Think my computer's infected

View previous topic View next topic Go down

Think my computer's infected

Post by drokness on Thu Mar 31, 2011 3:18 am

When I click on links from Google search, they redirect me to weird places. Actually just had a virus that I tried to eradicate running AntiVir, MalwareBytes, and some online scanner in Safe Mode. Thought I got rid of it, guess not. OTL:

OTL logfile created on: 3/30/2011 9:32:43 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Daniel Schneider\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 373.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.88 Gb Total Space | 9.51 Gb Free Space | 4.21% Space Free | Partition Type: NTFS

Computer Name: WHITETUNDRA | User Name: Daniel Schneider | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 21:31:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Schneider\Desktop\OTL.com
PRC - [2011/03/18 12:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/06/12 13:28:45 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 18:04:48 | 000,810,632 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
PRC - [2007/09/05 17:58:44 | 000,188,416 | ---- | M] (Wavexpress, Inc) -- C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
PRC - [2007/08/15 13:19:44 | 001,564,672 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2005/03/11 19:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2005/02/09 12:43:52 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/02/09 12:43:52 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/02/09 12:43:50 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/01/14 16:43:28 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2003/08/13 15:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 15:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe


========== Modules (SafeList) ==========

MOD - [2011/03/30 21:31:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Schneider\Desktop\OTL.com
MOD - [2011/03/29 12:17:40 | 000,060,416 | -H-- | M] () -- C:\WINDOWS\system32\javastat.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/06/12 09:23:32 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtcprx.dll
MOD - [2008/06/12 09:23:32 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mtxclu.dll
MOD - [2008/04/13 19:12:11 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xolehlp.dll
MOD - [2008/04/13 19:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 19:12:04 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\resutils.dll
MOD - [2008/04/13 19:11:50 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clusapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus(R)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/12/27 15:03:22 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/11/06 18:04:48 | 000,810,632 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2007/09/05 17:58:44 | 000,188,416 | ---- | M] (Wavexpress, Inc) [Auto | Running] -- C:\Program Files\Wavexpress\TVTonic\WXRSS.exe -- (WXRSS)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2005/03/11 19:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2005/02/14 23:30:02 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/02/09 12:43:52 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/02/09 12:43:52 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/02/09 12:43:52 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/02/09 12:43:50 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/01/26 18:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 18:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 18:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/01/24 20:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/01/14 18:18:48 | 001,839,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/01/14 17:26:56 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/01/14 17:21:32 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/01/14 17:20:14 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2003/08/13 15:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 15:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 15:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)


========== Driver Services (SafeList) ==========

DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/15 10:27:05 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/07/15 10:17:51 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/07/15 10:17:39 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/06/01 00:13:20 | 000,238,848 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2007/03/01 09:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/11/29 19:42:54 | 002,319,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/09/29 07:22:22 | 000,800,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/12 20:45:52 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/05 23:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.0.15.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 13:00:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 13:00:16 | 000,000,000 | ---D | M]

[2008/12/06 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Extensions
[2011/03/15 22:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions
[2010/05/04 22:10:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/17 19:53:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/13 12:29:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/18 15:02:39 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/29 17:10:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/05/06 13:42:20 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\battlefieldheroespatcher@ea.com
[2011/03/23 13:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/06 13:40:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/10 19:12:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/12 02:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/10 20:23:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2010/04/17 13:30:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\DANIEL SCHNEIDER\APPLICATION DATA\MOVE NETWORKS
[2010/08/10 19:12:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/01/07 19:32:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {9E3DCAB2-1B63-44D9-AF91-7751CB9F605B} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk = C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\Daniel Schneider\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\opnlICSl: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Structure Wallpaper TrueColor 1024x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Structure Wallpaper TrueColor 1024x768.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/23 15:12:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: diskay32 - (C:\WINDOWS\system32\javastat.dll) - C:\WINDOWS\system32\javastat.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: PSEXESVC - Reg Error: Value error.
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: PSEXESVC - Reg Error: Value error.
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE


drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Thu Mar 31, 2011 3:19 am

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSACM.MSNAUDIO - C:\WINDOWS\System32\MSNAUDIO.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 21:31:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel Schneider\Desktop\OTL.com
[2011/03/29 12:35:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/03/29 12:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bHjHmMhGoEl28600
[2011/03/23 12:55:21 | 012,580,112 | ---- | C] (Mozilla) -- C:\Firefox Setup 4.0.exe
[2011/03/14 13:18:04 | 000,238,848 | R--- | C] (Belkin Corporation. ) -- C:\WINDOWS\System32\drivers\BLKWGU.sys
[2011/03/14 13:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Belkin
[2011/03/14 13:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2011/03/14 13:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Schneider\Application Data\InstallShield
[2011/03/11 18:57:11 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2011/03/03 21:26:48 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\install_flash_player.exe
[2011/01/29 17:28:13 | 003,782,822 | ---- | C] (DownloadHelper ) -- C:\Program Files\ConvertHelperSetup.exe
[2010/02/23 14:00:06 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe
[2009/11/29 18:03:47 | 002,025,768 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2008/12/27 18:54:45 | 027,288,880 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2008/10/13 11:18:16 | 012,580,696 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mm20enu.exe
[2008/02/10 15:51:11 | 028,868,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2006/10/08 13:53:34 | 000,302,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxwebsetup.exe
[2006/04/13 12:53:06 | 002,871,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\setuppad.exe
[2005/10/16 20:31:22 | 007,739,192 | ---- | C] (DivX Networks, Inc.) -- C:\Program Files\DivXPlay.exe
[2005/10/16 20:21:24 | 036,465,208 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
[8 C:\Documents and Settings\Daniel Schneider\My Documents\*.tmp files -> C:\Documents and Settings\Daniel Schneider\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/30 21:31:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Schneider\Desktop\OTL.com
[2011/03/30 21:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/30 11:32:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\WebReg psc 1600 series.job
[2011/03/29 22:28:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/29 19:32:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/29 19:31:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/29 19:31:43 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/29 19:31:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/03/29 19:31:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/03/29 12:56:16 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Desktop\HiJackThis.lnk
[2011/03/29 12:50:38 | 000,459,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/29 12:50:38 | 000,079,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/29 12:17:40 | 000,060,416 | -H-- | M] () -- C:\WINDOWS\System32\javastat.dll
[2011/03/28 23:36:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/23 13:00:22 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/23 13:00:22 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/23 12:56:13 | 012,580,112 | ---- | M] (Mozilla) -- C:\Firefox Setup 4.0.exe
[2011/03/14 13:17:44 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk
[2011/03/14 13:17:44 | 000,001,495 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless G USB Adapter Client Utility.lnk
[2011/03/12 04:01:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/07 13:36:27 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/03 21:26:00 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\install_flash_player.exe
[8 C:\Documents and Settings\Daniel Schneider\My Documents\*.tmp files -> C:\Documents and Settings\Daniel Schneider\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/29 19:31:43 | 1072,480,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/29 12:17:40 | 000,060,416 | -H-- | C] () -- C:\WINDOWS\System32\javastat.dll
[2011/03/23 13:00:21 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/14 13:17:44 | 000,013,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\string.ini
[2011/03/14 13:17:44 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk
[2011/03/14 13:17:44 | 000,001,495 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless G USB Adapter Client Utility.lnk
[2011/01/09 19:40:24 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
[2011/01/06 19:42:26 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-T0D6D.exe
[2010/02/14 19:25:05 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\Application Data\PnkBstrK.sys
[2010/02/14 19:24:48 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2009/11/29 18:10:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/29 17:53:02 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/03/08 15:31:31 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pdfdoc2.dll
[2008/12/05 22:24:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2008/12/05 22:24:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2008/12/05 22:13:56 | 000,072,192 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2008/11/24 06:24:03 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\Application Data\mcs.rma
[2008/11/24 06:24:03 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\Application Data\A3BAD1
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/12/06 13:42:55 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/12/06 13:38:53 | 006,820,520 | ---- | C] () -- C:\Program Files\FirefoxGoogleToolbarSetup.exe
[2007/11/18 02:12:50 | 013,532,808 | ---- | C] () -- C:\Program Files\NBCDirectInstaller.exe
[2007/10/14 16:06:44 | 1473,748,992 | ---- | C] () -- C:\Program Files\CoD4MWDemoSetup.exe
[2007/09/13 20:24:18 | 000,138,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/09/13 20:24:11 | 000,234,536 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/09/13 20:23:57 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/08/09 23:55:00 | 000,001,091 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/07/03 19:52:07 | 000,031,652 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/04/11 15:54:10 | 000,414,637 | ---- | C] () -- C:\Program Files\police-quest-in-pursuit-of-the-death-angel.zip
[2007/04/11 15:53:30 | 001,049,705 | ---- | C] () -- C:\Program Files\DOSBox-0.63-install.exe
[2007/01/02 16:26:56 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2007/01/02 16:21:48 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2006/10/22 19:22:40 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\Application Data\wklnhst.dat
[2006/08/13 17:57:29 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\Application Data\WavCodec.wff
[2006/08/13 17:50:47 | 000,432,552 | ---- | C] () -- C:\Program Files\wpsetup.exe
[2006/07/01 12:55:39 | 000,905,728 | ---- | C] () -- C:\Program Files\iview398.exe
[2006/04/27 21:51:42 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/10 17:43:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/11/04 11:50:01 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/17 23:35:26 | 000,068,939 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2005/10/17 23:35:26 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2005/10/16 23:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/10/15 12:47:06 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\Local Settings\Application Data\fusioncache.dat
[2005/10/15 11:52:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/09 17:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/20 17:51:03 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/05/20 17:48:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/20 17:48:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/20 17:48:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/20 17:48:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/20 17:48:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/20 17:48:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/20 17:47:34 | 000,000,598 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/20 17:42:11 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/02/23 17:44:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/23 17:18:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2005/02/23 17:18:09 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/23 17:18:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/02/23 16:51:35 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2005/02/23 16:35:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/02/23 16:04:19 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2005/02/23 15:17:15 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/23 15:14:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/02/23 15:08:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/23 13:58:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/02/23 13:57:37 | 000,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/23 13:57:05 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/23 13:57:04 | 000,459,718 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/02/23 13:57:04 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/02/23 13:57:04 | 000,079,246 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/02/23 13:57:04 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/02/23 13:57:04 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/02/23 13:57:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/02/23 13:57:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/02/23 13:56:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/02/23 13:56:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/02/23 13:56:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/02/23 13:56:51 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/02/23 07:04:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/23 07:03:20 | 000,236,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/18 13:31:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/23 10:53:30 | 000,373,967 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2002/08/06 13:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 19:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 19:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe
[2001/10/24 19:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/02/23 15:11:43 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 19:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2007/10/14 16:09:53 | 1473,748,992 | ---- | M] () -- C:\Program Files\CoD4MWDemoSetup.exe
[2011/01/29 17:28:35 | 003,782,822 | ---- | M] (DownloadHelper ) -- C:\Program Files\ConvertHelperSetup.exe
[2005/10/16 20:31:25 | 007,739,192 | ---- | M] (DivX Networks, Inc.) -- C:\Program Files\DivXPlay.exe
[2007/04/11 15:53:34 | 001,049,705 | ---- | M] () -- C:\Program Files\DOSBox-0.63-install.exe
[2008/12/27 19:01:47 | 000,302,928 | ---- | M] (Microsoft Corporation) -- C:\Program Files\dxwebsetup.exe
[2008/02/10 15:54:46 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2007/12/06 13:39:26 | 006,820,520 | ---- | M] () -- C:\Program Files\FirefoxGoogleToolbarSetup.exe
[2011/01/09 19:39:46 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi
[2006/04/13 12:38:00 | 036,465,208 | ---- | M] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
[2006/07/01 12:55:42 | 000,905,728 | ---- | M] () -- C:\Program Files\iview398.exe
[2008/10/13 11:18:40 | 012,580,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mm20enu.exe
[2007/11/18 02:12:50 | 013,532,808 | ---- | M] () -- C:\Program Files\NBCDirectInstaller.exe
[2007/04/11 15:54:10 | 000,414,637 | ---- | M] () -- C:\Program Files\police-quest-in-pursuit-of-the-death-angel.zip
[2008/12/27 18:56:08 | 027,288,880 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2006/04/13 12:53:29 | 002,871,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\setuppad.exe
[2009/11/29 18:03:47 | 002,025,768 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2010/02/23 14:00:07 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe
[2006/08/13 17:51:19 | 000,432,552 | ---- | M] () -- C:\Program Files\wpsetup.exe

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/15 10:41:42 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/10/14 20:33:30 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Daniel Schneider\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/02/23 15:16:41 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2008/12/01 19:32:44 | 000,208,384 | ---- | M] (Paul McLain and Fred de Vries) -- C:\Documents and Settings\Daniel Schneider\Desktop\JavaRa.exe
[2008/12/01 19:14:32 | 016,168,344 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Desktop\jre-6u11-windows-i586-p.exe
[2010/08/10 19:11:33 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Daniel Schneider\Desktop\jre-6u21-windows-i586.exe
[2010/08/22 00:17:01 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Daniel Schneider\Desktop\setup-spybotsd162.exe
[2008/08/24 23:05:19 | 004,891,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Daniel Schneider\Desktop\Silverlight.2.0.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/03/18 12:53:03 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/03/18 12:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/03/18 12:53:19 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/03/18 12:53:21 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/10/14 20:33:29 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Daniel Schneider\Favorites\Desktop.ini
[2008/12/05 22:13:56 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Favorites\ebay.com.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2008/04/13 19:11:53 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/02/23 07:02:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/02/23 07:02:46 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/02/23 07:02:46 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/10 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/10 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/10 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/10 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/10 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/12/31 08:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2009/10/07 02:23:08 | 000,013,584 | ---- | M] () -- C:\WINDOWS\system32\drivers\iKeyLFT2.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >
[2007/08/07 10:38:12 | 000,013,768 | ---- | M] () -- C:\WINDOWS\system32\drivers\string.ini

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 19:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2008/12/01 20:54:20 | 023,804,784 | ---- | M] () -- C:\aaw2008.exe
[2010/08/10 19:17:23 | 042,459,072 | ---- | M] ( ) -- C:\AdbeRdr933_en_US.exe
[2009/01/24 16:09:26 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2009/02/22 13:34:41 | 022,058,104 | ---- | M] () -- C:\antivir_workstation_winu_en_h.exe
[2005/02/23 15:12:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/07/15 10:01:09 | 032,299,960 | ---- | M] () -- C:\avira_antivir_personal_en.exe
[2005/11/08 14:45:21 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2008/12/01 18:09:48 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2011/01/07 19:47:14 | 000,014,852 | ---- | M] () -- C:\ComboFix.txt
[2005/02/23 15:12:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/05 22:23:04 | 003,376,393 | ---- | M] (PDF-Convert, Inc. ) -- C:\doc2pdf2_setup.exe
[2010/12/07 21:11:47 | 000,000,090 | ---- | M] () -- C:\error.log
[2010/08/10 19:23:26 | 008,573,648 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.6.8.exe
[2011/03/23 12:56:13 | 012,580,112 | ---- | M] (Mozilla) -- C:\Firefox Setup 4.0.exe
[2010/01/30 22:01:05 | 002,413,835 | ---- | M] () -- C:\Grayson_01_30_10_83.JPG
[2010/01/30 22:01:40 | 002,249,898 | ---- | M] () -- C:\Grayson_01_30_10_85.JPG
[2011/03/29 19:31:43 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/03 21:26:00 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\install_flash_player.exe
[2005/02/23 15:12:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/07/18 21:26:14 | 000,000,958 | -H-- | M] () -- C:\IPH.PH
[2008/12/01 19:33:19 | 000,006,423 | ---- | M] () -- C:\JavaRa.log
[2010/08/06 15:19:42 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2009/01/31 14:07:44 | 002,737,800 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2009/02/05 09:59:31 | 001,011,568 | ---- | M] () -- C:\MoveMediaPlayer_071101000055.exe
[2005/02/23 15:12:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/15 10:32:46 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/11/27 23:00:42 | 002,456,653 | ---- | M] () -- C:\Nursery1_11-27-09.JPG
[2009/11/27 23:01:15 | 002,132,570 | ---- | M] () -- C:\Nursery2_11-27-09.JPG
[2011/03/29 19:31:41 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/08/25 19:44:28 | 006,068,688 | ---- | M] () -- C:\PartyPokerNetSetup.exe
[2008/11/23 22:34:57 | 018,468,336 | ---- | M] () -- C:\RhapsodyVcast.exe
[2010/08/05 18:59:01 | 000,000,431 | ---- | M] () -- C:\rkill.log
[2008/12/01 19:45:16 | 015,083,520 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd160.exe
[2008/12/01 19:46:39 | 002,869,536 | ---- | M] (Javacool Software LLC ) -- C:\spywareblastersetup41.exe
[2008/12/01 20:07:28 | 002,062,665 | ---- | M] () -- C:\spywareguardsetup.exe
[2009/02/16 08:32:52 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
[2008/03/19 09:19:31 | 000,000,033 | ---- | M] () -- C:\wizard.txt

< %PROGRAMFILES%\*. >
[2006/05/13 10:57:42 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter
[2006/04/13 12:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\ActiveX Control Pad
[2008/12/27 17:27:57 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2011/01/10 20:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/27 18:57:40 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/08/06 14:22:38 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2005/02/23 15:26:31 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/07/15 10:14:49 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2011/03/14 13:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2008/12/30 10:45:24 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/01/07 19:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/02/23 15:08:49 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/01/29 17:30:09 | 000,000,000 | ---D | M] -- C:\Program Files\ConvertHelper
[2007/06/19 21:01:42 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2007/04/11 15:56:25 | 000,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.63
[2010/07/28 18:12:17 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2010/02/14 19:27:31 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2007/01/02 16:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\Final Draft 7
[2007/01/02 16:24:50 | 000,000,000 | ---D | M] -- C:\Program Files\Final Draft Tagger
[2008/08/04 21:23:35 | 000,000,000 | ---D | M] -- C:\Program Files\G
[2009/01/31 16:55:19 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2010/01/30 22:03:23 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/02/16 08:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/02/16 08:32:43 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/12/07 21:12:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/02/23 15:32:03 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2005/10/16 23:52:44 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2005/05/20 17:51:03 | 000,000,000 | ---D | M] -- C:\Program Files\InterMute
[2011/02/10 04:02:41 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/05/20 17:48:18 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2008/12/30 10:46:48 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2006/07/01 12:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2008/12/30 10:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/01/10 20:23:38 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/12/01 20:55:58 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/11/29 17:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/01/06 19:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/15 14:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2005/12/12 18:37:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/10 03:44:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/02/23 15:12:36 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/02/10 15:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/03/08 19:13:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2005/02/23 16:52:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2005/05/20 17:46:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2005/05/20 17:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\MoodLogic
[2010/08/11 16:16:45 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2005/02/23 16:37:14 | 000,000,000 | ---D | M] -- C:\Program Files\Movielink
[2011/03/23 13:00:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/07 03:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/02/10 15:54:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/10/15 10:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\msn
[2005/02/23 15:08:06 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/10/15 03:41:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/09/14 12:01:22 | 000,000,000 | ---D | M] -- C:\Program Files\NBC Direct
[2006/08/13 17:51:33 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/10/15 10:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/07/15 10:10:01 | 000,000,000 | ---D | M] -- C:\Program Files\New Folder
[2005/05/20 17:48:00 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2007/11/18 02:25:16 | 000,000,000 | ---D | M] -- C:\Program Files\OpenCASE
[2010/12/16 04:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/10/13 10:33:31 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2008/08/25 19:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\PartyGaming.Net
[2008/12/05 22:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\PDF-Convert
[2009/08/06 14:21:47 | 000,000,000 | ---D | M] -- C:\Program Files\Philips
[2007/04/11 15:55:05 | 000,000,000 | ---D | M] -- C:\Program Files\police-quest-in-pursuit-of-the-death-angel
[2008/12/05 22:24:19 | 000,000,000 | ---D | M] -- C:\Program Files\psconvert
[2010/08/04 08:26:26 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2008/12/30 10:45:03 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/02/23 17:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/08/07 03:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2005/03/04 00:17:16 | 000,000,000 | ---D | M] -- C:\Program Files\Shield
[2009/11/29 18:07:27 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2008/12/27 15:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSound Software
[2005/05/20 17:42:21 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2005/05/20 17:51:07 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/08/22 19:27:29 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/31 23:13:40 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareGuard
[2007/12/01 15:45:19 | 000,000,000 | ---D | M] -- C:\Program Files\TerminatorContest
[2006/05/07 13:25:44 | 000,000,000 | ---D | M] -- C:\Program Files\TESTOUT
[2011/01/09 19:40:58 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2007/04/29 21:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\Turbine
[2005/02/23 16:05:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/12/01 12:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\V CAST Music with Rhapsody
[2007/10/28 12:57:31 | 000,000,000 | ---D | M] -- C:\Program Files\Wavexpress
[2008/11/23 22:41:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/10/15 10:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/02/23 15:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/02/23 15:10:17 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/12/05 22:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\Word 2 PDF 1
[2005/02/23 15:12:36 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2008/11/24 06:24:04 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Application Data\A3BAD1
[2005/02/23 07:03:49 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Daniel Schneider\Application Data\desktop.ini
[2010/02/22 18:22:50 | 000,050,160 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/24 06:24:04 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Application Data\mcs.rma
[2010/02/14 19:25:05 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Application Data\PnkBstrK.sys
[2006/08/14 10:31:11 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Application Data\WavCodec.wff
[2006/10/22 19:22:43 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/15 10:26:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/10/15 10:26:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/15 10:26:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/10/15 10:26:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/10/15 10:26:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/10/15 10:26:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/10/15 10:26:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2008/10/15 10:26:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 18:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-24 08:02:28

< >

< >

< >

< End of report >

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by Sneakyone on Thu Mar 31, 2011 3:55 am

Hi,

Submit a file for analysis.

  1. Please visit this website: [You must be registered and logged in to see this link.]
  2. Press the "Browse" button and locate the following file in bold:
    C:\WINDOWS\system32\javastat.dll
  3. Press the "Upload button to submit the file for analysis.
  4. Allow it to be scanned, it could take a few minutes depending on server load.
  5. Copy and paste the result back here.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Thu Mar 31, 2011 5:07 am

Hi, I looked in my C:\WINDOWS\system32 folder, and I couldn't find that specific file. The only "java" files I found were:

java
javacpl
javaw
javaws



Should I be doing anything with OTL? These files look kind of sketchy:

O2 - BHO: (no name) - {9E3DCAB2-1B63-44D9-AF91-7751CB9F605B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.



It's my webbrowser that seems to be acting funny (including the stuff I said in my first post, sometimes my last query will just "pop up" in the Google search in my toolbar). I'll await your advisement. Didn't say it in my first post, but I appreciate your help.

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by Sneakyone on Fri Apr 01, 2011 1:26 am

I forgot to mention it is hidden. My bad.

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.
  10. Close My Computer.


------------

After this, please do my instructions in my previous post.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Fri Apr 01, 2011 5:30 am

VirSCAN.org Scanned Report :
Scanned time : 2011/03/31 08:36:51 (CDT)
Scanner results: 30% Scanner(s) (11/37) found malware!
File Name : msdtSINK.dll
File Size : 60416 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 69d3b39753f81a089986e9f5dfabed8c
SHA1 : 505c736bb7564ae678f29708407ecbd0dcd1d7f3
Online report : [You must be registered and logged in to see this link.]

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110331030854 2011-03-31 7.22 Backdoor.Win32.Papras!IK
AhnLab V3 2011.03.30.04 2011.03.30 2011-03-30 2.66 -
AntiVir 8.2.4.192 7.11.5.147 2011-03-31 0.41 TR/Oficla.I.3
Antiy 2.0.18 20110205.7694535 2011-02-05 0.23 -
Arcavir 2010 201103240801 2011-03-24 0.36 -
Authentium 5.1.1 201103310225 2011-03-31 2.47 -
AVAST! 4.7.4 110331-0 2011-03-31 0.32 Win32:Rootkit-gen [Rtk]
AVG 8.5.850 271.1.1/3516 2011-03-19 1.97 -
BitDefender 7.90123.7037770 7.36881 2011-03-31 7.05 Trojan.Generic.5736409
ClamAV 0.96.5 12932 2011-03-31 0.02 -
Comodo 4.0 8172 2011-03-31 2.04 UnclassifiedMalware
CP Secure 1.3.0.5 2011.03.29 2011-03-29 0.06 -
Dr.Web 5.0.2.3300 2011.03.31 2011-03-31 11.25 -
F-Prot 4.4.4.56 20110331 2011-03-31 1.44 -
F-Secure 7.02.73807 2011.03.31.03 2011-03-31 0.15 Backdoor.Win32.Papras.api [AVP]
Fortinet 4.2.254 13.64 2011-03-30 28.64 W32/FakeAV.EE!tr
GData 21.2179/22.4 20110331 2011-03-31 40.09 -
ViRobot 20110331 2011.03.31 2011-03-31 40.09 -
Ikarus T3.1.32.20.0 2011.03.31.78061 2011-03-31 4.86 Backdoor.Win32.Papras
JiangMin 13.0.900 2011.03.29 2011-03-29 2.19 -
Kaspersky 5.5.10 2011.03.31 2011-03-31 0.10 Backdoor.Win32.Papras.api
KingSoft 2009.2.5.15 2011.3.31.18 2011-03-31 40.09 -
McAfee 5400.1158 6301 2011-03-30 8.30 -
Microsoft 1.6702 2011.03.31 2011-03-31 40.09 -
NOD32 3.0.21 5999 2011-03-30 0.01 Win32/PSW.Papras.BW trojan
Norman 6.07.03 6.07.00 2011-03-30 20.02 -
Panda 9.05.01 2011.03.30 2011-03-30 40.09 -
Trend Micro 9.200-1012 7.942.05 2011-03-31 0.03 -
Quick Heal 11.00 2011.03.30 2011-03-30 40.09 -
Rising 20.0 23.51.03.05 2011-03-31 40.09 -
Sophos 3.18.0 4.64 2011-03-31 5.70 -
Sunbelt 3.9.2486.2 8875 2011-03-31 40.09 -
Symantec 1.3.0.24 20110330.003 2011-03-30 0.52 Backdoor.Trojan
nProtect 20110330.01 3287087 2011-03-30 40.09 -
The Hacker 6.7.0.1 v00162 2011-03-30 40.09 -
VBA32 3.12.14.3 20110329.2000 2011-03-29 4.60 -
VirusBuster 5.2.0.28 13.6.278.0/48728852011-03-30 0.00 -


Edit: More Complete

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by Sneakyone on Sat Apr 02, 2011 6:20 am

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Sat Apr 02, 2011 5:40 pm

ComboFix 11-04-01.01 - Daniel Schneider 04/02/2011 11:58:39.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.412 [GMT -5:00]
Running from: c:\documents and settings\Daniel Schneider\desktop\commy.exe
Command switches used :: /stepdel
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\Daniel Schneider\Application Data\Help\comm3.exe
c:\windows\system32\arp.exe
c:\windows\system32\SCardSvr.exe
c:\windows\system32\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 16:59 . 2004-08-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\arp.exe
2011-04-02 16:59 . 2004-08-10 12:00 19456 ----a-w- c:\windows\system32\arp.exe
2011-03-29 21:42 . 2011-03-29 21:42 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-03-29 21:39 . 2011-03-29 21:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-03-29 17:37 . 2011-03-29 17:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-29 17:37 . 2011-03-29 17:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-03-29 17:17 . 2011-03-29 17:17 60416 ----a-w- c:\windows\system32\javastat.dll
2011-03-29 17:16 . 2011-03-29 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\bHjHmMhGoEl28600
2011-03-23 18:00 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:00 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:00 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-23 18:00 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-23 18:00 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:00 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-23 18:00 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 18:00 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 17:55 . 2011-03-23 17:56 12580112 ----a-w- C:\Firefox Setup 4.0.exe
2011-03-14 18:18 . 2007-06-01 05:13 238848 ------r- c:\windows\system32\drivers\BLKWGU.sys
2011-03-14 18:17 . 2006-11-15 21:23 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
2011-03-14 18:17 . 2011-03-14 18:17 -------- d-----w- c:\program files\Belkin
2011-03-14 18:17 . 2011-03-14 18:17 -------- d-----w- c:\documents and settings\Daniel Schneider\Application Data\InstallShield
2011-03-14 08:43 . 2011-03-14 08:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-03-11 23:57 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-03-04 02:26 . 2011-03-04 02:26 2832544 ----a-w- C:\install_flash_player.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 07:58 . 2005-02-23 20:08 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 02:02 . 2007-09-14 01:24 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-30 02:00 . 2010-02-15 00:37 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-30 02:00 . 2007-09-14 01:24 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-29 22:28 . 2011-01-29 22:28 3782822 ----a-w- c:\program files\ConvertHelperSetup.exe
2011-01-27 11:57 . 2005-02-23 20:08 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-02-23 18:57 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-10 00:40 . 2011-01-10 00:40 388096 ----a-r- c:\documents and settings\Daniel Schneider\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-10 00:39 . 2011-01-10 00:40 1402880 ----a-w- c:\program files\HiJackThis.msi
2011-01-07 14:09 . 2005-02-23 18:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 00:42 . 2011-01-07 00:42 709456 ----a-w- c:\windows\is-T0D6D.exe
2010-02-23 19:00 . 2010-02-23 19:00 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-11-29 23:03 . 2009-11-29 23:03 2025768 ----a-w- c:\program files\SkypeSetup.exe
2008-12-28 00:01 . 2006-10-08 18:53 302928 ----a-w- c:\program files\dxwebsetup.exe
2008-12-27 23:56 . 2008-12-27 23:54 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-13 16:18 . 2008-10-13 16:18 12580696 ----a-w- c:\program files\mm20enu.exe
2008-02-10 20:54 . 2008-02-10 20:51 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2007-12-06 18:39 . 2007-12-06 18:38 6820520 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe
2007-11-18 07:12 . 2007-11-18 07:12 13532808 ----a-w- c:\program files\NBCDirectInstaller.exe
2007-10-14 21:09 . 2007-10-14 21:06 1473748992 ----a-w- c:\program files\CoD4MWDemoSetup.exe
2007-04-11 20:53 . 2007-04-11 20:53 1049705 ----a-w- c:\program files\DOSBox-0.63-install.exe
2006-08-13 22:51 . 2006-08-13 22:50 432552 ----a-w- c:\program files\wpsetup.exe
2006-07-01 17:55 . 2006-07-01 17:55 905728 ----a-w- c:\program files\iview398.exe
2006-04-13 17:53 . 2006-04-13 17:53 2871168 ----a-w- c:\program files\setuppad.exe
2006-04-13 17:38 . 2005-10-17 01:21 36465208 ----a-w- c:\program files\iTunesSetup.exe
2005-10-17 01:31 . 2005-10-17 01:31 7739192 ----a-w- c:\program files\DivXPlay.exe
2011-03-18 17:53 . 2011-03-23 18:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" [2007-07-19 2887680]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\documents and settings\Daniel Schneider\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2008-10-13 161160]
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2011-3-14 1564672]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [11/6/2007 6:04 PM 810632]
R2 WXRSS;TVTonic RSS;c:\program files\Wavexpress\TVTonic\WXRSS.exe [9/5/2007 5:58 PM 188416]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [3/14/2011 1:18 PM 238848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:03 PM 135664]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]
.
2011-04-02 c:\windows\Tasks\WebReg psc 1600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 22:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9E3DCAB2-1B63-44D9-AF91-7751CB9F605B} - (no file)
Notify-opnlICSl - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-02 12:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PEVSystemStart]
"ImagePath"="\"c:\commy\PEV.cfxxe\" EXEC /i \"c:\commy\REGT.cfxxe\" /S \"c:\commy\CregB.dat\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5468)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\logitech\logitech webcam software\lu\lulnchr.exe
c:\program files\logitech\logitech webcam software\lu\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2011-04-02 12:37:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-02 17:37
ComboFix2.txt 2011-01-08 00:47
.
Pre-Run: 10,018,488,320 bytes free
Post-Run: 10,031,669,248 bytes free
.
- - End Of File - - FDDD25602C67C48F214FBDB1772DD473

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by Sneakyone on Sun Apr 03, 2011 3:58 pm

Hi,

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Sun Apr 03, 2011 6:28 pm

Before I post the log, would just like to note that I ran it in Safe Mode with Networking. My computer shut down at some point overnight (don't know why...does that after automatic updates sometimes), and when I tried to start it back up, I got the "Windows could not start...\WINDOWS\SYSTEM32\CONFIG\SYSTEM" error message. So I turned it off, and back on, and I made it to the Windows loading-graphic (which it hadn't before), but then it stuck on a black screen. So I turned it off again, and restarted in Safe Mode with Networking.

Also of note, while I was waiting for the next step (after I ran ComboFix and it restarted and I got the ComboFix log...but before my computer shut down again) I was getting a new virus detected by AntiVir that wouldn't go away, even when I tried to delete it:

C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll

I'll stay in Safe Mode until further instruction, in the meantime, here's my MBAM log:


Database version: 6204

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

4/3/2011 1:12:41 PM
mbam-log-2011-04-03 (13-12-41).txt

Scan type: Quick scan
Objects scanned: 187339
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by Sneakyone on Mon Apr 04, 2011 3:18 am

Hi,

Could you please re-run ComboFix?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Mon Apr 04, 2011 8:01 pm

ComboFix 11-04-03.03 - Daniel Schneider 04/04/2011 14:17:15.9.2 - x86
Running from: c:\documents and settings\Daniel Schneider\desktop\commy.exe
Command switches used :: /stepdel
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\arp.exe
c:\windows\system32\SCardSvr.exe
c:\windows\system32\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))))
.
.
2011-04-02 16:59 . 2004-08-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\arp.exe
2011-04-02 16:59 . 2004-08-10 12:00 19456 ----a-w- c:\windows\system32\arp.exe
2011-03-29 21:42 . 2011-03-29 21:42 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-03-29 21:39 . 2011-03-29 21:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-03-29 17:37 . 2011-03-29 17:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-29 17:37 . 2011-03-29 17:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-03-29 17:16 . 2011-03-29 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\bHjHmMhGoEl28600
2011-03-23 18:00 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:00 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:00 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-23 18:00 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-23 18:00 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:00 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-23 18:00 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 18:00 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 17:55 . 2011-03-23 17:56 12580112 ----a-w- C:\Firefox Setup 4.0.exe
2011-03-14 18:18 . 2007-06-01 05:13 238848 ------r- c:\windows\system32\drivers\BLKWGU.sys
2011-03-14 18:17 . 2006-11-15 21:23 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
2011-03-14 18:17 . 2011-03-14 18:17 -------- d-----w- c:\program files\Belkin
2011-03-14 18:17 . 2011-03-14 18:17 -------- d-----w- c:\documents and settings\Daniel Schneider\Application Data\InstallShield
2011-03-14 08:43 . 2011-03-14 08:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-03-11 23:57 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 02:26 . 2011-03-04 02:26 2832544 ----a-w- C:\install_flash_player.exe
2011-02-02 07:58 . 2005-02-23 20:08 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 02:02 . 2007-09-14 01:24 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-30 02:00 . 2010-02-15 00:37 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-30 02:00 . 2007-09-14 01:24 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-29 22:28 . 2011-01-29 22:28 3782822 ----a-w- c:\program files\ConvertHelperSetup.exe
2011-01-27 11:57 . 2005-02-23 20:08 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-02-23 18:57 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-10 00:40 . 2011-01-10 00:40 388096 ----a-r- c:\documents and settings\Daniel Schneider\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-10 00:39 . 2011-01-10 00:40 1402880 ----a-w- c:\program files\HiJackThis.msi
2011-01-07 14:09 . 2005-02-23 18:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 00:42 . 2011-01-07 00:42 709456 ----a-w- c:\windows\is-T0D6D.exe
2010-02-23 19:00 . 2010-02-23 19:00 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-11-29 23:03 . 2009-11-29 23:03 2025768 ----a-w- c:\program files\SkypeSetup.exe
2008-12-28 00:01 . 2006-10-08 18:53 302928 ----a-w- c:\program files\dxwebsetup.exe
2008-12-27 23:56 . 2008-12-27 23:54 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-13 16:18 . 2008-10-13 16:18 12580696 ----a-w- c:\program files\mm20enu.exe
2008-02-10 20:54 . 2008-02-10 20:51 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2007-12-06 18:39 . 2007-12-06 18:38 6820520 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe
2007-11-18 07:12 . 2007-11-18 07:12 13532808 ----a-w- c:\program files\NBCDirectInstaller.exe
2007-10-14 21:09 . 2007-10-14 21:06 1473748992 ----a-w- c:\program files\CoD4MWDemoSetup.exe
2007-04-11 20:53 . 2007-04-11 20:53 1049705 ----a-w- c:\program files\DOSBox-0.63-install.exe
2006-08-13 22:51 . 2006-08-13 22:50 432552 ----a-w- c:\program files\wpsetup.exe
2006-07-01 17:55 . 2006-07-01 17:55 905728 ----a-w- c:\program files\iview398.exe
2006-04-13 17:53 . 2006-04-13 17:53 2871168 ----a-w- c:\program files\setuppad.exe
2006-04-13 17:38 . 2005-10-17 01:21 36465208 ----a-w- c:\program files\iTunesSetup.exe
2005-10-17 01:31 . 2005-10-17 01:31 7739192 ----a-w- c:\program files\DivXPlay.exe
2011-03-18 17:53 . 2011-03-23 18:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" [2007-07-19 2887680]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\documents and settings\Daniel Schneider\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2008-10-13 161160]
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2011-3-14 1564672]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [11/6/2007 6:04 PM 810632]
R2 WXRSS;TVTonic RSS;c:\program files\Wavexpress\TVTonic\WXRSS.exe [9/5/2007 5:58 PM 188416]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [3/14/2011 1:18 PM 238848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:03 PM 135664]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]
.
2011-04-02 c:\windows\Tasks\WebReg psc 1600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 22:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-04 14:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4644)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\AGRSMMSG.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\logitech\logitech webcam software\lu\lulnchr.exe
c:\program files\logitech\logitech webcam software\lu\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2011-04-04 14:59:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-04 19:58
ComboFix2.txt 2011-04-02 17:37
ComboFix3.txt 2011-01-08 00:47
.
Pre-Run: 9,555,296,256 bytes free
Post-Run: 9,912,553,472 bytes free
.
- - End Of File - - 7C830EF950AF1BAF6BE4CCF449615B23

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by Sneakyone on Tue Apr 05, 2011 2:31 am

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\documents and settings\All Users\Application Data\bHjHmMhGoEl28600

    File::
    C:\install_flash_player.exe




  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


---------------------

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Tue Apr 05, 2011 4:07 am

COMBOFIX LOG:

ComboFix 11-04-04.01 - Daniel Schneider 04/04/2011 21:39:23.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.484 [GMT -5:00]
Running from: c:\documents and settings\Daniel Schneider\Desktop\commy.exe
Command switches used :: c:\documents and settings\Daniel Schneider\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"C:\install_flash_player.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\bHjHmMhGoEl28600
c:\documents and settings\All Users\Application Data\bHjHmMhGoEl28600\bHjHmMhGoEl28600
C:\install_flash_player.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
.
.
2011-04-02 16:59 . 2004-08-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\arp.exe
2011-04-02 16:59 . 2004-08-10 12:00 19456 ----a-w- c:\windows\system32\arp.exe
2011-03-29 21:42 . 2011-03-29 21:42 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-03-29 21:39 . 2011-03-29 21:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-03-29 17:37 . 2011-03-29 17:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-29 17:37 . 2011-03-29 17:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-03-23 18:00 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:00 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:00 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-23 18:00 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-23 18:00 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:00 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-23 18:00 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 18:00 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 17:55 . 2011-03-23 17:56 12580112 ----a-w- C:\Firefox Setup 4.0.exe
2011-03-14 18:18 . 2007-06-01 05:13 238848 ------r- c:\windows\system32\drivers\BLKWGU.sys
2011-03-14 18:17 . 2006-11-15 21:23 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
2011-03-14 18:17 . 2011-03-14 18:17 -------- d-----w- c:\program files\Belkin
2011-03-14 18:17 . 2011-03-14 18:17 -------- d-----w- c:\documents and settings\Daniel Schneider\Application Data\InstallShield
2011-03-14 08:43 . 2011-03-14 08:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-03-11 23:57 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 07:58 . 2005-02-23 20:08 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 02:02 . 2007-09-14 01:24 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-30 02:00 . 2010-02-15 00:37 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-30 02:00 . 2007-09-14 01:24 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-29 22:28 . 2011-01-29 22:28 3782822 ----a-w- c:\program files\ConvertHelperSetup.exe
2011-01-27 11:57 . 2005-02-23 20:08 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-02-23 18:57 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-10 00:40 . 2011-01-10 00:40 388096 ----a-r- c:\documents and settings\Daniel Schneider\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-10 00:39 . 2011-01-10 00:40 1402880 ----a-w- c:\program files\HiJackThis.msi
2011-01-07 14:09 . 2005-02-23 18:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 00:42 . 2011-01-07 00:42 709456 ----a-w- c:\windows\is-T0D6D.exe
2010-02-23 19:00 . 2010-02-23 19:00 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-11-29 23:03 . 2009-11-29 23:03 2025768 ----a-w- c:\program files\SkypeSetup.exe
2008-12-28 00:01 . 2006-10-08 18:53 302928 ----a-w- c:\program files\dxwebsetup.exe
2008-12-27 23:56 . 2008-12-27 23:54 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-13 16:18 . 2008-10-13 16:18 12580696 ----a-w- c:\program files\mm20enu.exe
2008-02-10 20:54 . 2008-02-10 20:51 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2007-12-06 18:39 . 2007-12-06 18:38 6820520 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe
2007-11-18 07:12 . 2007-11-18 07:12 13532808 ----a-w- c:\program files\NBCDirectInstaller.exe
2007-10-14 21:09 . 2007-10-14 21:06 1473748992 ----a-w- c:\program files\CoD4MWDemoSetup.exe
2007-04-11 20:53 . 2007-04-11 20:53 1049705 ----a-w- c:\program files\DOSBox-0.63-install.exe
2006-08-13 22:51 . 2006-08-13 22:50 432552 ----a-w- c:\program files\wpsetup.exe
2006-07-01 17:55 . 2006-07-01 17:55 905728 ----a-w- c:\program files\iview398.exe
2006-04-13 17:53 . 2006-04-13 17:53 2871168 ----a-w- c:\program files\setuppad.exe
2006-04-13 17:38 . 2005-10-17 01:21 36465208 ----a-w- c:\program files\iTunesSetup.exe
2005-10-17 01:31 . 2005-10-17 01:31 7739192 ----a-w- c:\program files\DivXPlay.exe
2011-03-18 17:53 . 2011-03-23 18:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" [2007-07-19 2887680]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\documents and settings\Daniel Schneider\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2008-10-13 161160]
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2011-3-14 1564672]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [11/6/2007 6:04 PM 810632]
R2 WXRSS;TVTonic RSS;c:\program files\Wavexpress\TVTonic\WXRSS.exe [9/5/2007 5:58 PM 188416]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [3/14/2011 1:18 PM 238848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:03 PM 135664]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]
.
2011-04-02 c:\windows\Tasks\WebReg psc 1600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 22:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-04 21:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-04-04 22:09:49
ComboFix-quarantined-files.txt 2011-04-05 03:09
ComboFix2.txt 2011-04-04 19:59
ComboFix3.txt 2011-04-02 17:37
ComboFix4.txt 2011-01-08 00:47
.
Pre-Run: 10,005,344,256 bytes free
Post-Run: 9,984,159,744 bytes free
.
- - End Of File - - 581C57E4710F0B28728465BF85B26CA4


TDDSKiller LOG:

2011/04/04 23:03:09.0765 6068 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/04 23:03:09.0906 6068 ================================================================================
2011/04/04 23:03:09.0906 6068 SystemInfo:
2011/04/04 23:03:09.0906 6068
2011/04/04 23:03:09.0906 6068 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/04 23:03:09.0906 6068 Product type: Workstation
2011/04/04 23:03:09.0906 6068 ComputerName: WHITETUNDRA
2011/04/04 23:03:09.0906 6068 UserName: Daniel Schneider
2011/04/04 23:03:09.0906 6068 Windows directory: C:\WINDOWS
2011/04/04 23:03:09.0906 6068 System windows directory: C:\WINDOWS
2011/04/04 23:03:09.0906 6068 Processor architecture: Intel x86
2011/04/04 23:03:09.0906 6068 Number of processors: 2
2011/04/04 23:03:09.0906 6068 Page size: 0x1000
2011/04/04 23:03:09.0906 6068 Boot type: Normal boot
2011/04/04 23:03:09.0906 6068 ================================================================================
2011/04/04 23:03:10.0171 6068 Initialize success
2011/04/04 23:03:14.0984 3620 ================================================================================
2011/04/04 23:03:14.0984 3620 Scan started
2011/04/04 23:03:14.0984 3620 Mode: Manual;
2011/04/04 23:03:14.0984 3620 ================================================================================
2011/04/04 23:03:17.0406 3620 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/04 23:03:17.0500 3620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/04 23:03:17.0562 3620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/04 23:03:17.0625 3620 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/04 23:03:17.0671 3620 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/04 23:03:17.0812 3620 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/04/04 23:03:18.0000 3620 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/04 23:03:18.0125 3620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/04 23:03:18.0140 3620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/04 23:03:18.0281 3620 ati2mtag (aae41c74db4dd34e8e97cb3a7a92c0b6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/04 23:03:18.0375 3620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/04 23:03:18.0421 3620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/04 23:03:18.0609 3620 avgio (afa456a6210abe5798561a5758517340) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
2011/04/04 23:03:18.0671 3620 avgntflt (906f73c4f6b8ba5daabc41a1f04cecfe) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2011/04/04 23:03:18.0703 3620 avipbb (bdb37b3b217f5181a5bc129c50844f98) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/04/04 23:03:18.0781 3620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/04 23:03:18.0828 3620 BELKIN (218cf47c3c6fd72be1eae51b426ca99d) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
2011/04/04 23:03:19.0140 3620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/04 23:03:19.0171 3620 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/04 23:03:19.0265 3620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/04 23:03:19.0281 3620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/04 23:03:19.0359 3620 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/04/04 23:03:19.0375 3620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/04 23:03:19.0515 3620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/04 23:03:19.0609 3620 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/04 23:03:19.0750 3620 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/04/04 23:03:19.0765 3620 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/04 23:03:19.0796 3620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/04 23:03:19.0859 3620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/04 23:03:19.0890 3620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/04 23:03:20.0000 3620 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/04 23:03:20.0078 3620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/04 23:03:20.0171 3620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/04 23:03:20.0234 3620 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/04/04 23:03:20.0265 3620 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/04 23:03:20.0281 3620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/04 23:03:20.0343 3620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/04 23:03:20.0406 3620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/04 23:03:20.0421 3620 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/04 23:03:20.0484 3620 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/04/04 23:03:20.0515 3620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/04 23:03:20.0609 3620 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/04/04 23:03:20.0640 3620 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/04 23:03:20.0671 3620 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/04/04 23:03:20.0718 3620 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/04 23:03:20.0781 3620 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/04 23:03:20.0812 3620 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/04 23:03:20.0828 3620 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/04 23:03:20.0906 3620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/04 23:03:21.0031 3620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/04 23:03:21.0125 3620 ialm (afbf1b43cc830bdc03b582003da439c2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/04/04 23:03:21.0218 3620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/04 23:03:21.0343 3620 IntcAzAudAddService (b2b7af5dc5e1b6b171dfda681d105c7c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/04 23:03:21.0453 3620 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/04 23:03:21.0515 3620 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/04 23:03:21.0546 3620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/04 23:03:21.0625 3620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/04 23:03:21.0656 3620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/04 23:03:21.0687 3620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/04 23:03:21.0718 3620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/04 23:03:21.0765 3620 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/04/04 23:03:21.0796 3620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/04 23:03:21.0812 3620 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/04 23:03:21.0843 3620 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/04 23:03:21.0859 3620 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/04 23:03:21.0890 3620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/04 23:03:21.0953 3620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/04 23:03:22.0046 3620 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2011/04/04 23:03:22.0140 3620 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/04/04 23:03:22.0437 3620 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/04/04 23:03:22.0750 3620 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/04/04 23:03:22.0843 3620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/04 23:03:22.0906 3620 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/04 23:03:22.0984 3620 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/04/04 23:03:23.0015 3620 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/04 23:03:23.0062 3620 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/04 23:03:23.0125 3620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/04 23:03:23.0156 3620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/04 23:03:23.0250 3620 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/04 23:03:23.0296 3620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/04 23:03:23.0328 3620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/04 23:03:23.0359 3620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/04 23:03:23.0390 3620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/04 23:03:23.0453 3620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/04 23:03:23.0515 3620 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/04 23:03:23.0562 3620 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/04 23:03:23.0609 3620 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/04 23:03:23.0640 3620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/04 23:03:23.0671 3620 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/04 23:03:23.0703 3620 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/04 23:03:23.0718 3620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/04 23:03:23.0750 3620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/04 23:03:23.0796 3620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/04 23:03:23.0812 3620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/04 23:03:23.0859 3620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/04 23:03:23.0921 3620 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/04 23:03:23.0953 3620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/04 23:03:24.0015 3620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/04 23:03:24.0109 3620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/04 23:03:24.0171 3620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/04 23:03:24.0187 3620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/04 23:03:24.0234 3620 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/04 23:03:24.0265 3620 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/04 23:03:24.0281 3620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/04 23:03:24.0343 3620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/04 23:03:24.0359 3620 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/04 23:03:24.0390 3620 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/04 23:03:24.0453 3620 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/04 23:03:24.0640 3620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/04 23:03:24.0671 3620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/04 23:03:24.0718 3620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/04 23:03:24.0734 3620 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/04 23:03:24.0843 3620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/04 23:03:24.0906 3620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/04 23:03:24.0921 3620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/04 23:03:24.0953 3620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/04 23:03:25.0000 3620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/04 23:03:25.0046 3620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/04 23:03:25.0062 3620 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/04 23:03:25.0171 3620 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/04 23:03:25.0187 3620 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/04 23:03:25.0281 3620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/04 23:03:25.0328 3620 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/04 23:03:25.0359 3620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/04 23:03:25.0421 3620 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/04 23:03:25.0531 3620 smrt (27d6be8e961ab9df26ec5ce823b68b7f) C:\WINDOWS\system32\DRIVERS\smrt.sys
2011/04/04 23:03:25.0656 3620 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/04/04 23:03:25.0734 3620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/04 23:03:25.0765 3620 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/04 23:03:25.0828 3620 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/04 23:03:25.0921 3620 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/04/04 23:03:26.0015 3620 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/04 23:03:26.0062 3620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/04 23:03:26.0078 3620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/04 23:03:26.0218 3620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/04 23:03:26.0312 3620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/04 23:03:26.0375 3620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/04 23:03:26.0406 3620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/04 23:03:26.0421 3620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/04 23:03:26.0500 3620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/04 23:03:26.0578 3620 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/04 23:03:26.0687 3620 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/04 23:03:26.0703 3620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/04 23:03:26.0734 3620 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/04 23:03:26.0750 3620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/04 23:03:26.0765 3620 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/04 23:03:26.0796 3620 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/04 23:03:26.0812 3620 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/04 23:03:26.0843 3620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/04 23:03:26.0890 3620 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/04 23:03:26.0921 3620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/04 23:03:27.0000 3620 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/04 23:03:27.0078 3620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/04 23:03:27.0109 3620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/04 23:03:27.0218 3620 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/04/04 23:03:27.0281 3620 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/04 23:03:27.0437 3620 ================================================================================
2011/04/04 23:03:27.0437 3620 Scan finished
2011/04/04 23:03:27.0437 3620 ================================================================================

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by Sneakyone on Wed Apr 06, 2011 3:56 am

Hi,

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Wed Apr 06, 2011 6:22 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6283

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/6/2011 1:20:12 AM
mbam-log-2011-04-06 (01-20-12).txt

Scan type: Quick scan
Objects scanned: 190528
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by Sneakyone on Thu Apr 07, 2011 2:16 am

Hi,

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Thu Apr 07, 2011 2:12 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=032f5dea050941468a6a4eecec9ca964
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-07 05:43:01
# local_time=2011-04-07 12:43:01 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 7447905 7447905 0 0
# compatibility_mode=1792 16777191 100 0 53558274 53558274 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=121295
# found=0
# cleaned=0
# scan_time=4218

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by Sneakyone on Fri Apr 08, 2011 4:11 am

Hi,

How is your computer running now?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Fri Apr 08, 2011 4:37 am

It seems smooth. However, my computer shut off at some point again, and I had difficulty rebooting to Windows (again). The first time I turned my computer on, it pretty much stayed on a black screen. The second time, it progressed to the Windows Loading progress bar, then stuck on a black screen. The third time, I started in Safe Mode, then restarted it from there, and it booted up fine. Not sure if that's something to worry about, because things are running great otherwise.

Also of note, before it shutdown, I ran an AntiVir scan, and it detected two viruses (one of which - C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll - I thought I had gotten rid of). It says they were deleted, but it's said that about the "LVP" one before. I haven't re-run the scan since reboot, so I don't know if it would be detected again. Anyway, here's the log from that scan:




Avira AntiVir Personal
Report file date: Thursday, April 07, 2011 11:25

Scanning for 2572371 virus strains and unwanted programs.

Licensed to: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: WHITETUNDRA

Version information:
BUILD.DAT : 8.2.0.354 17048 Bytes 10/23/2009 13:15:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:27:30
ANTIVIR1.VDF : 7.11.3.10 15313776 Bytes 2/9/2011 04:37:23
ANTIVIR2.VDF : 7.11.5.208 2703776 Bytes 4/6/2011 04:31:39
ANTIVIR3.VDF : 7.11.5.214 16896 Bytes 4/6/2011 04:31:40
Engineversion : 8.2.4.202
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 05:08:41
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/6/2011 04:32:34
AESCN.DLL : 8.1.7.2 127349 Bytes 11/23/2010 04:28:50
AESBX.DLL : 8.1.3.2 254324 Bytes 11/23/2010 04:28:49
AERDL.DLL : 8.1.9.9 639347 Bytes 3/26/2011 03:38:48
AEPACK.DLL : 8.2.4.15 524662 Bytes 4/6/2011 04:32:30
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/6/2011 04:32:27
AEHEUR.DLL : 8.1.2.96 3412341 Bytes 4/6/2011 04:32:25
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/4/2011 04:34:32
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/6/2011 04:32:08
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/23/2010 04:28:31
AECORE.DLL : 8.1.19.2 196983 Bytes 1/21/2011 04:33:27
AEBB.DLL : 8.1.1.0 53618 Bytes 4/23/2010 15:40:00
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 10.0.0.9 174120 Bytes 2/18/2011 04:35:26
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, April 07, 2011 11:25

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'Belkinwcui.exe' - '1' Module(s) have been scanned
Scan process 'VideoCamSuiteAutoStart.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LWS.exe' - '1' Module(s) have been scanned
Scan process 'ArcCon.ac' - '1' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '1' Module(s) have been scanned
Scan process 'VAIOUpdt.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'RM_SV.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'VzFw.exe' - '1' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
Scan process 'WXRSS.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMceMan.exe' - '1' Module(s) have been scanned
Scan process 'SonicStageMonitoring.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'MediaAgent.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
59 processes with 59 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '66' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Daniel Schneider\Application Data\Sun\Java\Deployment\cache\6.0\54\3e1a46f6-34a36687
[DETECTION] Contains recognition pattern of the JAVA/Stutter.T Java virus
[NOTE] The file was deleted!
C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!


End of the scan: Thursday, April 07, 2011 13:41
Used time: 2:16:09 Hour(s)

The scan has been done completely.

26772 Scanning directories
364363 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
364359 Files not concerned
8417 Archives were scanned
8 Warnings
2 Notes

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by Sneakyone on Sat Apr 09, 2011 4:19 am

Hi,

Could you please re-run ComboFix?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Sat Apr 09, 2011 5:54 am

ComboFix 11-04-08.02 - Daniel Schneider 04/09/2011 0:08.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.489 [GMT -5:00]
Running from: c:\documents and settings\Daniel Schneider\desktop\commy.exe
Command switches used :: /stepdel
AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\arp.exe
c:\windows\system32\SCardSvr.exe
c:\windows\system32\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-07 04:25 . 2011-04-07 04:25 -------- d-----w- c:\program files\ESET
2011-04-02 16:59 . 2004-08-10 12:00 19456 -c--a-w- c:\windows\system32\dllcache\arp.exe
2011-04-02 16:59 . 2004-08-10 12:00 19456 ----a-w- c:\windows\system32\arp.exe
2011-03-29 21:42 . 2011-03-29 21:42 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-03-29 21:39 . 2011-03-29 21:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-03-29 17:37 . 2011-03-29 17:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-29 17:37 . 2011-03-29 17:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-03-23 18:00 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:00 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:00 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-23 18:00 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-23 18:00 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:00 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-23 18:00 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 18:00 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 17:55 . 2011-03-23 17:56 12580112 ----a-w- C:\Firefox Setup 4.0.exe
2011-03-14 18:18 . 2007-06-01 05:13 238848 ------r- c:\windows\system32\drivers\BLKWGU.sys
2011-03-14 18:17 . 2006-11-15 21:23 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
2011-03-14 18:17 . 2011-03-14 18:17 -------- d-----w- c:\program files\Belkin
2011-03-14 18:17 . 2011-03-14 18:17 -------- d-----w- c:\documents and settings\Daniel Schneider\Application Data\InstallShield
2011-03-14 08:43 . 2011-03-14 08:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-03-11 23:57 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 07:58 . 2005-02-23 20:08 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 02:02 . 2007-09-14 01:24 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-30 02:00 . 2010-02-15 00:37 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-30 02:00 . 2007-09-14 01:24 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-29 22:28 . 2011-01-29 22:28 3782822 ----a-w- c:\program files\ConvertHelperSetup.exe
2011-01-27 11:57 . 2005-02-23 20:08 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-02-23 18:57 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-10 00:40 . 2011-01-10 00:40 388096 ----a-r- c:\documents and settings\Daniel Schneider\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-10 00:39 . 2011-01-10 00:40 1402880 ----a-w- c:\program files\HiJackThis.msi
2010-02-23 19:00 . 2010-02-23 19:00 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-11-29 23:03 . 2009-11-29 23:03 2025768 ----a-w- c:\program files\SkypeSetup.exe
2008-12-28 00:01 . 2006-10-08 18:53 302928 ----a-w- c:\program files\dxwebsetup.exe
2008-12-27 23:56 . 2008-12-27 23:54 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-13 16:18 . 2008-10-13 16:18 12580696 ----a-w- c:\program files\mm20enu.exe
2008-02-10 20:54 . 2008-02-10 20:51 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2007-12-06 18:39 . 2007-12-06 18:38 6820520 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe
2007-11-18 07:12 . 2007-11-18 07:12 13532808 ----a-w- c:\program files\NBCDirectInstaller.exe
2007-10-14 21:09 . 2007-10-14 21:06 1473748992 ----a-w- c:\program files\CoD4MWDemoSetup.exe
2007-04-11 20:53 . 2007-04-11 20:53 1049705 ----a-w- c:\program files\DOSBox-0.63-install.exe
2006-08-13 22:51 . 2006-08-13 22:50 432552 ----a-w- c:\program files\wpsetup.exe
2006-07-01 17:55 . 2006-07-01 17:55 905728 ----a-w- c:\program files\iview398.exe
2006-04-13 17:53 . 2006-04-13 17:53 2871168 ----a-w- c:\program files\setuppad.exe
2006-04-13 17:38 . 2005-10-17 01:21 36465208 ----a-w- c:\program files\iTunesSetup.exe
2005-10-17 01:31 . 2005-10-17 01:31 7739192 ----a-w- c:\program files\DivXPlay.exe
2011-03-18 17:53 . 2011-03-23 18:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" [2007-07-19 2887680]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\documents and settings\Daniel Schneider\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2008-10-13 161160]
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2011-3-14 1564672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlICSl]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [11/6/2007 6:04 PM 810632]
R2 WXRSS;TVTonic RSS;c:\program files\Wavexpress\TVTonic\WXRSS.exe [9/5/2007 5:58 PM 188416]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [3/14/2011 1:18 PM 238848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:03 PM 135664]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]
.
2011-04-08 c:\windows\Tasks\WebReg psc 1600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 22:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9E3DCAB2-1B63-44D9-AF91-7751CB9F605B} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-09 00:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4064)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\AGRSMMSG.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\logitech\logitech webcam software\lu\lulnchr.exe
c:\program files\logitech\logitech webcam software\lu\LogitechUpdate.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-04-09 00:50:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-09 05:50
ComboFix2.txt 2011-04-05 03:09
ComboFix3.txt 2011-04-04 19:59
ComboFix4.txt 2011-04-02 17:37
ComboFix5.txt 2011-04-09 05:05
.
Pre-Run: 9,655,132,160 bytes free
Post-Run: 9,635,753,984 bytes free
.
- - End Of File - - 11ACBF9D8FBAF6B97A207F6C24FA0588

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by Sneakyone on Sun Apr 10, 2011 5:22 am

Is it still showing up now?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think my computer's infected

Post by drokness on Sun Apr 10, 2011 6:03 pm

No, ran a scan and it didn't find anything. Seems to be running pretty smooth.

drokness
Intermediate
Intermediate

Posts Posts : 105
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 30068
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum