Virus/spyware problem black destkop

View previous topic View next topic Go down

Virus/spyware problem black destkop

Post by karim_mo on 10th January 2011, 12:34 pm

Hi,

My destkop has dissapeard a have a black background and my start button is also gone. When I check my taskmanager there are a few processes active (csrss.exe, dwm.exe, and 3 more). I think I'm infected with a virus or a spyware. Here's a hijackthislog thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:33:37, on 10/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Safe mode

Running processes:
C:\Windows\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll
R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll
O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Users\Brahim\Desktop\Athan\Athan.exe
O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MFARestart] "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\Program Files\DivX\Symantec\scstubinstaller.exe /runonce
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Firewall Administrating] C:\Users\Public\infocard.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Windows System Guard] C:\Users\Public\msnl.exe
O4 - HKCU\..\Run: [MSNUpdateServices] C:\Users\Public\S-3685-5437-5687\minsfot.exe
O4 - HKCU\..\Run: [WinMSDNControl] C:\Users\Public\D-2785-7947-8747\wincdsvn.exe
O4 - HKCU\..\Run: [hoodir] C:\Users\Brahim\AppData\Roaming\Microsoft\jofufusso.exe
O4 - HKCU\..\Run: [WindowsDriverControl] C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe
O4 - HKCU\..\Run: [MSConfig] C:\Users\Brahim\iyekq.exe \u
O4 - HKCU\..\Run: [syncman] c:\users\brahim\wuaucldt.exe
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 0bwblww.exe
O4 - Startup: 0e0zuup.exe
O4 - Startup: 2ppkzzu.exe
O4 - Startup: 5ggbglg.exe
O4 - Startup: 5h6rrm2.exe
O4 - Startup: aalgvlvvllg.exe
O4 - Startup: agav5all.exe
O4 - Startup: brggww2r.exe
O4 - Startup: bwwr1lggbrg.exe
O4 - Startup: c7xsxsc0.exe
O4 - Startup: cmmmscmm6.exe
O4 - Startup: cr9m0hccx1r.exe
O4 - Startup: f7kka6vppk.exe
O4 - Startup: g2wrgg1rrl.exe
O4 - Startup: g6bvvq6lgg.exe
O4 - Startup: gaqqg5vla.exe
O4 - Startup: ggbbgqlg.exe
O4 - Startup: gqllv0avlv.exe
O4 - Startup: grwrllg6rlw.exe
O4 - Startup: gvlla6vqqla.exe
O4 - Startup: k4q2aqq8.exe
O4 - Startup: l1r4llgw.exe
O4 - Startup: l6lggllg.exe
O4 - Startup: lgvvql5q2a.exe
O4 - Startup: lgwqllgww.exe
O4 - Startup: llalaav2a0.exe
O4 - Startup: nhxxnnhh.exe
O4 - Startup: peuu1e0zppj.exe
O4 - Startup: q1gvvlqvqgv.exe
O4 - Startup: qagaqqav6gg.exe
O4 - Startup: ql6lggbqqv.exe
O4 - Startup: qq6v5all.exe
O4 - Startup: qqllgl21.exe
O4 - Startup: qvql9vl1g.exe
O4 - Startup: v1qqvfqqfv.exe
O4 - Startup: v6va37va.exe
O4 - Startup: v7lv8gv9g8.exe
O4 - Startup: va1aaqqav6.exe
O4 - Startup: vbv1b97l.exe
O4 - Startup: vvq6lggbq.exe
O4 - Startup: w0bwblwwlb.exe
O4 - Startup: wq6lggbr.exe
O4 - Startup: xx0cxxh6c5.exe
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

--
End of file - 10154 bytes

karim_mo
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-01-10
OS OS : windows7
Points Points : 21743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by Sneakyone on 10th January 2011, 4:17 pm

Hi, Welcome to GeekPolice.net!

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by karim_mo on 10th January 2011, 4:48 pm

ok thanks for the help here are the notes:

Extras Log:


OTL Extras logfile created on: 10/01/2011 17:34:41 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Brahim\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000813 | Country: BelgiŰ | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 271,54 Gb Free Space | 91,09% Space Free | Partition Type: NTFS
Drive E: | 971,23 Mb Total Space | 144,22 Mb Free Space | 14,85% Space Free | Partition Type: FAT

Computer Name: BRAHIM-PC | User Name: Brahim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{11005483-57F9-400C-BF9F-CBC47540705A}" = Windows Live Photo Gallery
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{62012DD0-5B43-464C-BC62-68DE5B1B73DE}" = Windows Live Movie Maker
"{66867BB8-FBC5-450B-8533-C6BE2C9C4068}" = Windows Live Family Safety
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.9.462
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CD19EDD9-1632-4002-9212-7478E4BA0423}" = Windows Live Sync
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E51109E7-3818-4BC2-B3FD-A59AC2378A2B}" = Windows Live Toolbar
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Athan" = Athan Basic 3.9
"AutocompletePro3_is1" = AutocompletePro
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX Setup
"Google Chrome" = Google Chrome
"MyWebSearch bar Uninstall" = My Web Search (Smiley Central)
"PHPNukeDU Toolbar" = PHPNukeDU Toolbar
"Raptr" = Raptr
"RealPlayer 12.0" = RealPlayer
"ToggleDU Toolbar" = ToggleDU Toolbar
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/01/2011 7:54:19 | Computer Name = Brahim-PC | Source = Winlogon | ID = 4103
Description = Het activeren van de licentie van Windows is mislukt. Fout 0x00000000.

Error - 10/01/2011 7:59:07 | Computer Name = Brahim-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7600.16450,
tijdstempel: 0x4aeba271 Naam van module met fout: msvcrt.dll, versie: 7.0.7600.16385,
tijdstempel: 0x4a5bda6f Uitzonderingscode: 0xc0000005 Foutoffset: 0x00023e3d Id van
proces met fout: 0x9e0 Starttijd van toepassing met fout: 0x01cbb0bdc6f53298 Pad
naar toepassing met fout: C:\Windows\Explorer.EXE Pad naar module met fout: C:\Windows\system32\msvcrt.dll
Rapport-id:
069f23f3-1cb1-11e0-8834-001e33f3baef

Error - 10/01/2011 8:05:59 | Computer Name = Brahim-PC | Source = Winlogon | ID = 4103
Description = Het activeren van de licentie van Windows is mislukt. Fout 0x80070005.

Error - 10/01/2011 8:16:35 | Computer Name = Brahim-PC | Source = Winlogon | ID = 4103
Description = Het activeren van de licentie van Windows is mislukt. Fout 0x80070005.

Error - 10/01/2011 8:16:39 | Computer Name = Brahim-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7600.16450,
tijdstempel: 0x4aeba271 Naam van module met fout: msvcrt.dll, versie: 7.0.7600.16385,
tijdstempel: 0x4a5bda6f Uitzonderingscode: 0xc0000005 Foutoffset: 0x00023e3d Id van
proces met fout: 0x6c8 Starttijd van toepassing met fout: 0x01cbb0c0397a5b89 Pad
naar toepassing met fout: C:\Windows\Explorer.EXE Pad naar module met fout: C:\Windows\system32\msvcrt.dll
Rapport-id:
7940dd67-1cb3-11e0-a305-001e33f3baef

Error - 10/01/2011 8:23:04 | Computer Name = Brahim-PC | Source = VSS | ID = 8193
Description =

Error - 10/01/2011 8:28:22 | Computer Name = Brahim-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: explorer.exe, versie: 6.1.7600.16450,
tijdstempel: 0x4aeba271 Naam van module met fout: msvcrt.dll, versie: 7.0.7600.16385,
tijdstempel: 0x4a5bda6f Uitzonderingscode: 0xc0000409 Foutoffset: 0x00028b8b Id van
proces met fout: 0xda0 Starttijd van toepassing met fout: 0x01cbb0c1de08c74a Pad
naar toepassing met fout: C:\Windows\explorer.exe Pad naar module met fout: C:\Windows\system32\msvcrt.dll
Rapport-id:
1caf42a7-1cb5-11e0-a305-001e33f3baef

Error - 10/01/2011 8:30:06 | Computer Name = Brahim-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7600.16450,
tijdstempel: 0x4aeba271 Naam van module met fout: msvcrt.dll, versie: 7.0.7600.16385,
tijdstempel: 0x4a5bda6f Uitzonderingscode: 0xc0000409 Foutoffset: 0x00028b8b Id van
proces met fout: 0x438 Starttijd van toepassing met fout: 0x01cbb0c213878871 Pad
naar toepassing met fout: C:\Windows\Explorer.EXE Pad naar module met fout: C:\Windows\system32\msvcrt.dll
Rapport-id:
5acc9f6c-1cb5-11e0-9d00-9b39c28c414b

Error - 10/01/2011 12:30:24 | Computer Name = Brahim-PC | Source = Winlogon | ID = 4103
Description = Het activeren van de licentie van Windows is mislukt. Fout 0x80070005.

Error - 10/01/2011 12:30:26 | Computer Name = Brahim-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7600.16450,
tijdstempel: 0x4aeba271 Naam van module met fout: msvcrt.dll, versie: 7.0.7600.16385,
tijdstempel: 0x4a5bda6f Uitzonderingscode: 0xc0000005 Foutoffset: 0x00023e3d Id van
proces met fout: 0x730 Starttijd van toepassing met fout: 0x01cbb0e3aefbc9f5 Pad
naar toepassing met fout: C:\Windows\Explorer.EXE Pad naar module met fout: C:\Windows\system32\msvcrt.dll
Rapport-id:
edc5f9f7-1cd6-11e0-88a2-001e33f3baef

[ Media Center Events ]
Error - 19/04/2010 5:16:11 | Computer Name = Brahim-PC | Source = MCUpdate | ID = 0
Description = 11:16:10 - Fout bij verbinden met internet. 11:16:10 - Kan geen
contact maken met server..

Error - 19/04/2010 5:16:21 | Computer Name = Brahim-PC | Source = MCUpdate | ID = 0
Description = 11:16:16 - Fout bij verbinden met internet. 11:16:16 - Kan geen
contact maken met server..

Error - 5/05/2010 3:32:55 | Computer Name = Brahim-PC | Source = MCUpdate | ID = 0
Description = 9:32:54 - Fout bij verbinden met internet. 9:32:54 - Kan geen contact
maken met server..

Error - 5/05/2010 3:33:28 | Computer Name = Brahim-PC | Source = MCUpdate | ID = 0
Description = 9:33:24 - Fout bij verbinden met internet. 9:33:24 - Kan geen contact
maken met server..

Error - 2/11/2010 17:37:09 | Computer Name = Brahim-PC | Source = MCUpdate | ID = 0
Description = 22:37:08 - Fout bij verbinden met internet. 22:37:09 - Kan geen
contact maken met server..

Error - 2/11/2010 17:37:56 | Computer Name = Brahim-PC | Source = MCUpdate | ID = 0
Description = 22:37:52 - Fout bij verbinden met internet. 22:37:52 - Kan geen
contact maken met server..

Error - 8/11/2010 11:46:46 | Computer Name = Brahim-PC | Source = MCUpdate | ID = 0
Description = 16:46:46 - Fout bij verbinden met internet. 16:46:46 - Kan geen
contact maken met server..

Error - 8/11/2010 11:46:58 | Computer Name = Brahim-PC | Source = MCUpdate | ID = 0
Description = 16:46:52 - Fout bij verbinden met internet. 16:46:52 - Kan geen
contact maken met server..

Error - 14/11/2010 17:19:32 | Computer Name = Brahim-PC | Source = MCUpdate | ID = 0
Description = 22:19:32 - Fout bij verbinden met internet. 22:19:32 - Kan geen
contact maken met server..

Error - 14/11/2010 17:19:43 | Computer Name = Brahim-PC | Source = MCUpdate | ID = 0
Description = 22:19:37 - Fout bij verbinden met internet. 22:19:37 - Kan geen
contact maken met server..

[ System Events ]
Error - 10/01/2011 8:31:40 | Computer Name = Brahim-PC | Source = Service Control Manager | ID = 7001
Description = De TCP/IP NetBIOS Helper-service is afhankelijk van de Ancillary Function
Driver for Winsock-service, die vanwege de volgende fout niet kan worden gestart:
%%31

Error - 10/01/2011 8:31:40 | Computer Name = Brahim-PC | Source = Service Control Manager | ID = 7001
Description = De Network Store Interface Service-service is afhankelijk van de NSI
proxy service driver.-service, die vanwege de volgende fout niet kan worden gestart:
%%31

Error - 10/01/2011 8:31:40 | Computer Name = Brahim-PC | Source = Service Control Manager | ID = 7001
Description = De Workstation-service is afhankelijk van de Network Store Interface
Service-service, die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 10/01/2011 8:31:40 | Computer Name = Brahim-PC | Source = Service Control Manager | ID = 7001
Description = De IP Helper-service is afhankelijk van de Network Store Interface
Service-service, die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 10/01/2011 8:31:40 | Computer Name = Brahim-PC | Source = Service Control Manager | ID = 7001
Description = De Wrapper en engine SMB mini-redirector-service is afhankelijk van
de Omgeleid bufferingsubsysteem-service, die vanwege de volgende fout niet kan
worden gestart: %%31

Error - 10/01/2011 8:31:40 | Computer Name = Brahim-PC | Source = Service Control Manager | ID = 7001
Description = De SMB 1.x mini-redirector-service is afhankelijk van de Wrapper en
engine SMB mini-redirector-service, die vanwege de volgende fout niet kan worden
gestart: %%1068

Error - 10/01/2011 8:31:40 | Computer Name = Brahim-PC | Source = Service Control Manager | ID = 7001
Description = De SMB 2.0 mini-redirector-service is afhankelijk van de Wrapper en
engine SMB mini-redirector-service, die vanwege de volgende fout niet kan worden
gestart: %%1068

Error - 10/01/2011 8:31:40 | Computer Name = Brahim-PC | Source = Service Control Manager | ID = 7001
Description = De Network Location Awareness-service is afhankelijk van de Network
Store Interface Service-service, die vanwege de volgende fout niet kan worden gestart:
%%1068

Error - 10/01/2011 8:31:40 | Computer Name = Brahim-PC | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: AFD CSC DfsC discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Error - 10/01/2011 8:33:29 | Computer Name = Brahim-PC | Source = DCOM | ID = 10005
Description =


< End of report >

karim_mo
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-01-10
OS OS : windows7
Points Points : 21743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by karim_mo on 10th January 2011, 4:51 pm

OTL log

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000813 | Country: BelgiŰ | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 271,54 Gb Free Space | 91,09% Space Free | Partition Type: NTFS
Drive E: | 971,23 Mb Total Space | 144,22 Mb Free Space | 14,85% Space Free | Partition Type: FAT

Computer Name: BRAHIM-PC | User Name: Brahim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/10 17:28:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brahim\Desktop\OTL.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/02 16:46:04 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


========== Modules (SafeList) ==========

MOD - [2011/01/10 17:28:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brahim\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/24 09:41:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/02 16:46:04 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/10 22:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2010/04/02 16:46:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/10 12:36:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/01/10 12:51:31 | 000,001,093 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (ToggleDU Toolbar) - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (PHPNukeDU Toolbar) - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ToggleDU Toolbar) - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PHPNukeDU Toolbar) - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleDU Toolbar) - {3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - C:\Program Files\ToggleDU\tbTogg.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDU Toolbar) - {46735DEE-F862-49D1-876D-6382794DC625} - C:\Program Files\PHPNukeDU\tbPHPN.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Athan] C:\Users\Brahim\Desktop\Athan\Athan.exe ([You must be registered and logged in to see this link.]
O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MFARestart] C:\ProgramData\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Firewall Administrating] C:\Users\Public\infocard.exe ()
O4 - HKCU..\Run: [hoodir] C:\Users\Brahim\AppData\Roaming\Microsoft\jofufusso.exe ()
O4 - HKCU..\Run: [MSConfig] C:\Users\Brahim\iyekq.exe ()
O4 - HKCU..\Run: [MSNUpdateServices] C:\Users\Public\S-3685-5437-5687\minsfot.exe ( )
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Raptr] C:\Program Files\Raptr\raptrstub.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [syncman] c:\users\brahim\wuaucldt.exe ()
O4 - HKCU..\Run: [Windows System Guard] C:\Users\Public\msnl.exe ( )
O4 - HKCU..\Run: [WindowsDriverControl] C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe ( )
O4 - HKCU..\Run: [WinMSDNControl] C:\Users\Public\D-2785-7947-8747\wincdsvn.exe (*)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [NSSInstallation] C:\Program Files\DivX\Symantec\scstubinstaller.exe (Symantec Corporation)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0bwblww.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0e0zuup.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2ppkzzu.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5ggbglg.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5h6rrm2.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aalgvlvvllg.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\agav5all.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brggww2r.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bwwr1lggbrg.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c7xsxsc0.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cmmmscmm6.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cr9m0hccx1r.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f7kka6vppk.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g2wrgg1rrl.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g6bvvq6lgg.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gaqqg5vla.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ggbbgqlg.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gqllv0avlv.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grwrllg6rlw.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvlla6vqqla.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k4q2aqq8.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l1r4llgw.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l6lggllg.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lgvvql5q2a.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lgwqllgww.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llalaav2a0.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nhxxnnhh.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\peuu1e0zppj.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\q1gvvlqvqgv.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qagaqqav6gg.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ql6lggbqqv.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qq6v5all.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqllgl21.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qvql9vl1g.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v1qqvfqqfv.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v6va37va.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v7lv8gv9g8.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\va1aaqqav6.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vbv1b97l.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vvq6lggbq.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w0bwblwwlb.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wq6lggbr.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xx0cxxh6c5.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

karim_mo
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-01-10
OS OS : windows7
Points Points : 21743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by karim_mo on 10th January 2011, 4:55 pm

C:\RECYCLER\S-1-5-21-2795765802-6752719170-392707653-6413\yv8g67.exe) - C:\RECYCLER\S-1-5-21-2795765802-6752719170-392707653-6413\yv8g67.exe (JRg)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7992290727-5219543294-628079366-8947\yv8g67.exe) - C:\RECYCLER\S-1-5-21-7992290727-5219543294-628079366-8947\yv8g67.exe (JRg)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7725566907-8968392825-591209115-2593\yv8g67.exe) - C:\RECYCLER\S-1-5-21-7725566907-8968392825-591209115-2593\yv8g67.exe (JRg)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3920387100-0783316369-313288211-7464\yv8g67.exe) - C:\RECYCLER\S-1-5-21-3920387100-0783316369-313288211-7464\yv8g67.exe (SZWPECB1)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8914496216-9341006184-746476430-8243\yv8g67.exe) - C:\RECYCLER\S-1-5-21-8914496216-9341006184-746476430-8243\yv8g67.exe (SZWPECB1)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8120189390-0015678665-026725531-7227\yv8g67.exe) - C:\RECYCLER\S-1-5-21-8120189390-0015678665-026725531-7227\yv8g67.exe (AFZuu2)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8847668384-8999398976-735235586-1723\yv8g67.exe) - C:\RECYCLER\S-1-5-21-8847668384-8999398976-735235586-1723\yv8g67.exe (SZWPECB1)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6521341853-1628904454-716810124-2712\yv8g67.exe) - C:\RECYCLER\S-1-5-21-6521341853-1628904454-716810124-2712\yv8g67.exe (IhAP4cO3V)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-2941411910-4878372867-591091694-8341\yv8g67.exe) - C:\RECYCLER\S-1-5-21-2941411910-4878372867-591091694-8341\yv8g67.exe (IhAP4cO3V)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0325902117-9265625888-771119061-3174\yv8g67.exe) - C:\RECYCLER\S-1-5-21-0325902117-9265625888-771119061-3174\yv8g67.exe (SZWPECB1)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Brahim\AppData\Roaming\juzjf.exe) - C:\Users\Brahim\AppData\Roaming\juzjf.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{81283903-38e4-11df-ab86-001e33f3baef}\Shell - "" = AutoRun
O33 - MountPoints2\{81283903-38e4-11df-ab86-001e33f3baef}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 17:31:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brahim\Desktop\OTL.exe
[2011/01/10 13:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/10 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/06 20:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/12/31 18:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/12/31 18:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2010/12/31 18:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/12/27 21:39:50 | 000,122,947 | ---- | C] (Microsoft Corporation) -- C:\Users\Brahim\AppData\Roaming\jxbpwd.exe
[2010/12/27 20:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/12/27 20:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/12/27 18:45:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/11/08 03:13:22 | 002,944,904 | ---- | C] (Ask) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[3 C:\Users\Brahim\AppData\Roaming\*.tmp files -> C:\Users\Brahim\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/10 17:34:36 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/10 17:34:36 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/10 17:34:36 | 000,014,656 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2011/01/10 17:34:36 | 000,004,716 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2011/01/10 17:30:25 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 17:29:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/10 17:29:52 | 2312,101,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/10 17:28:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brahim\Desktop\OTL.exe
[2011/01/10 13:31:26 | 142,274,667 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/10 13:23:31 | 000,002,969 | ---- | M] () -- C:\Users\Brahim\Desktop\HiJackThis.lnk
[2011/01/10 13:03:08 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/01/10 13:03:08 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/01/10 13:03:07 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 13:03:07 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 12:58:50 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job
[2011/01/10 12:52:25 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/01/10 12:51:31 | 000,001,093 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/09 03:03:41 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/01/07 16:26:49 | 000,197,349 | ---- | M] () -- C:\Users\Brahim\AppData\Roaming\data.dat
[2010/12/28 14:10:07 | 000,000,001 | ---- | M] () -- C:\Users\Brahim\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/12/27 21:39:51 | 000,122,947 | ---- | M] (Microsoft Corporation) -- C:\Users\Brahim\AppData\Roaming\jxbpwd.exe
[2010/12/27 09:16:23 | 000,000,208 | ---- | M] () -- C:\Users\Brahim\Desktop\Google.url
[2010/12/20 09:00:54 | 005,641,227 | ---- | M] () -- C:\Users\Brahim\Documents\George Wassouf, Ya Habibi ( Lelit Wada3).mp3
[2010/12/15 15:57:24 | 004,078,895 | ---- | M] () -- C:\Users\Brahim\Documents\Chaabi 2010 Watra Harimo.mp3
[3 C:\Users\Brahim\AppData\Roaming\*.tmp files -> C:\Users\Brahim\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/10 13:23:31 | 000,002,969 | ---- | C] () -- C:\Users\Brahim\Desktop\HiJackThis.lnk
[2011/01/09 03:03:41 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2010/12/20 09:00:01 | 005,641,227 | ---- | C] () -- C:\Users\Brahim\Documents\George Wassouf, Ya Habibi ( Lelit Wada3).mp3
[2010/12/15 15:57:07 | 004,078,895 | ---- | C] () -- C:\Users\Brahim\Documents\Chaabi 2010 Watra Harimo.mp3
[2010/12/14 16:53:04 | 002,021,670 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01898.JPG
[2010/12/14 16:52:46 | 002,192,892 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01896.JPG
[2010/12/14 16:52:34 | 002,025,396 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01893.JPG
[2010/12/14 16:51:35 | 002,020,176 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01881.JPG
[2010/12/14 16:51:25 | 001,967,167 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01880.JPG
[2010/12/14 16:50:21 | 001,795,120 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01864.JPG
[2010/12/14 16:49:23 | 002,135,480 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01858.JPG
[2010/12/14 16:49:10 | 002,098,489 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01856.JPG
[2010/12/14 16:44:08 | 002,318,661 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01853.JPG
[2010/12/14 16:44:00 | 002,354,637 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01852.JPG
[2010/12/14 16:43:53 | 001,776,506 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01851.JPG
[2010/12/14 16:43:46 | 001,849,948 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01850.JPG
[2010/12/14 16:37:53 | 001,854,681 | ---- | C] () -- C:\Users\Brahim\Documents\DSC01633.JPG
[2010/12/05 23:38:30 | 000,053,248 | ---- | C] () -- C:\Users\Brahim\AppData\Roaming\chrtmp
[2010/11/11 03:57:47 | 000,197,349 | ---- | C] () -- C:\Users\Brahim\AppData\Roaming\data.dat
[2010/11/11 02:37:22 | 000,000,000 | ---- | C] () -- C:\Users\Brahim\AppData\Roaming\nigzss.txt
[2010/11/09 22:11:41 | 000,000,000 | -H-- | C] () -- C:\Users\Brahim\AppData\Roaming\winsavesrc.txt
[2010/11/08 03:13:23 | 000,071,926 | ---- | C] () -- C:\ProgramData\MercadoLivre.ico
[2010/11/08 03:13:23 | 000,026,694 | ---- | C] () -- C:\ProgramData\Backup.ico
[2010/11/08 03:13:23 | 000,015,086 | ---- | C] () -- C:\ProgramData\Amazon.ico
[2010/10/26 17:41:30 | 000,000,000 | -H-- | C] () -- C:\Users\Brahim\AppData\Roaming\win32appli.txt
[2010/10/24 17:36:50 | 000,077,824 | RHS- | C] () -- C:\Users\Brahim\AppData\Roaming\juzjf.exe
[2010/10/18 21:55:47 | 000,000,000 | -H-- | C] () -- C:\Users\Brahim\AppData\Roaming\wimknrncds.txt
[2010/06/10 02:02:24 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/05/25 09:20:14 | 000,033,134 | ---- | C] () -- C:\Users\Brahim\AppData\Roaming\UserTile.png
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2006/02/01 09:03:37 | 000,276,782 | -H-- | C] () -- C:\Users\Brahim\AppData\Roaming\Brahimlog.dat

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009/07/13 22:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/07/14 02:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/13 22:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2009/07/13 22:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/13 22:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2009/07/13 22:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/13 22:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/13 22:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/13 22:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/13 22:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/13 22:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/13 22:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2009/07/13 22:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/13 22:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/13 22:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/13 22:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/09/01 03:34:52 | 002,327,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/21 20:51:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/01/09 03:03:41 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/03/21 21:04:13 | 000,171,136 | RHS- | M] () -- C:\grldr
[2011/01/10 17:29:52 | 2312,101,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/10 17:29:54 | 3082,805,248 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2011/01/10 12:36:30 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/05/25 20:41:01 | 000,000,000 | ---D | M] -- C:\Program Files\Athan
[2010/11/08 03:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\AutocompletePro
[2011/01/10 12:36:30 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/01/10 12:36:30 | 000,000,000 | ---D | M] -- C:\Program Files\BearShare Applications
[2011/01/10 12:36:32 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/11/08 03:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/11/08 03:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2010/11/08 03:45:42 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/07/14 09:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2010/04/02 20:49:48 | 000,000,000 | ---D | M] -- C:\Program Files\FunWebProducts
[2011/01/10 12:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/10/22 10:27:49 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/01/10 12:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/03/24 15:01:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/14 09:41:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/09/30 06:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/03/24 15:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/03/24 15:03:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/04/02 16:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\MyWebSearch
[2011/01/10 12:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2010/11/08 12:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2011/01/10 12:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\PHPNukeDU
[2010/11/08 03:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\Raptr
[2011/01/10 12:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/11/08 03:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\ToggleDU
[2011/01/10 13:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/07/14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/01/10 12:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\VDownloader
[2010/11/08 03:30:52 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2010/11/08 03:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze_Remote
[2009/07/14 09:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/14 09:41:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/03/24 15:04:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/03/24 15:01:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/05/17 22:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/22 10:27:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/03/21 20:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 09:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 05:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 09:27:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011/01/10 12:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap

< %appdata%\*.* >
[2010/12/08 01:17:01 | 000,276,782 | -H-- | M] () -- C:\Users\Brahim\AppData\Roaming\Brahimlog.dat
[2010/06/28 22:14:49 | 000,053,248 | ---- | M] () -- C:\Users\Brahim\AppData\Roaming\chrtmp
[2011/01/07 16:26:49 | 000,197,349 | ---- | M] () -- C:\Users\Brahim\AppData\Roaming\data.dat
[2010/11/08 03:54:00 | 000,000,000 | ---- | M] () -- C:\Users\Brahim\AppData\Roaming\desktop.ini
[2010/11/07 06:18:07 | 000,077,824 | RHS- | M] () -- C:\Users\Brahim\AppData\Roaming\juzjf.exe
[2010/12/27 21:39:51 | 000,122,947 | ---- | M] (Microsoft Corporation) -- C:\Users\Brahim\AppData\Roaming\jxbpwd.exe
[2010/11/11 02:37:22 | 000,000,000 | ---- | M] () -- C:\Users\Brahim\AppData\Roaming\nigzss.txt
[2010/05/25 09:20:14 | 000,033,134 | ---- | M] () -- C:\Users\Brahim\AppData\Roaming\UserTile.png
[2010/11/11 02:40:17 | 000,000,000 | -H-- | M] () -- C:\Users\Brahim\AppData\Roaming\wimknrncds.txt
[2010/10/27 15:18:47 | 000,000,000 | -H-- | M] () -- C:\Users\Brahim\AppData\Roaming\win32appli.txt
[2010/11/11 01:23:15 | 000,000,000 | -H-- | M] () -- C:\Users\Brahim\AppData\Roaming\winsavesrc.txt
[3 C:\Users\Brahim\AppData\Roaming\*.tmp files -> C:\Users\Brahim\AppData\Roaming\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-27 16:44:42

========== Alternate Data Streams ==========

@Alternate Data Stream - 518680 bytes -> C:\Users\Brahim\AppData\Roaming\desktop.ini:init

< End of report >

karim_mo
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-01-10
OS OS : windows7
Points Points : 21743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by Sneakyone on 12th January 2011, 5:17 am

Hi,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/04/02 16:46:04 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
    SRV - [2010/04/02 16:46:04 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
    O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKCU..\Run: [Firewall Administrating] C:\Users\Public\infocard.exe ()
    O4 - HKCU..\Run: [hoodir] C:\Users\Brahim\AppData\Roaming\Microsoft\jofufusso.exe ()
    O4 - HKCU..\Run: [MSConfig] C:\Users\Brahim\iyekq.exe ()
    O4 - HKCU..\Run: [MSNUpdateServices] C:\Users\Public\S-3685-5437-5687\minsfot.exe ( )
    O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKCU..\Run: [syncman] c:\users\brahim\wuaucldt.exe ()
    O4 - HKCU..\Run: [Windows System Guard] C:\Users\Public\msnl.exe ( )
    O4 - HKCU..\Run: [WindowsDriverControl] C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe ( )
    O4 - HKCU..\Run: [WinMSDNControl] C:\Users\Public\D-2785-7947-8747\wincdsvn.exe (*)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0bwblww.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0e0zuup.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2ppkzzu.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5ggbglg.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5h6rrm2.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aalgvlvvllg.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\agav5all.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brggww2r.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bwwr1lggbrg.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c7xsxsc0.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cmmmscmm6.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cr9m0hccx1r.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f7kka6vppk.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g2wrgg1rrl.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g6bvvq6lgg.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gaqqg5vla.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ggbbgqlg.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gqllv0avlv.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grwrllg6rlw.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvlla6vqqla.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k4q2aqq8.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l1r4llgw.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l6lggllg.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lgvvql5q2a.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lgwqllgww.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llalaav2a0.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nhxxnnhh.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\peuu1e0zppj.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\q1gvvlqvqgv.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qagaqqav6gg.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ql6lggbqqv.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qq6v5all.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqllgl21.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qvql9vl1g.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v1qqvfqqfv.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v6va37va.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v7lv8gv9g8.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\va1aaqqav6.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vbv1b97l.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vvq6lggbq.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w0bwblwwlb.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wq6lggbr.exe (Realtek Semiconductor Corp.)
    O4 - Startup: C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xx0cxxh6c5.exe (Realtek Semiconductor Corp.)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-2795765802-6752719170-392707653-6413\yv8g67.exe) - C:\RECYCLER\S-1-5-21-2795765802-6752719170-392707653-6413\yv8g67.exe (JRg)
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7992290727-5219543294-628079366-8947\yv8g67.exe) - C:\RECYCLER\S-1-5-21-7992290727-5219543294-628079366-8947\yv8g67.exe (JRg)
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7725566907-8968392825-591209115-2593\yv8g67.exe) - C:\RECYCLER\S-1-5-21-7725566907-8968392825-591209115-2593\yv8g67.exe (JRg)
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3920387100-0783316369-313288211-7464\yv8g67.exe) - C:\RECYCLER\S-1-5-21-3920387100-0783316369-313288211-7464\yv8g67.exe (SZWPECB1)
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8914496216-9341006184-746476430-8243\yv8g67.exe) - C:\RECYCLER\S-1-5-21-8914496216-9341006184-746476430-8243\yv8g67.exe (SZWPECB1)
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8120189390-0015678665-026725531-7227\yv8g67.exe) - C:\RECYCLER\S-1-5-21-8120189390-0015678665-026725531-7227\yv8g67.exe (AFZuu2)
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8847668384-8999398976-735235586-1723\yv8g67.exe) - C:\RECYCLER\S-1-5-21-8847668384-8999398976-735235586-1723\yv8g67.exe (SZWPECB1)
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6521341853-1628904454-716810124-2712\yv8g67.exe) - C:\RECYCLER\S-1-5-21-6521341853-1628904454-716810124-2712\yv8g67.exe (IhAP4cO3V)
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-2941411910-4878372867-591091694-8341\yv8g67.exe) - C:\RECYCLER\S-1-5-21-2941411910-4878372867-591091694-8341\yv8g67.exe (IhAP4cO3V)
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0325902117-9265625888-771119061-3174\yv8g67.exe) - C:\RECYCLER\S-1-5-21-0325902117-9265625888-771119061-3174\yv8g67.exe (SZWPECB1)
    O20 - HKCU Winlogon: Shell - (C:\Users\Brahim\AppData\Roaming\juzjf.exe) - C:\Users\Brahim\AppData\Roaming\juzjf.exe ()
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\{81283903-38e4-11df-ab86-001e33f3baef}\Shell - "" = AutoRun
    O33 - MountPoints2\{81283903-38e4-11df-ab86-001e33f3baef}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
    [2010/12/27 21:39:50 | 000,122,947 | ---- | C] (Microsoft Corporation) -- C:\Users\Brahim\AppData\Roaming\jxbpwd.exe
    [2010/11/08 03:13:22 | 002,944,904 | ---- | C] (Ask) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
    [2011/01/07 16:26:49 | 000,197,349 | ---- | M] () -- C:\Users\Brahim\AppData\Roaming\data.dat
    [2010/12/28 14:10:07 | 000,000,001 | ---- | M] () -- C:\Users\Brahim\oashdihasidhasuidhiasdhiashdiuasdhasd

    :commands
    [emptytemp]
    [resethosts]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by karim_mo on 12th January 2011, 7:02 am

I have a problem with combofix it says that it detetected some rootkits and it needs to restart te laptop. After restart combofix doesn't start and if I start it it says the same thing (also tried it in safe mode same problem). Here is the otl log:

All processes killed
========== OTL ==========
Process MWSSVC.EXE killed successfully!
Service MyWebSearchService stopped successfully!
Service MyWebSearchService deleted successfully!
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor not found.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin not found.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Firewall Administrating deleted successfully.
C:\Users\Public\infocard.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hoodir deleted successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\jofufusso.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig deleted successfully.
C:\Users\Brahim\iyekq.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSNUpdateServices not found.
C:\Users\Public\S-3685-5437-5687\minsfot.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\syncman deleted successfully.
c:\users\brahim\wuaucldt.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Guard deleted successfully.
C:\Users\Public\msnl.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsDriverControl deleted successfully.
C:\Users\Public\C-76947-8457-2745\wincdrsvn.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WinMSDNControl not found.
C:\Users\Public\D-2785-7947-8747\wincdsvn.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0bwblww.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0e0zuup.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2ppkzzu.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5ggbglg.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5h6rrm2.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aalgvlvvllg.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\agav5all.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brggww2r.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bwwr1lggbrg.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c7xsxsc0.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cmmmscmm6.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cr9m0hccx1r.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f7kka6vppk.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g2wrgg1rrl.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g6bvvq6lgg.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gaqqg5vla.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ggbbgqlg.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gqllv0avlv.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grwrllg6rlw.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvlla6vqqla.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k4q2aqq8.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l1r4llgw.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l6lggllg.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lgvvql5q2a.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lgwqllgww.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llalaav2a0.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nhxxnnhh.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\peuu1e0zppj.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\q1gvvlqvqgv.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qagaqqav6gg.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ql6lggbqqv.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qq6v5all.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqllgl21.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qvql9vl1g.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v1qqvfqqfv.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v6va37va.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v7lv8gv9g8.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\va1aaqqav6.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vbv1b97l.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vvq6lggbq.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w0bwblwwlb.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wq6lggbr.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xx0cxxh6c5.exe moved successfully.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-2795765802-6752719170-392707653-6413\yv8g67.exe deleted successfully.
C:\RECYCLER\S-1-5-21-2795765802-6752719170-392707653-6413\yv8g67.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-7992290727-5219543294-628079366-8947\yv8g67.exe deleted successfully.
C:\RECYCLER\S-1-5-21-7992290727-5219543294-628079366-8947\yv8g67.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-7725566907-8968392825-591209115-2593\yv8g67.exe deleted successfully.
C:\RECYCLER\S-1-5-21-7725566907-8968392825-591209115-2593\yv8g67.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-3920387100-0783316369-313288211-7464\yv8g67.exe deleted successfully.
C:\RECYCLER\S-1-5-21-3920387100-0783316369-313288211-7464\yv8g67.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-8914496216-9341006184-746476430-8243\yv8g67.exe deleted successfully.
C:\RECYCLER\S-1-5-21-8914496216-9341006184-746476430-8243\yv8g67.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-8120189390-0015678665-026725531-7227\yv8g67.exe deleted successfully.
C:\RECYCLER\S-1-5-21-8120189390-0015678665-026725531-7227\yv8g67.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-8847668384-8999398976-735235586-1723\yv8g67.exe deleted successfully.
C:\RECYCLER\S-1-5-21-8847668384-8999398976-735235586-1723\yv8g67.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-6521341853-1628904454-716810124-2712\yv8g67.exe deleted successfully.
C:\RECYCLER\S-1-5-21-6521341853-1628904454-716810124-2712\yv8g67.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-2941411910-4878372867-591091694-8341\yv8g67.exe deleted successfully.
C:\RECYCLER\S-1-5-21-2941411910-4878372867-591091694-8341\yv8g67.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0325902117-9265625888-771119061-3174\yv8g67.exe deleted successfully.
C:\RECYCLER\S-1-5-21-0325902117-9265625888-771119061-3174\yv8g67.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Brahim\AppData\Roaming\juzjf.exe deleted successfully.
C:\Users\Brahim\AppData\Roaming\juzjf.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81283903-38e4-11df-ab86-001e33f3baef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81283903-38e4-11df-ab86-001e33f3baef}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81283903-38e4-11df-ab86-001e33f3baef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81283903-38e4-11df-ab86-001e33f3baef}\ not found.
File E:\setup_vmc_lite.exe not found.
C:\Users\Brahim\AppData\Roaming\jxbpwd.exe moved successfully.
C:\Program Files\Common Files\AskToolbarInstaller.exe moved successfully.
C:\Users\Brahim\AppData\Roaming\data.dat moved successfully.
C:\Users\Brahim\oashdihasidhasuidhiasdhiashdiuasdhasd moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brahim
->Temp folder emptied: 969558794 bytes
->Temporary Internet Files folder emptied: 974594261 bytes
->Google Chrome cache emptied: 11049702 bytes
->Flash cache emptied: 12814206 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33294 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18517133 bytes
RecycleBin emptied: 4959364 bytes

Total Files Cleaned = 1.899,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.1 log created on 01122011_071500

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

karim_mo
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-01-10
OS OS : windows7
Points Points : 21743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by Sneakyone on 12th January 2011, 10:37 pm

Hi,

Do you also have the ComboFix log?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by karim_mo on 13th January 2011, 7:43 am

Combofix doesn't work because of the rootkits. When I start combofix it says that it has to restart te laptop because it detected some rootkits and after restart it will start automatically. But after restart combofix doesn't start itself and if I start it myself it does the same proces again. Also tried it on safe mode same problem. Thanks

karim_mo
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-01-10
OS OS : windows7
Points Points : 21743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by Sneakyone on 14th January 2011, 5:01 am

Hi,

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by karim_mo on 14th January 2011, 9:31 am

Ok after the TDSSKiller scan combofix worked so here are the logs:

TDSSlog:

2011/01/14 10:06:00.0772 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/14 10:06:00.0772 ================================================================================
2011/01/14 10:06:00.0772 SystemInfo:
2011/01/14 10:06:00.0772
2011/01/14 10:06:00.0772 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/14 10:06:00.0772 Product type: Workstation
2011/01/14 10:06:00.0772 ComputerName: BRAHIM-PC
2011/01/14 10:06:00.0772 UserName: Brahim
2011/01/14 10:06:00.0772 Windows directory: C:\Windows
2011/01/14 10:06:00.0772 System windows directory: C:\Windows
2011/01/14 10:06:00.0772 Processor architecture: Intel x86
2011/01/14 10:06:00.0772 Number of processors: 2
2011/01/14 10:06:00.0772 Page size: 0x1000
2011/01/14 10:06:00.0772 Boot type: Normal boot
2011/01/14 10:06:00.0772 ================================================================================
2011/01/14 10:06:01.0053 Initialize success
2011/01/14 10:06:03.0954 ================================================================================
2011/01/14 10:06:03.0954 Scan started
2011/01/14 10:06:03.0954 Mode: Manual;
2011/01/14 10:06:03.0954 ================================================================================
2011/01/14 10:06:05.0577 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/14 10:06:05.0951 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/14 10:06:06.0154 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/14 10:06:06.0388 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/14 10:06:06.0575 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/14 10:06:06.0856 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/14 10:06:07.0106 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/01/14 10:06:07.0418 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/01/14 10:06:07.0558 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/14 10:06:07.0792 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/01/14 10:06:07.0995 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/14 10:06:08.0213 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/01/14 10:06:08.0338 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/14 10:06:08.0369 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/14 10:06:08.0572 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/14 10:06:08.0744 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/14 10:06:09.0009 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/14 10:06:09.0165 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/14 10:06:09.0352 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/01/14 10:06:09.0617 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/01/14 10:06:09.0882 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/14 10:06:10.0038 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/14 10:06:10.0241 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/14 10:06:10.0522 athr (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys
2011/01/14 10:06:10.0850 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/01/14 10:06:11.0006 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/14 10:06:11.0364 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/01/14 10:06:11.0505 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/14 10:06:11.0708 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/14 10:06:12.0020 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/14 10:06:12.0191 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/14 10:06:12.0316 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/01/14 10:06:12.0534 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/14 10:06:12.0831 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/14 10:06:13.0080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/14 10:06:13.0236 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/14 10:06:13.0626 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/14 10:06:13.0860 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/14 10:06:14.0032 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/14 10:06:14.0219 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/01/14 10:06:14.0375 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/14 10:06:14.0640 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/14 10:06:14.0843 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/01/14 10:06:15.0046 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/14 10:06:15.0218 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/14 10:06:15.0467 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/14 10:06:15.0748 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/01/14 10:06:15.0935 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/01/14 10:06:16.0232 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/01/14 10:06:16.0512 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/01/14 10:06:16.0871 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/01/14 10:06:17.0121 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/14 10:06:17.0620 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/01/14 10:06:17.0901 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/14 10:06:18.0072 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/14 10:06:18.0306 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/01/14 10:06:18.0478 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/01/14 10:06:18.0759 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/14 10:06:18.0930 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/01/14 10:06:19.0086 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/01/14 10:06:19.0211 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/14 10:06:19.0476 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/01/14 10:06:19.0632 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/01/14 10:06:19.0820 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/01/14 10:06:20.0022 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/14 10:06:20.0210 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/14 10:06:20.0366 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/14 10:06:20.0537 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/14 10:06:20.0896 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/01/14 10:06:21.0130 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/14 10:06:21.0317 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/14 10:06:21.0458 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/14 10:06:21.0614 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/14 10:06:21.0863 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/14 10:06:22.0019 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/14 10:06:22.0284 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/01/14 10:06:22.0472 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/14 10:06:22.0518 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/14 10:06:22.0628 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/14 10:06:22.0877 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/01/14 10:06:23.0096 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/14 10:06:23.0236 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/14 10:06:23.0454 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/14 10:06:23.0766 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/14 10:06:23.0891 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/14 10:06:24.0125 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/01/14 10:06:24.0328 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/01/14 10:06:24.0468 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/14 10:06:24.0656 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/14 10:06:24.0890 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/14 10:06:25.0139 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/14 10:06:25.0451 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/14 10:06:25.0654 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/14 10:06:25.0810 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/14 10:06:26.0044 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/14 10:06:26.0169 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/14 10:06:26.0294 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/14 10:06:26.0543 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/14 10:06:26.0715 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/01/14 10:06:26.0933 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
2011/01/14 10:06:27.0183 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/14 10:06:27.0386 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/14 10:06:27.0557 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/01/14 10:06:27.0776 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/14 10:06:28.0025 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/14 10:06:28.0181 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/14 10:06:28.0353 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/01/14 10:06:28.0509 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/14 10:06:28.0743 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/14 10:06:28.0946 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/14 10:06:29.0180 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/14 10:06:29.0445 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/14 10:06:29.0585 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/14 10:06:29.0741 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/14 10:06:30.0022 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/14 10:06:30.0318 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/01/14 10:06:30.0584 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/14 10:06:30.0864 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/14 10:06:31.0036 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/14 10:06:31.0192 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/14 10:06:31.0348 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/01/14 10:06:31.0473 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/01/14 10:06:31.0644 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/14 10:06:31.0691 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/01/14 10:06:31.0800 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/14 10:06:31.0925 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/01/14 10:06:32.0050 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/14 10:06:32.0190 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/01/14 10:06:32.0362 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/14 10:06:32.0487 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/14 10:06:32.0627 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/14 10:06:32.0752 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/14 10:06:32.0924 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/01/14 10:06:33.0064 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/14 10:06:33.0189 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/14 10:06:33.0438 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/14 10:06:33.0719 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/01/14 10:06:33.0953 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/14 10:06:34.0156 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/01/14 10:06:34.0390 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/01/14 10:06:34.0546 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/14 10:06:34.0686 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/14 10:06:34.0827 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/14 10:06:35.0123 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/14 10:06:35.0295 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/01/14 10:06:35.0482 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/01/14 10:06:35.0700 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/14 10:06:35.0903 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/01/14 10:06:36.0059 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/14 10:06:36.0215 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/14 10:06:36.0356 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/01/14 10:06:36.0527 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/01/14 10:06:36.0792 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/14 10:06:36.0902 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/01/14 10:06:37.0214 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/14 10:06:37.0479 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/14 10:06:37.0728 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/14 10:06:37.0994 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/14 10:06:38.0196 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/14 10:06:38.0321 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/14 10:06:38.0493 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/14 10:06:38.0774 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/14 10:06:38.0961 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/14 10:06:39.0382 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/14 10:06:39.0554 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/14 10:06:39.0741 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/14 10:06:39.0897 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/01/14 10:06:40.0100 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/14 10:06:40.0271 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/14 10:06:40.0552 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/01/14 10:06:40.0739 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/01/14 10:06:41.0051 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/14 10:06:41.0317 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/01/14 10:06:41.0488 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/01/14 10:06:41.0722 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/14 10:06:41.0847 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/14 10:06:42.0081 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/14 10:06:42.0268 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/14 10:06:42.0533 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/01/14 10:06:42.0721 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/14 10:06:43.0001 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/14 10:06:43.0220 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/14 10:06:43.0345 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/14 10:06:43.0563 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/14 10:06:43.0828 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/01/14 10:06:44.0078 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/14 10:06:44.0203 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/14 10:06:44.0437 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/01/14 10:06:44.0639 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/01/14 10:06:44.0967 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/14 10:06:45.0248 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/14 10:06:45.0435 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/14 10:06:45.0622 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/14 10:06:45.0825 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/01/14 10:06:45.0981 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/01/14 10:06:46.0215 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/14 10:06:46.0449 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/01/14 10:06:46.0777 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/14 10:06:47.0073 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/14 10:06:47.0307 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/01/14 10:06:47.0479 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/14 10:06:47.0791 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/14 10:06:48.0040 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/14 10:06:48.0477 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/14 10:06:48.0633 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/14 10:06:48.0914 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/01/14 10:06:49.0226 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/14 10:06:49.0538 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/14 10:06:49.0803 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/14 10:06:50.0006 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/14 10:06:50.0255 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/14 10:06:50.0443 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/14 10:06:50.0599 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/14 10:06:50.0801 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/14 10:06:51.0004 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/14 10:06:51.0207 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/14 10:06:51.0488 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/14 10:06:51.0706 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/14 10:06:51.0940 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/14 10:06:52.0190 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/14 10:06:52.0424 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/14 10:06:52.0642 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/14 10:06:52.0954 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/01/14 10:06:53.0235 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/14 10:06:53.0422 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/01/14 10:06:53.0656 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/01/14 10:06:53.0890 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/14 10:06:54.0109 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/01/14 10:06:54.0296 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/01/14 10:06:54.0452 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/14 10:06:54.0655 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/01/14 10:06:54.0873 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/14 10:06:55.0045 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/14 10:06:55.0216 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/01/14 10:06:55.0388 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/01/14 10:06:55.0513 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/01/14 10:06:55.0840 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/14 10:06:55.0965 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/14 10:06:55.0981 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/14 10:06:56.0215 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/01/14 10:06:56.0386 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/14 10:06:56.0620 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/14 10:06:56.0745 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/01/14 10:06:57.0010 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/01/14 10:06:57.0197 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/14 10:06:57.0385 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/14 10:06:57.0525 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/01/14 10:06:57.0650 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/14 10:06:57.0743 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/14 10:06:58.0087 ================================================================================
2011/01/14 10:06:58.0087 Scan finished
2011/01/14 10:06:58.0087 ================================================================================
2011/01/14 10:06:58.0102 Detected object count: 1
2011/01/14 10:07:11.0955 \HardDisk0 - will be cured after reboot
2011/01/14 10:07:11.0955 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/14 10:07:19.0677 Deinitialize success

Combofixlog:

ComboFix 11-01-11.01 - Brahim 14/01/2011 10:11:11.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1043.18.2940.2392 [GMT 1:00]
Gestart vanuit: c:\users\Brahim\Desktop\commy.exe.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\LICENSE
c:\users\Brahim\AppData\Roaming\chrtmp
c:\users\Brahim\AppData\Roaming\google__as_[h22]rh_fhb.tmp
c:\users\Brahim\AppData\Roaming\google_as_[h22]rh_fhb.tmp
c:\users\Brahim\AppData\Roaming\internetfiles198.tmp
c:\users\Public\mdsys.s
c:\users\Public\mdusys.s
c:\windows\system32\f3PSSavr.scr

Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

Besmet exemplaar van c:\windows\System32\wininit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-12-14 to 2011-01-14 ))))))))))))))))))))))))))))))
.

2011-01-14 09:16 . 2011-01-14 09:17 -------- d-----w- c:\users\Brahim\AppData\Local\temp
2011-01-14 09:16 . 2011-01-14 09:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-12 07:07 . 2011-01-12 07:07 -------- d-----w- c:\users\Brahim\AppData\Roaming\Malwarebytes
2011-01-12 07:06 . 2011-01-12 07:06 -------- d-----w- c:\programdata\Malwarebytes
2011-01-12 07:06 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-12 07:06 . 2011-01-12 07:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-12 07:06 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-12 06:15 . 2011-01-12 06:15 -------- d-----w- C:\_OTL
2011-01-10 12:23 . 2011-01-10 12:23 388096 ----a-r- c:\users\Brahim\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-10 12:23 . 2011-01-10 12:23 -------- d-----w- c:\program files\Trend Micro
2011-01-06 19:31 . 2011-01-10 11:36 -------- d-----w- c:\programdata\NOS
2010-12-31 17:25 . 2011-01-10 11:36 -------- d-----w- c:\programdata\McAfee Security Scan
2010-12-31 17:25 . 2011-01-10 11:36 -------- d-----w- c:\program files\McAfee Security Scan
2010-12-27 19:56 . 2010-12-27 19:56 -------- d-----w- c:\programdata\McAfee

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-10 12:03 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-01-10 12:03 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2011-01-10 12:03 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-11-03 13:03 . 2010-04-02 12:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-11-03 13:03 . 2010-04-02 12:36 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-18 08:41 . 2010-10-31 15:59 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6697DCA7-063E-4259-BF53-3622E6FCC699}\mpengine.dll
.

------- Sigcheck -------

[-] 2011-01-10 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}"= "c:\program files\ToggleDU\tbTogg.dll" [2010-09-12 3863136]
"{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-09-12 3863136]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]

[HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 14:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]
2010-09-12 14:02 3863136 ----a-w- c:\program files\ToggleDU\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}]
2010-09-12 14:02 3863136 ----a-w- c:\program files\PHPNukeDU\tbPHPN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-06-06 14:38 392112 ----a-w- c:\program files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}"= "c:\program files\ToggleDU\tbTogg.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
"{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-09-12 3863136]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1}"= "c:\program files\ToggleDU\tbTogg.dll" [2010-09-12 3863136]
"{46735DEE-F862-49D1-876D-6382794DC625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-09-12 3863136]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}]

[HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2010-10-28 52136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Athan"="c:\users\Brahim\Desktop\Athan\Athan.exe" [2010-03-27 1146880]
"MRT"="c:\windows\system32\MRT.exe" [2010-10-22 35385288]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2010-09-24 237408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataMngr]
2010-06-06 14:38 796600 ----a-w- c:\progra~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-03-21 20:14 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-17 22:26 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 135664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R3 uxddrv;Dynamically loaded UxdDrv;UNC\192.168.254.253\public\Dynafix_32__01.06.11\uxddrv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Inhoud van de 'Gedeelde Taken' map

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 21:40]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 21:40]

2011-01-12 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
.
------- Bijkomende Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-MSNUpdateServices - c:\users\Public\S-3685-5437-5687\minsfot.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-WinMSDNControl - c:\users\Public\D-2785-7947-8747\wincdsvn.exe


.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\taskhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conhost.exe
c:\windows\system32\consent.exe
c:\progra~1\Raptr\raptr.exe
c:\progra~1\Raptr\raptr_im.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Voltooingstijd: 2011-01-14 10:20:43 - machine werd herstart
ComboFix-quarantined-files.txt 2011-01-14 09:20

Pre-Run: 292.312.866.816 bytes beschikbaar
Post-Run: 291.978.104.832 bytes beschikbaar

- - End Of File - - 4CE7A74AE6C60918ACFD5F9931264ACA





karim_mo
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-01-10
OS OS : windows7
Points Points : 21743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by Sneakyone on 15th January 2011, 3:18 am

Hi,

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by karim_mo on 15th January 2011, 8:07 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Databaseversie: 5523

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15/01/2011 9:02:02
mbam-log-2011-01-15 (09-02-02).txt

Scantype: Volledige scan (C:\|)
Objecten gescand: 193513
Verstreken tijd: 56 minuut/minuten, 32 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 1
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 3

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.
c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\system32\f3pssavr.scr.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.

karim_mo
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-01-10
OS OS : windows7
Points Points : 21743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by Sneakyone on 16th January 2011, 6:04 am

Hi,

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by karim_mo on 16th January 2011, 8:44 pm

Hi my laptop is working fine now thank you very much

karim_mo
Novice
Novice

Posts Posts : 9
Joined Joined : 2011-01-10
OS OS : windows7
Points Points : 21743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus/spyware problem black destkop

Post by Sneakyone on 17th January 2011, 10:21 pm

You're welcome, glad to help.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum