-27 02:03 . 2010-09-11 03:06 -------- d-----w- c:\users\Chantal\AppData\Roaming\skypePM
2010-08-27 02:01 . 2010-09-10 14:26 -------- d-----w- c:\users\Chantal\AppData\Roaming\Skype
2010-08-27 02:01 . 2010-08-27 02:01 -------- d-----w- c:\program files\Common Files\Skype
2010-08-27 02:01 . 2010-08-27 02:01 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 20:48 . 2007-05-04 19:15 -------- d-----w- c:\programdata\Hewlett-Packard
2010-09-10 20:41 . 2007-05-04 18:08 -------- d-----w- c:\program files\Hp
2010-09-10 14:22 . 2009-04-20 20:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-08 23:18 . 2008-09-08 16:31 13119 ----a-w- c:\users\Chantal\AppData\Roaming\nvModes.dat
2010-08-30 20:06 . 2009-08-17 23:19 1102 ----a-w- c:\users\Chantal\AppData\Roaming\wklnhst.dat
2010-08-27 02:03 . 2010-08-27 02:03 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-08-27 02:01 . 2008-09-23 04:27 -------- d-----w- c:\programdata\Skype
2010-08-25 06:37 . 2007-05-04 18:33 -------- d-----w- c:\programdata\Microsoft Help
2010-07-25 01:52 . 2010-07-25 01:29 -------- d-----w- c:\program files\Ubisoft
2010-07-25 01:29 . 2007-05-04 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 03:32 . 2010-07-24 03:08 -------- d-----w- c:\program files\Ubi Soft
2010-07-24 03:32 . 2010-07-24 03:32 -------- d-----w- c:\programdata\QuickTime
2010-07-24 03:31 . 2010-07-24 03:31 -------- d-----w- c:\program files\directx
2010-07-24 03:08 . 2010-07-24 03:06 -------- d-----w- c:\program files\iTunes
2010-07-24 03:06 . 2010-07-24 03:06 -------- d-----w- c:\program files\iPod
2010-07-24 03:06 . 2010-01-25 00:27 -------- d-----w- c:\program files\Common Files\Apple
2010-07-24 03:00 . 2010-07-24 03:00 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{33a329ee-7f7d-471e-ac67-15c54d970678}"= "c:\program files\Jaybob's_Movies\tbJayb.dll" [2009-04-27 2088472]

[HKEY_CLASSES_ROOT\clsid\{33a329ee-7f7d-471e-ac67-15c54d970678}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33a329ee-7f7d-471e-ac67-15c54d970678}]
2009-04-27 22:36 2088472 ----a-w- c:\program files\Jaybob's_Movies\tbJayb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{33a329ee-7f7d-471e-ac67-15c54d970678}"= "c:\program files\Jaybob's_Movies\tbJayb.dll" [2009-04-27 2088472]

[HKEY_CLASSES_ROOT\clsid\{33a329ee-7f7d-471e-ac67-15c54d970678}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{33A329EE-7F7D-471E-AC67-15C54D970678}"= "c:\program files\Jaybob's_Movies\tbJayb.dll" [2009-04-27 2088472]

[HKEY_CLASSES_ROOT\clsid\{33a329ee-7f7d-471e-ac67-15c54d970678}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-09-08 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-11 26959144]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2010-08-25 338296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-08-01 2048352]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-5-4 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-05-08 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-08 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - CPUZ132

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{F650F526-C568-4D3A-87C2-E03AC2725E1E}.job
- c:\windows\system32\msfeedssync.exe [2010-07-02 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-11 00:14
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-11 00:20:45
ComboFix-quarantined-files.txt 2010-09-11 03:20
ComboFix2.txt 2010-09-10 00:33
ComboFix3.txt 2009-02-09 20:57

Pre-Run: 68,286,291,968 bytes free
Post-Run: 68,454,588,416 bytes free

- - End Of File - - 6E116E9A95A1429FBA06C41C4FB83410

nathaliedaigle
Novice
Novice

Status :
Online
Offline

Posts Posts : 35
Joined Joined : 2010-07-22
OS : windows vista

View user profile

Back to top Go down

Re: Antimalware Doctor virus

Post by nathaliedaigle on Sat Sep 11, 2010 3:24 am

oh I can open the internet page now, and the ESET online scan log, but there happens to be nothing in the log... should i run the ESET scan again?

nathaliedaigle
Novice
Novice

Status :
Online
Offline

Posts Posts : 35
Joined Joined : 2010-07-22
OS : windows vista

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum