not sure what i have virus/trojan/malware HELP

View previous topic View next topic Go down

not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Fri Nov 12, 2010 12:28 am

OTL logfile created on: 11/11/2010 7:05:33 PM - Run 3
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 132.88 Gb Free Space | 57.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEFAULT-2A526BA
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/01 11:55:10 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/17 09:32:26 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/25 19:54:17 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/25 00:01:29 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
PRC - [2010/03/28 11:21:32 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2009/11/18 10:50:32 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2009/11/18 10:50:30 | 004,269,296 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/18 23:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/18 23:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/01/21 14:19:54 | 000,092,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/25 13:34:50 | 000,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2008/07/18 13:08:22 | 001,306,624 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/25 07:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 07:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/04/25 00:01:29 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
MOD - [2010/03/17 15:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/02/18 23:31:16 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 14:29:02 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/01 11:55:10 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/25 13:34:50 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/06/25 07:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (szkgfs)
DRV - File not found [Kernel | Unknown | Running] -- -- (szkg5)
DRV - [2010/06/10 09:32:36 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/11/24 18:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/28 18:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/03/23 21:56:53 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/03/23 21:56:53 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/02/18 14:44:00 | 006,308,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/01/13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/12/18 22:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 22:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 22:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/08/11 11:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 10:42:55 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MS1000.sys -- (MS1000)
DRV - [2008/01/18 15:16:28 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016obex.sys -- (a016obex)
DRV - [2008/01/18 15:16:26 | 000,110,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdm.sys -- (a016mdm)
DRV - [2008/01/18 15:16:26 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV - [2008/01/18 15:16:24 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdfl.sys -- (a016mdfl)
DRV - [2008/01/18 15:16:22 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV - [2007/11/01 01:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/17 07:12:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/25 07:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 07:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 07:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/04/11 14:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 14:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/10/17 20:22:00 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/login.php"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 14:45:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/30 20:23:07 | 000,000,000 | ---D | M]

[2008/10/30 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Mozilla\Extensions
[2010/11/10 16:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\extensions
[2010/06/28 14:59:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/28 14:59:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/24 11:51:07 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/03/28 10:04:34 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\searchplugins\BearShareWebSearch.xml
[2010/11/05 21:11:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\searchplugins\icqplugin.xml
[2010/11/10 16:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/28 10:04:34 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2010/11/11 16:22:34 | 000,391,551 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13550 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [removedatamngr] File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DriveConfiguration = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LegacyDrive = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([[You must be registered and logged in to see this link.] http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} [You must be registered and logged in to see this link.] (PogoWebLauncher Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} [You must be registered and logged in to see this link.] (PowerLoader Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} [You must be registered and logged in to see this link.] (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} [You must be registered and logged in to see this link.] (MJLauncherCtrl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} [You must be registered and logged in to see this link.] (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} [You must be registered and logged in to see this link.] (CPlayFirstddfotgControl Object)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} [You must be registered and logged in to see this link.] (View22RTEv4 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} [You must be registered and logged in to see this link.] (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.255.0.130 207.255.0.131
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\default\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\default\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/05 21:55:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Madden08.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/03/12 13:39:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless LAN Utility.lnk - C:\PROGRA~1\LEVELO~1\RtWLan.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^default^Start Menu^Programs^Startup^hamachi.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^default^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
MsConfig - StartUpReg: befuljak - hkey= - key= - C:\Documents and Settings\default\Local Settings\Application Data\cfoheprnv\kglyrlutssd.exe File not found
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ6.5\ICQ.exe File not found
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: Mirabilis ICQ - hkey= - key= - C:\Program Files\ICQ\ICQNet.exe ()
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: S3Trayp - hkey= - key= - File not found
MsConfig - StartUpReg: SecurDisc - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: VTTimer - hkey= - key= - File not found
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE


dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Fri Nov 12, 2010 12:29 am

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746478449557504)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 16:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/11 14:27:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/11/11 14:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/11/11 14:27:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/11/11 14:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/11/11 08:50:40 | 000,000,000 | ---D | C] -- C:\f10f57d3e087a7d99b8b
[2010/11/11 03:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/11 03:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/11 02:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/11 02:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/30 23:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/10/30 23:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/10/30 23:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/11 19:04:15 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FD6265BC-5D6F-4D84-A120-2882DCA353A3}.job
[2010/11/11 18:52:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 18:49:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/11 18:16:05 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/11 18:16:04 | 000,012,477 | ---- | M] () -- C:\WINDOWS\System32\234.js
[2010/11/11 17:50:06 | 000,510,928 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/11/11 17:50:06 | 000,433,962 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/11 17:50:06 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/11 17:44:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/11/11 17:16:06 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/11 16:32:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/11 16:28:45 | 000,001,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/11 16:27:57 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/11 16:26:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/11 16:26:26 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
[2010/11/11 16:25:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 16:24:48 | 007,372,800 | ---- | M] () -- C:\Documents and Settings\default\NTUSER.DAT
[2010/11/11 16:22:34 | 000,391,551 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/11 16:16:12 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/11 15:16:11 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/11 14:49:56 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/11 14:16:27 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/11 14:12:42 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/11 13:16:03 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/11 12:16:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/11 12:15:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/11 11:16:03 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/11 10:16:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/11 09:16:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/11 08:16:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/11 07:16:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/11 06:16:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/11 05:16:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/11 04:35:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
[2010/11/11 04:16:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/11 03:16:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/11 02:32:13 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/11 02:32:13 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/11 02:32:13 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/11 02:32:13 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/11 02:32:13 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/11 02:32:13 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/11 02:32:13 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/11 02:16:04 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/09 02:36:14 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2010/11/03 22:25:11 | 005,489,664 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/11/03 22:25:11 | 002,993,152 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/10/30 23:23:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/10/30 01:57:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\default\ntuser.ini
[2010/10/27 17:38:55 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/25 14:28:58 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\default\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/14 20:53:44 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/13 10:34:42 | 002,649,100 | -H-- | M] () -- C:\Documents and Settings\default\Local Settings\Application Data\IconCache.db
[2010/10/13 02:09:22 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 02:05:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/11 16:26:58 | 000,001,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/11 02:26:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 02:16:03 | 000,012,477 | ---- | C] () -- C:\WINDOWS\System32\234.js
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/06 06:24:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/06 06:24:43 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/06 06:24:43 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/30 23:23:14 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/08/12 02:04:30 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/10 23:11:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/11/28 21:47:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hammerhead.INI
[2009/03/24 20:22:42 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\msdrve.dll
[2009/03/24 20:22:40 | 000,010,816 | ---- | C] () -- C:\WINDOWS\vmoptver.dll
[2009/03/23 21:56:53 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/03/23 21:56:53 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/03/12 18:14:20 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/03/12 18:14:17 | 000,010,287 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/03/12 18:14:01 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/02/18 14:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/02/18 14:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/02/18 14:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/02/18 14:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/12 11:32:11 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/11/22 23:34:14 | 000,030,976 | ---- | C] () -- C:\WINDOWS\rascntrl.dll
[2008/11/22 23:34:14 | 000,023,104 | ---- | C] () -- C:\WINDOWS\System32\svcprmpt.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/22 16:46:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/04 19:08:44 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/04 19:08:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/29 10:42:55 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2008/02/08 12:53:02 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\nsq38D.dll
[2008/02/07 17:37:23 | 000,022,771 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/05 23:00:01 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/01/31 17:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/03/12 18:02:41 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/18 13:08:22 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/09/28 18:34:40 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2010/07/25 20:43:05 | 000,003,968 | RHS- | M] () -- C:\WINDOWS\wintybrdf.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*.png >
[2010/07/25 20:43:05 | 000,003,416 | RHS- | M] () -- C:\WINDOWS\wintybrd.png
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/10/12 09:33:46 | 000,001,236 | ---- | M] () -- C:\Program Files\INSTALL.LOG

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/03/12 18:03:15 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >
[2010/04/24 15:24:27 | 000,000,025 | ---- | M] () -- C:\WINDOWS\herjek.config
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/03/12 18:11:52 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/02/05 22:26:27 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/01/12 11:18:43 | 001,908,736 | ---- | M] () -- C:\Documents and Settings\default\Desktop\ESSAiON.exe
[2010/04/25 00:01:29 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/03/12 19:41:54 | 080,756,000 | ---- | M] (NVIDIA Corporation ) -- C:\Documents and Settings\default\My Documents\182.08_geforce_winxp_32bit_english_whql.exe
[2008/03/03 19:59:11 | 050,531,640 | ---- | M] ( ) -- C:\Documents and Settings\default\My Documents\CyberLink.3118(EVR)_DVD070604-04.exe
[2008/02/12 14:18:06 | 000,166,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\default\My Documents\DECCHECKSetup.EXE
[2008/10/30 19:16:48 | 007,508,608 | ---- | M] (Mozilla) -- C:\Documents and Settings\default\My Documents\Firefox Setup 3.0.3.exe
[2002/03/11 03:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\default\My Documents\instmsia.exe
[2002/03/11 04:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\default\My Documents\instmsiw.exe
[2008/03/28 19:34:37 | 018,849,664 | ---- | M] (Oberon Media Inc.) -- C:\Documents and Settings\default\My Documents\Luxor_2-setup.exe
[2008/03/15 19:16:57 | 003,726,205 | ---- | M] (ManiacTools.com ) -- C:\Documents and Settings\default\My Documents\mp3-splitter-joiner.exe
[2008/09/18 11:08:54 | 000,424,728 | ---- | M] () -- C:\Documents and Settings\default\My Documents\setup.exe
[2008/03/26 18:20:06 | 000,899,414 | ---- | M] () -- C:\Documents and Settings\default\My Documents\SetupDVDDecrypter_3.5.4.0.exe
[2010/01/19 20:32:46 | 002,020,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\default\My Documents\SkypeSetup.exe
[2008/03/26 18:29:31 | 007,151,050 | ---- | M] () -- C:\Documents and Settings\default\My Documents\videoraipodconverter_Installer.exe
[2010/01/09 20:55:21 | 014,660,960 | ---- | M] () -- C:\Documents and Settings\default\My Documents\winzip120.exe

< %USERPROFILE%\*.exe >
[2008/12/19 17:45:17 | 000,061,224 | ---- | M] () -- C:\Documents and Settings\default\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/10/27 20:27:56 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/10/27 20:27:56 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/10/27 20:27:57 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/10/27 20:27:58 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/03/12 18:11:53 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\default\Favorites\Desktop.ini
[2010/02/17 10:05:01 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\default\Favorites\Verizon Central

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/03/12 13:44:56 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/03/10 22:50:42 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/03/12 13:44:56 | 027,525,120 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/03/12 13:44:56 | 007,602,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/14 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/04/14 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\hamachi.sys
[2008/04/14 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008/04/14 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/14 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/04/13 11:21:50 | 000,017,920 | ---- | M] (Your Corporation) -- C:\WINDOWS\system32\Ntaccess.sys
[2008/04/14 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008/04/14 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008/04/14 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008/04/14 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008/04/14 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/14 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/14 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/14 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/14 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/14 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 07:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/18 13:08:22 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/09/28 18:34:40 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll

< %SYSTEMDRIVE%\*.* >
[2010/04/11 21:43:09 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/11/11 16:25:26 | 000,029,016 | ---- | M] () -- C:\aaw7boot.log
[2008/02/05 21:55:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/11/22 07:16:46 | 000,000,223 | -HS- | M] () -- C:\Boot.bak
[2010/04/25 09:56:34 | 000,000,294 | -HS- | M] () -- C:\boot.ini
[2009/01/12 11:21:54 | 000,232,296 | ---- | M] () -- C:\ClearLog.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2008/11/22 19:50:03 | 000,015,228 | ---- | M] () -- C:\ComboFix.txt
[2008/02/05 21:55:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/02/28 10:25:22 | 000,004,131 | ---- | M] () -- C:\Cucu_Video_log.txt
[2001/09/05 21:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2008/02/05 21:55:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/16 15:25:49 | 000,000,471 | ---- | M] () -- C:\KEMMAPIUtils
[2009/02/20 22:58:42 | 000,004,461 | ---- | M] () -- C:\LGSInst.Log
[2008/11/29 14:21:45 | 000,097,968 | ---- | M] () -- C:\logfile
[2008/02/05 21:55:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/17 10:00:31 | 000,000,549 | ---- | M] () -- C:\NTDClient.log
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/11 16:25:26 | 2146,611,200 | -HS- | M] () -- C:\pagefile.sys
[2008/04/07 20:51:26 | 000,096,586 | ---- | M] () -- C:\playground.log
[2008/11/22 18:24:39 | 000,001,523 | ---- | M] () -- C:\rapport.txt
[2008/10/31 09:36:56 | 000,017,715 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2010/05/10 15:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\abso&#406;ute Poker
[2008/12/18 06:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/10 20:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/09/03 10:13:40 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2008/11/22 06:41:20 | 000,000,000 | ---D | M] -- C:\Program Files\Alex Gordon
[2008/11/22 20:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/03/12 19:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\AMD
[2008/10/21 14:12:22 | 000,000,000 | ---D | M] -- C:\Program Files\AML Products
[2008/08/20 09:31:48 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/01/12 11:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2009/03/25 14:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\AutoPogo1
[2010/09/03 10:13:40 | 000,000,000 | ---D | M] -- C:\Program Files\Avanquest update
[2008/03/26 18:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2010/04/27 23:33:46 | 000,000,000 | ---D | M] -- C:\Program Files\BearShare Applications
[2008/03/03 20:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\BitDownload
[2010/11/09 03:31:59 | 000,000,000 | ---D | M] -- C:\Program Files\Blubster
[2010/09/09 11:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/10/21 13:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\CleanMyPC
[2010/11/11 18:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/02/05 21:53:25 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/03/03 21:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\ContextProgram
[2008/02/28 10:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2009/10/27 18:52:05 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/11/04 15:11:31 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/04/25 07:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\Dr Lynch Grave Secrets
[2009/02/17 15:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\DragonEye
[2008/03/26 18:20:31 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2008/02/28 19:08:06 | 000,000,000 | ---D | M] -- C:\Program Files\E-Zsoft
[2008/06/21 21:34:30 | 000,000,000 | ---D | M] -- C:\Program Files\EA SPORTS
[2008/02/06 15:31:23 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/02/11 16:34:33 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2008/06/18 19:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Game Cam V2
[2008/05/24 14:32:51 | 000,000,000 | ---D | M] -- C:\Program Files\GetData
[2010/05/25 19:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/04/11 21:23:33 | 000,000,000 | ---D | M] -- C:\Program Files\Hamachi
[2010/10/12 22:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\ICQ
[2008/02/08 22:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\ICQ6
[2008/02/07 03:06:40 | 000,000,000 | ---D | M] -- C:\Program Files\ICQLite
[2010/09/22 18:48:04 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/03/12 18:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/13 02:04:43 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/09/09 11:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/09 11:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/03/30 12:37:55 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/11/29 23:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/01/12 11:50:31 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2010/06/10 09:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/05/18 18:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/04/11 22:01:27 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn
[2008/05/12 12:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Lottso! de Luxe
[2008/05/09 15:57:29 | 000,000,000 | ---D | M] -- C:\Program Files\MaddenAmp
[2008/04/20 16:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2008/09/03 13:13:27 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/02/05 21:56:14 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/10/13 02:09:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/12 02:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/27 20:28:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/08 00:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/07 00:32:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSI
[2009/01/20 22:41:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/02/05 21:52:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/02/09 19:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/01/23 00:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\myspacelayouts
[2009/03/23 16:37:38 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/09/03 13:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/11/11 14:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2010/11/11 14:27:10 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2009/01/10 00:09:15 | 000,000,000 | ---D | M] -- C:\Program Files\Nova Development
[2009/03/15 22:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2008/02/05 21:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/11/29 23:05:53 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/05/11 14:48:31 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/05/18 21:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\PFPortChecker
[2008/11/29 19:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\Pogo To Go
[2008/05/10 02:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2010/09/19 09:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/03/28 11:22:03 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/02/05 22:55:04 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2008/03/26 18:39:48 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2009/08/08 00:45:33 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/11/12 03:54:28 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2008/10/21 13:18:13 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2009/03/12 19:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\S3
[2010/09/09 11:29:10 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/03/07 00:33:42 | 000,000,000 | ---D | M] -- C:\Program Files\Setup Files
[2010/10/05 09:56:31 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/03/02 00:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/03/02 00:47:40 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson
[2009/03/02 00:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2010/04/25 01:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/05 12:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/03/23 21:51:07 | 000,000,000 | ---D | M] -- C:\Program Files\The Adventure Company
[2008/10/21 14:09:16 | 000,000,000 | ---D | M] -- C:\Program Files\The Cleaner Free
[2009/02/17 15:35:07 | 000,000,000 | ---D | M] -- C:\Program Files\ToGo Game
[2008/10/05 04:09:24 | 000,000,000 | ---D | M] -- C:\Program Files\Tri Peaks 2-Quest For The Ruby Ring
[2010/09/16 16:07:44 | 000,000,000 | ---D | M] -- C:\Program Files\Trillian
[2008/04/11 22:20:11 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2008/02/05 22:26:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/12/05 15:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Unity
[2010/07/14 12:43:15 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/04/16 16:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2010/02/17 10:11:40 | 000,000,000 | ---D | M] -- C:\Program Files\verizon_broad
[2008/02/05 22:44:54 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2008/03/15 19:17:46 | 000,000,000 | ---D | M] -- C:\Program Files\Visual MP3 Splitter & Joiner
[2009/10/27 18:57:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/10/27 18:59:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/03 13:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/02/05 21:54:49 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/08/21 13:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/08/19 22:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2008/02/05 21:56:14 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/09/14 00:08:08 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2008/05/10 02:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\Zuma Deluxe
[2009/02/10 15:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\_uninstallation_info

< %appdata%\*.* >
[2008/02/05 16:25:47 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\default\Application Data\desktop.ini
[2009/05/18 18:38:58 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\default\Application Data\setup.log
[2009/05/18 18:38:42 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\default\Application Data\setup_ldm.iss
[2009/11/04 06:49:48 | 000,076,407 | ---- | M] () -- C:\Documents and Settings\default\Application Data\Smiley.ico


< MD5 for: AGP440.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 07:00:00 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-13 07:05:15

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5466F106
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59BDDCD5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86FB3865
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
< End of report >

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Fri Nov 12, 2010 12:30 am

hope it was ok i had to break it down in two posts sorry

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by Belahzur on Fri Nov 12, 2010 1:32 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
    FF - prefs.js..browser.search.order.1: "BearShare Web Search"
    FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&q="
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2010/11/11 18:16:04 | 000,012,477 | ---- | M] () -- C:\WINDOWS\System32\234.js


    :files
    C:\WINDOWS\tasks\At*.job

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Fri Nov 12, 2010 1:45 am

how long does this usually take? for the run fix?

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Fri Nov 12, 2010 1:47 am

lmao never mind it ended as soon as i posted that lmao

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Fri Nov 12, 2010 1:54 am

All processes killed
========== OTL ==========
Prefs.js: "BearShare Web Search" removed from browser.search.defaultenginename
Prefs.js: "BearShare Web Search" removed from browser.search.order.1
Prefs.js: "http://search.bearshare.com/web?src=ffb&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8398-26FADCF27386} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8398-26FADCF27386}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\WINDOWS\system32\234.js moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: default
->Temp folder emptied: 595798 bytes
->Temporary Internet Files folder emptied: 18990701 bytes
->Java cache emptied: 1111228014 bytes
->FireFox cache emptied: 51515856 bytes
->Google Chrome cache emptied: 13470135 bytes
->Apple Safari cache emptied: 2453942 bytes
->Flash cache emptied: 16486339 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 111660895 bytes
->Flash cache emptied: 62986 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297995128 bytes
->Flash cache emptied: 52178 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2557692 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6624665 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 75070874 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2992 bytes

Total Files Cleaned = 1,630.00 mb


OTL by OldTimer - Version 3.2.2.0 log created on 11112010_203825

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\16.tmp not found!
C:\WINDOWS\temp\fla19.tmp moved successfully.
C:\WINDOWS\temp\fla1A.tmp moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_668.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_76c.dat not found!

Registry entries deleted on Reboot...

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Fri Nov 12, 2010 1:55 am

wow i can actually get on internet and post something....finally i had to copy the logs and send them to my laptop so that i could post them on here before

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Fri Nov 12, 2010 5:19 am

my antivirus is still trying to block something at the bottom so is there anything else i need to do?

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Sat Nov 13, 2010 12:17 am

i am still having issues with things not loading and i keep getting a pop up from my antivirus stating that something is trying to infiltrate my computer.....what else is there that i can do?

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Sat Nov 13, 2010 12:40 am

it also keeps popping up a box that says genericwin32service has to shut down....do you want to send a report or not....like something went wrong with internet explorer....HELP!!!!!!!!!!!!!

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by Belahzur on Sat Nov 13, 2010 1:04 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Sat Nov 13, 2010 5:32 am

ComboFix 10-11-12.01 - default 11/13/2010 0:14.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1569 [GMT -5:00]
Running from: c:\documents and settings\default\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1368 [VPS 101112-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\default\GoToAssistDownloadHelper.exe
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\herjek.config
c:\windows\mdll.dl
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\wintybrd.png
c:\windows\wintybrdf.jpg

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.

2010-11-13 05:01 . 2010-11-13 05:03 -------- d-----w- C:\32788R22FWJFW
2010-11-12 01:38 . 2010-11-12 01:38 -------- d-----w- C:\_OTL
2010-11-11 21:18 . 2010-11-11 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-11-11 19:27 . 2010-11-11 19:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-11 19:27 . 2010-11-11 19:27 -------- d-----w- c:\windows\system32\drivers\NSS
2010-11-11 19:27 . 2010-11-11 19:27 -------- d-----w- c:\program files\Norton Security Scan
2010-11-11 19:27 . 2010-11-11 19:27 -------- d-----w- c:\program files\NortonInstaller
2010-11-11 13:50 . 2010-11-11 19:26 -------- d-----w- C:\f10f57d3e087a7d99b8b
2010-10-31 04:23 . 2010-10-31 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-10-31 04:23 . 2010-10-31 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2009-06-01 17:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-06-10 07:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 02:15 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-07-18 1306624]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-17 864112]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-19 809488]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LegacyDrive"= a7be97e2eeb48fa6dc7dc2a74c138ddd2551b211e063feef447a295c74c4fd092c9bba4948fcba20863c519c8cf6f7682d48a99ee83f8cddb18fd49bf488e4bdd845b665c0277e0c18818ad0f04e956d0f1ec05c3413f1d8d14b5f8dee7a7c7ba1312453df611b24921ab636ec99d836fa8220947c6a612af498531efd0d8809dec1a1595f30c1f3db15421d9776a79c52e0d2191ef477ca6ed722d14e6fb594d89c10228f8c3701350f918d077aebeae53fc13db3c1b91cff667142e4ed7a882e02a410be0f7dc4305614ffbc3c03895ae8acc92a0dc23612040b0fa91e654c543807d4ae90af0af02ed628000387c36c437629de45ab16af4b717a9e65ab7dc89267c1d427b6e76f75ba54f8a600357ce810c0e4cd43bd6df2d54659df3bcbe42fb7587af1291b274d28214f6b51609f90df98fa438b7cc05a4f57f5a7e1775589754f562dd392ae020048156d1b224cbe850b5e6344ff265caa2011ef3107259daa5843549799a9e6d544baba7e1a02c20dbb75adc374f75d4a58229b9892bf430a17f9a55903e513bd1341989f5be289917117c587cf823c447826ae12dec0b5b6045b06a3e01ff46e036a35827b21e915f949d85a2fd1fcf97cb23fbccb3a858bb8a5ed9af5ee54e1ede4c01bcda7802b35ec76368fac0a3f649e255c0127a8bb6f7d00e3a60cfb3cfe19dad2e6a5a756d894c9658c0ed50d6d26a78e49b9b25d4c99946f2febedb3adce72e0373d3d72e83767efbb1dd9976ffc5b5f5bfc4afe75095588199d5b6dc2d655d4cf2639eb884c1e7b5c83a0bf6cf986764e82a2370a8ef905695824237061f629271d60589eec912b324b612e0d4cef13ec43890325c3cd3297e8c90eb6c536f9996e83792dbfb0d79ffb7d26cf59ddde5fbfa8c70acd9019381d56e1cfc93da64b2ebf4d11f0803a003e80b84a58949b824e1723f50add243e90686415855f4568ee3ba4adfb3b44007684bcdf46125a6da321f9676ce492376dca68603100821d17375e45a8a7e472285499626b90159eeac1b7591664979aed52bc9eca429077819090faab3c48d83f367f0b62d9af7481d0b5b7c29c91d495e5b0cee389546f9bce8139895e03587ae2b2d6a0d3f50e388d856369a67432707d6d04fa163d09d12592c2bb6803fd9f3a5106ea66ed1c3139ba2218db139772de10c8aa18ea054461ae4c915872451d916f9a77b1c1c8bfa9aadb5b95e378ece4302181ba37b50a9292360f2823cfa296a81692bd8f8ee1e60b7078a967ab1a0e9a2997f31d5442aef9d9a4f224ab72f70dfb4bbdd5764769318201e01c0fb2073845af711d6fead3fb0abbb9801ce177fcc7c361c31efc3fd23717fbb682979daa593b7900d880a7c2ee66b498b47797ecfe06e74d30b54b115439313f69c462c3abfd551663fe1ca54acd62ff039477bc11d99ab53c54787436fef0ea7e6b1960855986b00f89c9b5ddcd35008963e8cdb181093557314fa5885fc38e3c31c65e7e9655b0cd228cbfc119ec6921f1cad3b2151edbcd687041c3509f3a85416270a4dfdc4b7c63716fab3fd786c805703f5285d796e735b856b7d7e6dd3755a7201af052ee7d991d79629f30125f8bfe349748d4c4ea88b2f79769625b350d40a8dda8f821c91b39ceb2ca294b974d4c1bbb68a83eec3e27060bc13c26c96dc90caf36417161bf092e23cc25519cfa1070daadeb3d974bda5bbba8ac7021c0ba7c9eac1169e940cfd3e2d351da69aace9fa49b4f5af84c796b59ad04f961c66fd99fb3f2b131edb55d95ca3f91bc4831c06006343d989330a0aaebbe6c203fe1ef1ef5f069f2f0d770ed117f9271fe8b3d4ca32245dc44f4d843f37dbf4dd6147dc3a06d8f80d4d29fd392affa25b15444dc0ff76a7e25f8d91adf69eee4aacead1fce21b540fe1a73502dac9792a4d3c466528d8c6d63269bee13b93278c5a2f4d7c94f1b4bef9950bdad66113d20710273a2bced91ef250786863a7575524e0e658acc633ad6ccfce4b3e4e5d6184169ba5af61e634d932103acfaa39ebb6ea5be2aedff693dc0a7502a50963049c23b91ff54a728e8cfd6ff7826fb4d95f94d404a7159f9bf6b9cd869da51fb7e668801ac5978140abc16264fbde67a415412677127b95926aa8918978a904d5d4c4f41273111e9b05e7ab920ee3963338c16e5a29b13b4258540afee4204b52ecebcb9dadaa419afc1fb2b73bf62197f5d85f07a30fef367c37635e2d20e67a6b9fdee532b7a386e27dc51aa2800b1669deb587698b01ebf26ca94447caf714ebe06581534847a182fc949134a93dad3f0328e481f3cf1dc6b81e2034541f5137d9d1556064c6e5ef98f8999dd67b9252605b7e6fb8289d53dd0a89bc4f1615eec667cdb9550eb1cb5d561e60ceb0c65520ffead5a94d33fb2a49f2d3381257fd6114ad4c99ac84cc3ca27a694fae9a600b305bacd7298dc1ba8d6baf405461524f62f674b6d4dc830e0c91258946844d8e51b0324671b3729b7525d9705d7bdecefa3fe7b874fe157a51f2f728140f006814ede344f191aeb2fa91d0c9080f0cce01ea059a5cbecc0ca90420e3687eab5a3548032aef4a7ed2ab5fc61baf986497c9f71fb49ce66d7cc463ae82da0efbc19e836cf66ab3248f6517fe3ddad732fc6d3a4f9922aaa0843c2260a19e702cffaf6fbb5176f5d64cd4c0ebbc991ce097025bd817ee01ee8ede5be5a911832488b2075ab198f21fc623bc26b6a6d8d2041433cc67a53194adf9158e06373a94858530e4fe314ea98ac085b9cda11caf03e07c1c6ce5afcb756f9c2c06a72758a9f5a68eefaeff2d4b8a9fcc1abf1fd70c668845bc664dbb2ecb3ebcc008d5cbe96c6fe2d90486860e4c1de999f9978a62a2781b3cd241e627160301daab37babf53707023db4c65da55c788e81b9cc94a5e3c870e9e3f66a35cfc3905fc5c615652e583d91fe26531081e2904558383f63be041f3b10c209528d46d2375aad7314c9936782da8655a202bbef692c001a3bfef24fbc5d7041e33350c04f7050dddfbd4e4f4f7ddabd153ab0505da006f8a543ec16209ad1e85b0d4a48204f0f979aee46f4bb2905b1db011207a292ed0827a410d6597e75139efa5998bbdf3f6af46a39e9742e634bef1eb04985e9afe918ea86f29bc40f4fd754d2e8a759a509b1317bad984235fc7398ba127fcf4a0210340f1bce27f66a1dc3bc7fddc24c74549a482c68ece6d9121ffdc10f485f41d94e6a12d54bdacbce35e1e6a7a2bd7a893b77fa3dc13ce8010ecc0e4463b8d0ad5980bd5f1af8647cd0f069e75e13d84f4e10b8690bf8e47c51e71623e1e7454e7911318b03f53b840d3d7bc8798c0dce76acab36aee981fc53c1b83ce7f39d652d214bed1dfa0c09eb6b633fd15bf0c10e9995fb2e13d7688d4887a91700a1d8513a741a9d660373b9d4acdf8a6d079e18a111cfd9a08a4032cd9b853b6fbc47c3aad5dffa93aea323f72f5e807b159949f374694fbebec9b24b383df7dbaab65a895bb665883cb4c1ad64c24d2dbc6d6da7fce5a465d65d66de70b527801857b8ad335fd30477fef4e15b206b27cb4cb0b73d1fccf6564e0f03f65f4b3eb121660a361c17528dc748659dfbc005f1a8febabcc7686c1a90a53198ec4764f72dadf72dfd270aad945cbce82ee94114bd4b342cdbff2f3802e79acefff0c0afd9a4f22899bed722eb4600a0cbdce4471770fbc69543da67380e9fe39f808f7bdfeefe4482466fc3cf46fdb94cebfa40822bd51700e6413ba31b93b714576cbc917499f4f17f3714e2fa1bb0e776447054de55a2d074ae7bd3ff908cbc336dcfac789c8ae0ec50773eabcb212d4ecf91aab1562a98fa82d258d7d7529a06a800731bcf9baf7ea17668b321d9d7de74a46b86963518994a8cf2f8b057adfa95f146380276920aac5b7dbb806509572d1cf0bee27c8bf859eff2c814786584e631eb23b6f738988064d45e9cfd7a5543adbecc4f72f3df42574c038aa241df044e355dbebc5502ec01a5c37a8f53f478291156bd54e037755d6be2ca9b3d0bb4f4326d0ea22bb1ef37069237dfce3f68e62e00b87a2c1d64b113fb46cdb189aabfc3da5eebae13082b7088bc16d522ce82ee04e5fc47bf6e514638e19fab66846a6eebc67320ac45f4e4c9ee32bbd266520638a96d4501f1e625c0dafcbac5c39b09917778c98c0d5c6afa0cc0572cd39b79f33978fc5a70cb55952f85843410e6ff969c36936fb834e8c6ec2a8f714b3152e309fa2df333b1a8de9d2863901c31f31ff64bec9997823fff8690c79197481e4c6135b5b2f27e24c9c20cbe66e6ef69ab86feaccf91be0a1daf868fa84078e0a8bde33137c1019de71deb25bd8ff812f0433497fb990eb2f02951530f0456c0973d7738dca9c6d69ae2ffb98992bc6232eee85d008076249a2a5340706899b194d50590ccf1abf3e5d421e8114af799a7d4b48a99e40b31ddb0289d95daf1a97b478c75822e2117ba6fe18d752747f6a8819d0294cec3a8a5d92c179a7429eee6576aaf562bc171f5e12ad62c48093d2edfb23993e7f12e4143bd3ca9966797d0ba6d779b54ea5a236ae204ab80d6c5d50196fa15e157d6658105633bd3dac3b8be30bc22c4947394e21b78f4b7f90326e94f7d7fc545437d2559a6b597f6360cbb49e7402aed50952c24348d991ad84c98aeb2446086dafbeff8600fff2be37736795f0b9d18474753fad44c82f19c27931766569e6d3d8825c2c3a501d7c80e9cc01b26618da011712aa3bb98846c971d7fed14bc23c29672854b2970a3e2ce84a85825986094847bee7d4ae5c11a71b5c4f8637cd5cd0f3f795a3b79ce961c60c008246980751b0e32bb71cfe6fdd377ca00fca09ed5ce7968b9a1b0c76839db2a4e99c0a2ab778c51a6acbf83f073b9ebfacd862f6524fba7b92e02625b14326bb9d4a34ac8e300cdb017dd08c5c54b9aba26aa321100bf52d68206538d6f4aa9697e7269bf019e9508b9c673664f3bb20b73d510b08cb24201267d57a1e8924a6fc662d80877198f8c2a7f28a5751c16c68ea05fb1bd81ab3c11e69a5452c45b4238477b2dda73fae1690ba4ce1eb29e54715040be3e8cb7228cff877a75b54ea5ac27f403e3cf57088de03290e93443733c86ad5a5de19bd17758269d0bf8784f34fb32192f3e0ce11af5bb94fc9e18bd06337e5619a474dd87848cab1e038a8299631cc9651b0fdbac10127057114479a33be28ddb77bd8b7144ec814db7becc65bff2818eae2b0c91f59e17822f0ead4d62faa092811528b335f6cc2adc118621d2e6223cf078e7ba530179bcfc5fe4fee403e380223e9292cbe20b37ec98e4ffdd245e7319eadfb34cb1a35eaea8aeb290a605f534b61d13e2d3948838f01f80c23bc33dcaa349ba7298ec8eff12541278d4c8c670f29ff120da91f788b9eeaa51f7a17e48fa239c42528f44d058a5be66c51494bd7df9fe75aca39eff14996dbaa5def55c4f73c294141e13ed616ad4f69eefd1a004d324e7af91efb5f4f95103f478924171f89aa1f8e1cdc1aec1687f092cece738ac89f78f50e45471ff173c730bf9bcbe09a023b5e125b6d821a7a5e997933e4d1e2261b4b82334fdddfa175313e9db9dbf8e2e153bad5a36283030dc06e66c3ea701a648a00ed6f61f37aacbeb33ce56a43a6bac5e17ed158f7f0a062ba100500dfe1e96997b8504a0b5303e839432979c233f84d99f6e50aacd3d111e91d6da48bd9132e827b9c547fe95935a635e9c054c21139ecef9b77150bbd237fcfe764521e50704d539f9a1debbdb06d3b895087eddeee2854d51e249f1d0620f0f69fa5d1f88f4a7dace002b9311291acaa408f8ffd83845c4dec2095d163f799ded3660c7121deaa831bf4af82f3cad81bd516d832ed9885885945054d32864efc065de2667cdce1e6754e70b36647950b9249fe712faba04b94e1ef5cf920a4daf7fde41c5c4a18852a315402c519175cfe5a607ec5442b6928879da09b38555fee20bc7e1d59f008c0e8bbb2528cc89456a5e0b5a9cba644a199cee5826092c4c829101ce3ed11f14cf3dc1bd621c9dfc6f99d414f89168ad73953fc1aad127777db799f3d0a93fcb310fb3bbbba88a993a1d918b8fdc56775623ebbbc75be61fdaa8ac07afbef0ed2cf6760fe8a11d65489c1cd6e7248cab3cec2644776db24f0aab7e51a43224ec6e4dab0d270cf6dde96e13fd5fc81210326b187bc481af68213860113223843b34dc570069ef4ed20ef3abbd8cfa4eecf22cce6fa3aec83b4cc877731a4885e6292121c0d83f585205ba218be3c7447f28d5c6368c49c661d074a5ebffc269d0f33464321c1010a97dd63edbf777704ecac28379591f91212d7f15e33d93500c6d3cecb15443e0fd424b93c582044462dbdca1a9bf5e8bd6b15c576187b6f5c4e2592b02c709428ef35d00686f0bd589646559812f24f65fb865e2d100f1518cfac1e8ee9cc174e235d5dc05011a5406fb6ed453f232c9f2df4e0aac76c1760d71fbac5bf8570741a66bb2c9b1a437e885d0fef96730106a58ce21b63c10ce933b8e236c68216011a03cfdaeb580ebf9cc8a1db004104743592ce6cdc7f78049b25a2d038521564c995195bd7259bcbdf0a5d2d3e173ba5ebbbca1a339965314999d08d2089880705b5a52faffe5803633d6502974fd57dd394bd762e1f14b13eac63f1a63e96537a4a8e6bc3ca1f6dc2b27ab2651e80fde4d27cc732aad1f0704a3f3a80efcc0f931904eb50c11d5443a40628cd3617c0935ec082004856ab06f2eedebb5bc6564e8871268f166c892d5db4d9a368a036e1df0c784f651186edcf27cafc118891fcde4f2bea77423c3093762b27e5ab5c3658d9bd0470bf97268d457679c3d4c385cab3718199c300ed0e73f57df44cb05170e55ed124865c0c7dec5785b2eeef63ac7c0e9677176f110cf6dd80466feb211ab2786e48db77e4ab283a47594f355a28fc0f3f838fbdbb4f1529783ba8f542f4a61967e5f5f2a57524a5c27ee926b83821c3a0f3543489e9a1de29b85ff98a71c43ed833197485231cfbb5656121517e33c65fcf40650a6f8345623136c5665c04855f3bbaa7bdf1e505ef8caa8834008e522a170522adb0ae685c1b4199da5c4f71f11ee73ffb767fdbcab4a57e5d03ba4c5dc904bc1dad11cd933244634dc3ff9502aade333dcc454ff5cd8a0c742aec4a11a334dfd676e7635e7b49164191ba87cfd3063931bed2c7ec6e592a1a2c2eb0564f13eabd99c60212ad95c529d5e2118a22003363bc31939a1833ce98d0ef4f8f84232e576394221c583fb71a6b23993eb1c8c24d2dc32c1911a436c328c2c32a13d5e0b048e47024a7a8296071e4b5f7f7835f5006f1f0d76c21364e5392752e329dcde78fde0954bd897d6941da83fc585bc65706f82c86577f7051a49e44e51b7a818f40a37134496635f32915bfd0d2671845ec4201510bc4d90d50bcd08c474287547d3e59ca934ad65863a0b3c6d7f891ef987aa4eee586e9d6cdc27e9698688e45d38ff163f654425b17232557763d74b2eb3c7163b83b57001f7444057de1a64399136aebd1d842c49a4afad04003798808aaac37fe4dab84cb7f00adbbb1352316f18226b0ca59501b7962a4cfa9fd24675334791d1a5a0bcf68e22c17e6e5ad26996685512459e2d61114a3b4388cf245718fb55ea2c9445269834befa863757cf8dd2b374b844c836b1dcb781c50357a3981f86d218b6bd71afd7e78fbdb674b14596a9d1e6ec3aa60ec11a266a589249a1119011418d42c7f913e4870a32d7fef8a8f27385831ce604df861b3319cea7a1d8b5c3184ff74dcf6d13d3ea54f5a8410ed137627b5298d98ef461afb9aebf30a6d5c5f1283d031271a15bc1854510ffeed920a7b2a1d4ac82d395a23440018073373ebca4b6a78e176e832413846b36c20288544910b8f80523eb5e1471cc9618a8a4d737df7c1666cd82d7e839af4411b1a67c507fde2d6cd903650e589aa580abe437b48d06c288f4661c488c585fdd7563fa3fc5e65c9b6a0ce55197d1f25741e6bf0822a78bbb044df79a3c65b0b175804d46af2d7a69862457cbb8c41bd4e2c0fdef8a155429623ffdfacbacfd6299716738163b80bf4989227b9578195e43eba06596f3bea9322b313fe3fe49889a699c10be02fab6c73aa40e08dfb803cce4f0c1a5658cd101e68d86fedc2499806e6a10807c5164a6e1dbe21bf58a52985617d7c4e96616bce71bba9af36d25773c2f432e258b28d187c697685bc37592cfc97d6f998534be8c53204369b9356cf734903356386846907241667150620d99c38a53cf43df129814274908c93abed906b7e8baf88af70be96c3fa504a43a091ccea64a0c2b4d5a09e937737aa41eb6092c2212fa89be68bb3cfbedbdc8e3cf8371391bf84467de0657b88a6452c79cb02e377cbd3da5a52e6bdb0544c347a7f4c635ab8f3d9615e5b8e8125771dc1fb8f59560edacaf9509698049b7409d4cd897a0646e802940b94623ad9f46490c5101e8042c6fe674dd9503acc9595fdcac963ccc806c06cea0d990f12d8efba178b1fbaf8b02adea2b69d97c6b043910de6916914c8ca634a9e399b847c8efec4a1e0c735c370ec4a3f55e74f03085b83a5842254a5cd9bbb7caad22153711336ae15cbae1933b7bc3c94c9573a215e85fd7c13f832fb6aba4e29c3e56c5439d7ec042120f81dedc17722dcaffe97a080e9fec38306463c4f611a373ddbdb43bd3348856f7a4df98a19a6800a22d298dcd792053b5502bcdd9b92b25753e6752923caefd52fcb25f182022c317e3d6e820a24da7b89b5ad56ef51a6b6b0129e44bc016e72ba51426049cf286374a4d80699704c7906aec2b4eb3c5bd7eaf6d340d67548f0cb37a30fc031df2f98760f8b90fb384c903a86df316fb1462d6cf9a08813a503d1b046fa9bdac0a6330ac405abafeb6f538df44f66dd3efa49ae918294f40f23980ca39f4db50220e59b78d2d14ec8182925896dbfcfc453ec9f3864f5f1e8223ca6455f7a6051222402b0748f8c243d1ea8a5699cd6b58e91a082da7719606c939ef2b0f87e2f8f242ce26d7846f4c8943f7a6e6306114d8df02f466882961d6cecf48d6eb5f1b0d7a5c699ca499c1a594e6c70e2aee8682f46008b95a4d24fa18d198def1f65756a2d524ef16fe6055d81b2116cdcf83a923e443af85a68a78918a06c98b143ff6dd53f729a9947df5643f292d47389b00924eb5dacf71fc385a1f41bb2120807ba973089d5188dc28dbaf5a1428d11aa4435e19f6a18617d9a8ac3dde6d1803b2c2ec51ab7059e4a0c112f4feb242011418c63959bfae2dbe13681fc79836db658d31a41a798d6f5d061e4f40121b31500423c9bd5c7dccbb8ea460271103d06eb3fd85ab2f30320f01fb4e86793dc7970f60f58cf697ccd4f3e86357a5705c61e5cc2e754bf6e20ac23a5ff70e5b302db1e187a410b48296d2eaaeec89dec9f59482cd5e43f6295f3d5952321fde7ac966239fc08fbfc8917c1a8c071a82d3f5417be027dc56d190994905dce7022da5057e7db130523ef0249c2c0590a18501c7b55f72b85b3e9c20aee606fe006e3947c096c4dca15a83b9f8c8216f660edcd4b8d788f90bd8d75c34a5d75f5fcabcf9f517eae0acc43b08b75a94e98cb146eb84128b2cd23349c8b5a2ea58f26768b882e5a70d8802080785883b64cfca54b6408a22652b1abcf794c25c8fa06271b44a58ef5458a4ea098d4a639a21f862b6c56ee9443cec0957ed5f5aa4864f960c39b91697bc04f20895366ab594688595a177f79bb7fd48423180336945e84c62ce37e6464e74348b33e8aed8598db717d1c47ccce1461fa64b5d1554cdd254cc9afb2c92a41190b29a6b0be074f179d710ddbc4082bfb0d6abc460c80d377a5edd4800e05a0d41b45ec608c63365132ca74ec60a635b21b47823f0133b7c414a533e1b99104a6d81fea7cb4529bbbc420005aa4ca417bc820236f074bf87a793d72364e5856dd1fe62a3032bd0b4fef099527cb5d447eabc090cb4569498c2574f7642c76b1aa9da9f75f42285c7340440b54969639bd9eeb50e23f5fd5a17d474f873612714bfdaeb809b28930e9b65663d569bcf19bacf575ca23ed1d9abe6d41b43486f49026d174c3e27e434da99fdd85ef951bd4d95893ab2143ad9fdff5eff0df27f05d08e69484d85777fbf29d8b359f5ec5619fb4832ef7b01a021b427faeefa8f537109d665c999a2ca77322b6f0742fb47f36df13cc4248c6b7a7966902e32ffbff61cbc5609a1302f249dfb991a2c6eae8a144a988e01d63e03acf4c50808dc57b3256e240255c6a7158d122b9a0ea08d88443b4310eeb89dd07fcc4b4bc4202096c8a81553f53091e37b38e8d8f50121a94ae8fcaad2f3cf333bbbaa013faa28e1d0a571983030067503b6b7d8bc2bb9f156f0f8ca44f7ae88aa2735edcd021922c88572b4814f71dcdc0638032ff7ef85f5fc14b6c6a31222868c1619dd131e6ce82f52f7712f9a984dd633637217a0cb66ef37e3c6181f478b38b2f48d58265d45976dbad72059a4505904df2c5d6f771bad690e0422b3744b276178502483fe383d0552ef3dd4bc6dcd425539eaac18a32c965a3c78cda6c1e8ba6149692b722aca43c0c1c06e53092d9ab56ca2a59fd92211d11629ff4258ec5b7911e3543b09850f66b0529c1db2172925cd6e758fdf848898441fa1cd5edf717375dac38625c2f00abfc6aead7be0b4e05a1fa544c655da62756d629c90fe4763151f13ab797e939c92acdb8bb5bb8a281b0b50f98a61ad073139fbd6d35eae9b28b7dbaa8064f72ea909e11c136ac4236a3239757b242b83de9451f139dea69b8073e4216b7f9da326ca86c94adc16070c65501fb4dcdce751655d00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless LAN Utility.lnk
backup=c:\windows\pss\Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^default^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^default^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\default\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 12:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 14:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
2003-10-14 16:36 38984 ----a-w- c:\progra~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 19:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 21:16 393216 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-01-05 17:27 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-28 16:21 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by dreame277232 on Sat Nov 13, 2010 5:33 am

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\mainapp.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\ToGo Game\\Pearl Harbor Zero Hour\\phz.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Blubster\\Blubster.exe"=
"c:\\FarmHelper\\FVBot.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Disabled:DHCP Discovery Service
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/26/2009 8:20 AM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/22/2008 8:50 PM 114768]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 7:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2008 8:50 PM 20560]
R2 EAPPkt;LevelOne EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/12/2008 11:22 AM 38144]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [7/25/2008 1:34 PM 18944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2/17/2010 10:04 AM 668912]
S2 gupdate1ca42a8f378235a;Google Update Service (gupdate1ca42a8f378235a);c:\program files\Google\Update\GoogleUpdate.exe [10/1/2009 10:07 AM 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 RTL8187B;LevelOne WNC-0301USB;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 14:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 14:32]

2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 15:07]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 15:07]

2010-11-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-11-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-11-13 c:\windows\Tasks\User_Feed_Synchronization-{FD6265BC-5D6F-4D84-A120-2882DCA353A3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\[You must be registered and logged in to see this link.]
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - [You must be registered and logged in to see this link.]
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - [You must be registered and logged in to see this link.]
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - [You must be registered and logged in to see this link.]
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\default\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\default\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\default\Desktop\courtneys new pix\kSolo\npAVX.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-befuljak - c:\documents and settings\default\Local Settings\Application Data\cfoheprnv\kglyrlutssd.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
MSConfigStartUp-S3Trayp - S3trayp.exe
MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero 7\InCD\NBHGui.exe
MSConfigStartUp-VTTimer - VTTimer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-13 00:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1123561945-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AB868E6-24FA-366D-7C8D-8EF3E060158B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jagacelnpfgbdhdgbflh"=hex:62,61,6b,63,00,00
"jagacelnpfgbdhdgbfhh"=hex:62,61,6e,6a,00,00
"iagbnhkecjckmnflbi"=hex:6b,61,70,6a,62,67,67,69,67,63,6e,6e,70,61,63,6b,68,62,
62,68,6c,63,00,00

[HKEY_USERS\S-1-5-21-1547161642-1123561945-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B6D64684-95BC-6D77-83E8-6609A4B89734}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialncclojeleocbodj"=hex:6a,61,61,65,6e,69,62,65,6c,63,66,6b,62,6d,6f,6e,6e,6d,
65,61,00,f2
"hajoijmjhfoaanee"=hex:6a,61,61,65,6e,69,62,65,6c,63,66,6b,62,6d,6f,6e,6e,6d,
65,61,00,d0

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2010-11-13 00:30:33
ComboFix-quarantined-files.txt 2010-11-13 05:30
ComboFix2.txt 2008-11-23 00:50
ComboFix3.txt 2008-11-23 00:21

Pre-Run: 140,605,169,664 bytes free
Post-Run: 140,663,623,680 bytes free

- - End Of File - - 63A7E16BF9359886F921C1C9C2F8ABC3

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24431
# Likes # Likes : 0

View user profile

Back to top Go down

Re: not sure what i have virus/trojan/malware HELP

Post by Belahzur on Sun Nov 14, 2010 12:09 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LegacyDrive"=-

    RegNull::
    [HKEY_USERS\S-1-5-21-1547161642-1123561945-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AB868E6-24FA-366D-7C8D-8EF3E060158B}*]
    [HKEY_USERS\S-1-5-21-1547161642-1123561945-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B6D64684-95BC-6D77-83E8-6609A4B89734}*]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum