LALA.EXE UNKNOWN VIRUS POST 1

View previous topic View next topic Go down

LALA.EXE UNKNOWN VIRUS POST 1

Post by JGMG1312 on Fri 22 Apr 2011, 10:30 pm

OTL logfile created on: 22/04/2011 12:10:24 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = I:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): i:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 232.88 Gb Total Space | 184.61 Gb Free Space | 79.28% Space Free | Partition Type: NTFS

Computer Name: OWNER-34D220AB6 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 12:01:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2011/04/22 09:10:04 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/11 02:36:10 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- I:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/03/09 13:30:08 | 000,247,728 | ---- | M] (TomTom) -- I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) -- I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/01/31 12:16:40 | 000,703,360 | ---- | M] (Nokia) -- I:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- I:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/11/16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/11/15 14:41:18 | 000,367,496 | ---- | M] () -- I:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2010/10/19 13:59:38 | 000,984,000 | ---- | M] (Discordia, LTD) -- I:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2010/09/29 09:11:07 | 000,157,504 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\TPSrv.exe
PRC - [2010/09/13 09:11:00 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\PavFnSvr.exe
PRC - [2010/08/26 11:52:15 | 000,988,480 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\ApVxdWin.exe
PRC - [2010/08/16 13:54:45 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\psksvc.exe
PRC - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\pavsrvx86.exe
PRC - [2010/05/28 13:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\AVENGINE.EXE
PRC - [2010/05/11 11:11:58 | 000,134,144 | ---- | M] (Nokia) -- I:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2010/04/22 18:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\WebProxy.exe
PRC - [2010/02/23 12:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\PavBckPT.exe
PRC - [2009/11/26 17:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- i:\Program Files\Panda Security\Panda Global Protection 2011\FIREWALL\PSHost.exe
PRC - [2009/10/30 10:13:40 | 000,188,416 | ---- | M] (Chicony Electronics Co., Ltd.) -- I:\WINDOWS\system32\DVAPTray.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\PsCtrlS.exe
PRC - [2009/02/03 14:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- I:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/06/27 13:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\SrvLoad.exe
PRC - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\PsImSvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2007/11/19 02:00:00 | 000,075,136 | ---- | M] (Nektra S.A./WinZip Computing, S.L.) -- I:\Program Files\WinZip E-Mail Companion\loadwzco.exe
PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- I:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005/07/26 11:16:04 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- I:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 13:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\drwtsn32.exe


========== Modules (SafeList) ==========

MOD - [2011/04/22 12:01:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Owner\Desktop\OTL.com
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/18 18:50:42 | 000,152,896 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\PavTrc.dll
MOD - [2009/08/10 13:45:54 | 000,095,488 | ---- | M] (Panda Security, S.L.) -- I:\Program Files\Panda Security\Panda Global Protection 2011\PavOEpl.dll
MOD - [2009/03/30 18:22:58 | 000,518,400 | ---- | M] (Panda Security, S.L.) -- I:\WINDOWS\system32\PavSHook.dll
MOD - [2009/03/30 18:22:58 | 000,087,296 | ---- | M] (Panda Security, S.L.) -- I:\WINDOWS\system32\PavLspHook.dll
MOD - [2007/02/08 10:53:40 | 000,107,568 | ---- | M] (Panda Software) -- I:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2006/10/04 22:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- I:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus(R)
SRV - [2011/03/31 11:58:12 | 003,229,784 | ---- | M] () [Auto | Running] -- i:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- I:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/11 02:36:10 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- I:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/11 02:36:10 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- I:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- I:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/09/29 09:11:07 | 000,157,504 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- I:\Program Files\Panda Security\Panda Global Protection 2011\TPSrv.exe -- (TPSrv)
SRV - [2010/09/13 09:11:00 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- I:\Program Files\Panda Security\Panda Global Protection 2011\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010/08/16 13:54:45 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- I:\Program Files\Panda Security\Panda Global Protection 2011\PskSvc.exe -- (PskSvcRetail)
SRV - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- I:\Program Files\Panda Security\Panda Global Protection 2011\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/11/26 17:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- i:\program files\panda security\panda global protection 2011\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- I:\Program Files\Panda Security\Panda Global Protection 2011\PsCtrls.exe -- (Panda Software Controller)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- I:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- I:\Program Files\Panda Security\Panda Global Protection 2011\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- I:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (PavSRK.sys)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2011/04/22 11:57:37 | 000,013,880 | ---- | M] () [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2010/07/30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/05/21 13:50:26 | 000,059,080 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- I:\WINDOWS\system32\drivers\amm8651.sys -- (AmFSM)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/18 19:31:20 | 000,199,688 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\neti1642.sys -- (NETIMFLT01060042)
DRV - [2010/02/18 19:31:18 | 000,076,296 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- I:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- I:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/10/27 12:07:42 | 000,037,896 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2009/09/25 14:54:08 | 000,046,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/09/25 14:54:06 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/09/25 14:54:04 | 000,193,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2009/09/25 14:54:04 | 000,022,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2009/09/25 14:54:02 | 000,053,256 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2009/09/14 16:18:22 | 000,163,336 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- I:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/03/25 07:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 05:51:44 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:04:16 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/07/26 11:16:24 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005/07/26 11:16:24 | 000,033,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/07/26 11:16:24 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2005/07/26 11:16:24 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/26 11:15:58 | 002,324,160 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/08 22:15:10 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/08 22:14:44 | 000,024,064 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- I:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/08 22:08:42 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/03/08 22:05:40 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/03/08 22:05:30 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/08 21:54:48 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/03/08 21:53:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/08 21:38:32 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/05/08 11:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/12/19 03:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- I:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..browser.startup.homepage: "http://search.shareazaweb.com/"
FF - prefs.js..browser.search.selectedEngine: "Shareaza Web Search"
FF - prefs.js..browser.search.defaultenginename: "Shareaza Web Search"
FF - prefs.js..browser.search.order.1: "Shareaza Web Search"
FF - prefs.js..keyword.URL: "http://search.shareazaweb.com/web?src=ffb&systemid=3&q="

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: I:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/12/19 21:05:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: I:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2011/02/06 22:38:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\RAWThumbnailViewer@arcsoft.com.cn: I:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011/02/06 22:47:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: I:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/29 16:00:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: I:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/29 16:00:24 | 000,000,000 | ---D | M]

[2011/01/09 14:25:03 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/28 15:20:03 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/10/05 12:12:22 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/09 14:25:18 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3juc7h8o.default\extensions
[2010/09/22 22:55:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3juc7h8o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/09 14:25:19 | 000,000,000 | ---D | M] (MediaBar) -- I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3juc7h8o.default\extensions\{D238F46A-64EC-11DE-9C5A-D54056D89593}
[2010/08/12 09:21:06 | 000,002,510 | ---- | M] () -- I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3juc7h8o.default\searchplugins\ShareazaWebSearch.xml
[2011/04/09 10:55:31 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2010/05/03 19:04:52 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/17 16:52:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2011/03/29 16:00:24 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- I:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/12 09:21:06 | 000,002,510 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\ShareazaWebSearch.xml

O1 HOSTS File: ([2006/02/28 13:00:00 | 000,000,734 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - I:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - I:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - I:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (UrlHelper Class) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - I:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - I:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (MediaBar) - {EE9A4208-64EC-11DE-8440-204256D89593} - I:\Program Files\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - I:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - I:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MediaBar) - {EE9A4208-64EC-11DE-8440-204256D89593} - I:\Program Files\Shareaza Applications\MediaBar\ToolBar\ShareazaMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - I:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - I:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APVXDWIN] I:\Program Files\Panda Security\Panda Global Protection 2011\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [ArcSoft Connection Service] I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DATAMNGR] I:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [DVAPTray] I:\WINDOWS\system32\DVAPTray.exe (Chicony Electronics Co., Ltd.)
O4 - HKLM..\Run: [OpwareSE4] I:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDF3 Registry Controller] I:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SCANINICIO] I:\Program Files\Panda Security\Panda Global Protection 2011\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SoundMan] I:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinZip E-Mail Companion OEAPI] I:\Program Files\WinZip E-Mail Companion\loadwzco.exe (Nektra S.A./WinZip Computing, S.L.)
O4 - HKLM..\Run: [YSearchProtection] I:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [{5E252DC5-DD1E-D79B-017D-F6C1B1A6C949}] I:\Documents and Settings\Owner\Application Data\Erhici\lala.exe ()
O4 - HKCU..\Run: [NokiaOviSuite2] I:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - I:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - I:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.)
O8 - Extra context menu item: Read EXIF - I:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} [You must be registered and logged in to see this link.] (asusTek_sysctrl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} I:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} [You must be registered and logged in to see this link.] (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - I:\Program Files\vShare\vshare_toolbar.dll ()
O20 - AppInit_DLLs: (I:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\datamngr.dll) - I:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (I:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll) - I:\Program Files\Shareaza Applications\MediaBar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - I:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - I:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/27 13:31:05 | 000,000,000 | ---- | M] () - I:\Autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: APVXDWIN - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SCANINICIO - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: PskSvcRetail - I:\Program Files\Panda Security\Panda Global Protection 2011\PskSvc.exe (Panda Security, S.L.)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {0117F56B-AD48-4773-BDD1-FBEFE0142D00} - Yahoo! Search Settings Update
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61C934E3-4D8D-4F51-A817-AA2FC5DE3134} - NoIE8Tour
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - I:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - i:\WINDOWS\system32\Rundll32.exe i:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - I:\WINDOWS\system32\rundll32.exe I:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx I:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - I:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - I:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - I:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "I:\WINDOWS\system32\rundll32.exe" "I:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - I:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - I:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - I:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - I:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - I:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - I:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - I:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - I:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (52367900584968192)

========== Files/Folders - Created Within 30 Days ==========

JGMG1312

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-06-06
Operating System : XP

View user profile

Back to top Go down

LALA.EXE UNKNOWN VIRUS POST 2

Post by JGMG1312 on Fri 22 Apr 2011, 10:32 pm

========== Files/Folders - Created Within 30 Days ==========

[2011/04/22 10:18:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Owner\Desktop\OTL.com
[2011/04/19 20:45:12 | 016,525,088 | ---- | C] (Sun Microsystems, Inc.) -- I:\Documents and Settings\Owner\My Documents\jre-6u24-windows-i586.exe
[2011/04/19 19:15:14 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Owner\Desktop\DSL
[2011/04/17 16:52:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- I:\WINDOWS\System32\javaws.exe
[2011/04/17 16:52:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- I:\WINDOWS\System32\javaw.exe
[2011/04/17 16:52:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- I:\WINDOWS\System32\javacpl.cpl
[2011/04/17 16:52:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- I:\WINDOWS\System32\java.exe
[2011/04/14 22:34:43 | 000,000,000 | -H-D | C] -- I:\WINDOWS\PIF
[2011/04/11 08:38:10 | 003,307,784 | ---- | C] (Microsoft Corporation) -- I:\Documents and Settings\Owner\My Documents\BingBarSetup.EXE
[2011/04/09 14:56:16 | 025,740,256 | ---- | C] (Microsoft Corporation) -- I:\Documents and Settings\Owner\My Documents\wmp11-windowsxp-x86-enu.exe
[2011/04/09 12:54:37 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Owner\My Documents\CVs
[2011/04/09 11:38:18 | 502,380,952 | ---- | C] (Acresso Software Inc.) -- I:\Documents and Settings\Owner\My Documents\PSPP_X3_TBYB.exe
[2011/04/09 11:36:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Owner\My Documents\tom tom go 500
[2011/04/09 11:28:10 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- I:\WINDOWS\System32\drivers\pavboot.sys
[2011/04/09 09:28:51 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Owner\My Documents\My Received Files
[2011/04/07 21:38:56 | 011,978,408 | ---- | C] (Nullsoft, Inc.) -- I:\Documents and Settings\Owner\Desktop\winamp561_full_emusic-7plus_en-us.exe
[2011/04/07 21:13:15 | 000,000,000 | ---D | C] -- I:\Program Files\Bonjour
[2011/04/07 15:19:01 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Owner\My Documents\Roxio
[2011/04/05 18:31:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Owner\Application Data\Mekau
[2011/04/05 18:31:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Owner\Application Data\Axbu
[2011/04/05 15:05:50 | 000,000,000 | -H-D | C] -- I:\WINDOWS\ie8
[2011/04/05 14:56:00 | 016,883,056 | ---- | C] (Microsoft Corporation) -- I:\Documents and Settings\Owner\My Documents\IE8-WindowsXP-x86-ENU.exe
[2011/03/29 16:23:03 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\ParetoLogic
[2011/03/29 16:23:02 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/03/29 16:03:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Nokia
[6 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/22 12:01:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Owner\Desktop\OTL.com
[2011/04/22 12:01:08 | 000,000,234 | ---- | M] () -- I:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/04/22 11:57:44 | 000,360,756 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2011/04/22 11:57:44 | 000,360,756 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2011/04/22 11:57:44 | 000,001,132 | ---- | M] () -- I:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2011/04/22 11:57:44 | 000,001,132 | ---- | M] () -- I:\WINDOWS\System32\drivers\APPFLTR.CFG
[2011/04/22 11:57:44 | 000,000,252 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2011/04/22 11:57:44 | 000,000,252 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2011/04/22 11:57:44 | 000,000,092 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
[2011/04/22 11:57:44 | 000,000,092 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\NetLoc.wlt
[2011/04/22 11:57:44 | 000,000,068 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2011/04/22 11:57:44 | 000,000,068 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2011/04/22 11:57:44 | 000,000,056 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2011/04/22 11:57:44 | 000,000,056 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2011/04/22 11:57:44 | 000,000,056 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2011/04/22 11:57:44 | 000,000,056 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2011/04/22 11:57:37 | 000,013,880 | ---- | M] () -- I:\WINDOWS\System32\drivers\COMFiltr.sys
[2011/04/22 11:57:33 | 000,382,600 | ---- | M] () -- I:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2011/04/22 11:57:33 | 000,382,600 | ---- | M] () -- I:\WINDOWS\System32\drivers\APPFCONT.DAT
[2011/04/22 11:56:05 | 000,021,760 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011/04/22 11:55:59 | 000,000,880 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/22 11:55:59 | 000,000,236 | ---- | M] () -- I:\WINDOWS\tasks\OGALogon.job
[2011/04/22 11:55:57 | 000,000,386 | ---- | M] () -- I:\WINDOWS\tasks\FileCure Startup.job
[2011/04/22 11:55:56 | 000,000,378 | ---- | M] () -- I:\WINDOWS\tasks\Registry Reviver-Owner-Startup.job
[2011/04/22 11:36:20 | 000,000,104 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2011/04/22 11:36:20 | 000,000,104 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2011/04/22 11:36:18 | 000,000,064 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2011/04/22 11:36:18 | 000,000,064 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2011/04/22 11:35:54 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011/04/22 11:35:52 | 2650,132,480 | -HS- | M] () -- I:\hiberfil.sys
[2011/04/22 11:24:00 | 000,000,884 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/22 09:13:03 | 000,000,422 | -H-- | M] () -- I:\WINDOWS\tasks\User_Feed_Synchronization-{79938DB7-4041-44CF-9335-4C24FB8105E7}.job
[2011/04/20 16:27:56 | 000,008,627 | ---- | M] () -- I:\WINDOWS\System32\PAV_FOG.OPC
[2011/04/18 20:02:39 | 000,098,658 | --S- | M] () -- I:\Documents and Settings\Owner\My Documents\VIRUS AND SOFTWARE 18042011.rcl
[2011/04/18 18:00:04 | 000,000,444 | ---- | M] () -- I:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/04/17 16:52:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- I:\WINDOWS\System32\deployJava1.dll
[2011/04/17 16:52:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- I:\WINDOWS\System32\javaws.exe
[2011/04/17 16:52:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- I:\WINDOWS\System32\javaw.exe
[2011/04/17 16:52:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- I:\WINDOWS\System32\java.exe
[2011/04/17 16:52:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- I:\WINDOWS\System32\javacpl.cpl
[2011/04/17 16:37:41 | 000,159,877 | ---- | M] () -- I:\Documents and Settings\Owner\My Documents\JavaRa.zip
[2011/04/17 16:33:16 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- I:\Documents and Settings\Owner\My Documents\jre-6u24-windows-i586.exe
[2011/04/13 09:05:50 | 000,373,672 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 09:02:06 | 000,502,586 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2011/04/13 09:02:06 | 000,087,172 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2011/04/11 08:26:14 | 003,307,784 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\Owner\My Documents\BingBarSetup.EXE
[2011/04/10 14:58:43 | 000,225,672 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\CrucialUKScan.exe
[2011/04/08 15:14:54 | 000,020,480 | ---- | M] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/07 21:38:56 | 011,978,408 | ---- | M] (Nullsoft, Inc.) -- I:\Documents and Settings\Owner\Desktop\winamp561_full_emusic-7plus_en-us.exe
[2011/04/07 15:21:32 | 000,000,091 | ---- | M] () -- I:\WINDOWS\Retrieve7.INI
[2011/04/05 15:17:41 | 000,000,803 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/04/05 15:10:34 | 000,000,815 | ---- | M] () -- I:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/05 14:56:00 | 016,883,056 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\Owner\My Documents\IE8-WindowsXP-x86-ENU.exe
[2011/04/04 09:11:31 | 001,640,971 | ---- | M] () -- I:\Documents and Settings\Owner\My Documents\DSLite_english.pdf
[2011/03/29 16:23:03 | 000,000,812 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\ParetoLogic FileCure.lnk
[6 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/19 20:45:13 | 000,159,877 | ---- | C] () -- I:\Documents and Settings\Owner\My Documents\JavaRa.zip
[2011/04/19 20:45:12 | 000,098,658 | --S- | C] () -- I:\Documents and Settings\Owner\My Documents\VIRUS AND SOFTWARE 18042011.rcl
[2011/04/10 14:59:00 | 000,225,672 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\CrucialUKScan.exe
[2011/04/09 14:56:18 | 001,640,971 | ---- | C] () -- I:\Documents and Settings\Owner\My Documents\DSLite_english.pdf
[2011/04/09 14:56:17 | 007,017,653 | ---- | C] () -- I:\Documents and Settings\Owner\My Documents\camileo s20.pdf
[2011/04/09 14:56:16 | 000,000,951 | ---- | C] () -- I:\Documents and Settings\Owner\My Documents\yahoo_ab.vcf
[2011/04/09 14:56:16 | 000,000,846 | ---- | C] () -- I:\Documents and Settings\Owner\My Documents\yahoo_aba.vcf
[2011/04/09 14:56:15 | 002,084,066 | ---- | C] () -- I:\Documents and Settings\Owner\My Documents\freesatChannelGuideNovember.pdf
[2011/04/09 12:53:40 | 000,131,584 | ---- | C] () -- I:\Documents and Settings\Owner\My Documents\mbid14.exe
[2011/04/07 15:21:32 | 000,000,091 | ---- | C] () -- I:\WINDOWS\Retrieve7.INI
[2011/04/05 15:17:41 | 000,000,803 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/04/05 15:15:22 | 000,000,422 | -H-- | C] () -- I:\WINDOWS\tasks\User_Feed_Synchronization-{79938DB7-4041-44CF-9335-4C24FB8105E7}.job
[2011/03/29 16:23:24 | 000,000,444 | ---- | C] () -- I:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/03/25 11:43:53 | 000,001,787 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/02/06 22:41:05 | 000,085,504 | ---- | C] () -- I:\WINDOWS\System32\ff_vfw.dll
[2011/01/21 14:19:36 | 000,148,195 | ---- | C] () -- I:\Program Files\Common Files\BookViewer.xap
[2011/01/19 23:46:16 | 000,000,088 | RHS- | C] () -- I:\Documents and Settings\All Users\Application Data\227A7E50F6.sys
[2011/01/19 23:46:15 | 000,002,828 | -HS- | C] () -- I:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/01/19 15:34:42 | 000,000,286 | ---- | C] () -- I:\WINDOWS\reimage.ini
[2010/10/18 15:08:58 | 000,000,049 | ---- | C] () -- I:\WINDOWS\cgminivw.ini
[2010/10/18 15:05:14 | 000,000,037 | ---- | C] () -- I:\WINDOWS\Viewer.ini
[2010/10/18 15:02:27 | 000,004,676 | ---- | C] () -- I:\WINDOWS\psdxport.ini
[2010/10/18 15:02:27 | 000,000,074 | ---- | C] () -- I:\WINDOWS\psdewin.ini
[2010/10/02 18:47:14 | 000,005,159 | ---- | C] () -- I:\WINDOWS\Ascd_tmp.ini
[2010/09/26 13:19:22 | 000,000,059 | ---- | C] () -- I:\Documents and Settings\Owner\Application Data\default.pls
[2010/09/25 19:52:16 | 000,000,069 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2010/09/18 23:50:07 | 000,000,000 | ---- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\imageCache7.db
[2010/09/18 14:31:41 | 000,013,880 | ---- | C] () -- I:\WINDOWS\System32\drivers\COMFiltr.sys
[2010/09/18 14:24:51 | 000,000,262 | ---- | C] () -- I:\WINDOWS\System32\PavCPL.dat
[2010/09/18 14:24:47 | 000,382,600 | ---- | C] () -- I:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010/09/18 14:24:47 | 000,382,600 | ---- | C] () -- I:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010/06/12 11:58:58 | 000,060,568 | -H-- | C] () -- I:\WINDOWS\System32\mlfcache.dat
[2010/06/09 18:23:55 | 003,248,128 | ---- | C] () -- I:\WINDOWS\System32\DVAPfg.exe
[2010/05/11 14:44:25 | 000,074,703 | ---- | C] () -- I:\WINDOWS\System32\mfc45.dll
[2010/04/09 17:23:11 | 000,000,664 | ---- | C] () -- I:\WINDOWS\System32\d3d9caps.dat
[2010/03/12 22:30:25 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2010/03/12 18:07:24 | 000,020,480 | ---- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/27 10:13:12 | 000,065,536 | ---- | C] () -- I:\WINDOWS\System32\YCRWin32.dll
[2010/02/27 00:15:58 | 000,000,376 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2010/02/25 12:30:11 | 000,156,672 | ---- | C] () -- I:\WINDOWS\System32\RTLCPAPI.dll
[2010/02/25 12:30:11 | 000,040,960 | ---- | C] () -- I:\WINDOWS\System32\ChCfg.exe
[2010/02/23 14:22:08 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2010/02/23 14:17:46 | 000,022,720 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2010/02/23 13:25:22 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2010/02/23 13:24:10 | 000,373,672 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/31 15:00:22 | 000,021,504 | ---- | C] () -- I:\WINDOWS\System32\WBCustomizer.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- I:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- I:\WINDOWS\System32\OGAEXEC.exe
[2009/03/03 13:18:04 | 000,073,728 | ---- | C] () -- I:\WINDOWS\System32\RtNicProp32.dll
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- I:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- I:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- I:\WINDOWS\System32\Dcache.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- I:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- I:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- I:\WINDOWS\System32\gthrctr.ini
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2006/02/28 13:00:00 | 000,502,586 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2006/02/28 13:00:00 | 000,087,172 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2006/02/28 13:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat
[2005/02/28 20:17:16 | 000,000,000 | ---- | C] () -- I:\WINDOWS\System32\px.ini
[2004/11/30 05:10:00 | 000,045,056 | ---- | C] () -- I:\WINDOWS\System32\besch.exe
[2004/11/30 05:10:00 | 000,028,672 | ---- | C] () -- I:\WINDOWS\System32\besched.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat
[2003/12/19 03:00:00 | 000,013,387 | ---- | C] () -- I:\WINDOWS\System32\CinemSup.sys
[2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- I:\WINDOWS\System32\lockout.dll
[2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- I:\WINDOWS\System32\lockres.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/09/26 16:20:53 | 000,000,067 | -HS- | M] () -- I:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/09/12 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8A.DLL
[2006/09/12 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8A.DLL
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\WLXPGSS.SCR
[6 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/09/26 16:21:27 | 000,000,294 | -HS- | M] () -- I:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2008/06/23 17:36:24 | 000,773,120 | ---- | M] () -- I:\WINDOWS\system32\NEROINSTAEC43759.DB

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/23 14:31:53 | 000,000,119 | -HS- | M] () -- I:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/02/23 14:31:52 | 000,000,079 | ---- | M] () -- I:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/10 14:58:43 | 000,225,672 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\CrucialUKScan.exe
[2010/09/18 14:06:35 | 076,451,120 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\GP11.exe
[2010/02/28 15:19:00 | 020,299,200 | ---- | M] (TomTom International B.V.) -- I:\Documents and Settings\Owner\Desktop\TomTomHOME2winlatest.exe
[2011/04/07 21:38:56 | 011,978,408 | ---- | M] (Nullsoft, Inc.) -- I:\Documents and Settings\Owner\Desktop\winamp561_full_emusic-7plus_en-us.exe

< %PROGRAMFILES%\Common Files\*.* >
[2010/11/16 13:49:24 | 000,148,195 | ---- | M] () -- I:\Program Files\Common Files\BookViewer.xap

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/04/11 08:26:14 | 003,307,784 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\Owner\My Documents\BingBarSetup.EXE
[2010/04/29 10:20:20 | 000,293,888 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\Owner\My Documents\cleanup_tool.exe
[2011/04/05 14:56:00 | 016,883,056 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\Owner\My Documents\IE8-WindowsXP-x86-ENU.exe
[2011/04/17 16:33:16 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- I:\Documents and Settings\Owner\My Documents\jre-6u24-windows-i586.exe
[2010/10/02 16:31:07 | 000,131,584 | ---- | M] () -- I:\Documents and Settings\Owner\My Documents\mbid14.exe
[2011/01/19 22:22:38 | 502,380,952 | ---- | M] (Acresso Software Inc.) -- I:\Documents and Settings\Owner\My Documents\PSPP_X3_TBYB.exe
[2010/09/26 21:33:57 | 025,740,256 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\Owner\My Documents\wmp11-windowsxp-x86-enu.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/02/23 14:31:52 | 000,000,122 | -HS- | M] () -- I:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/30 17:00:09 | 000,000,358 | RHS- | M] () -- I:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/09/26 17:05:35 | 000,290,816 | ---- | M] () -- I:\WINDOWS\system32\config\default.sav
[2010/09/26 15:45:12 | 000,045,056 | ---- | M] () -- I:\WINDOWS\system32\config\security.sav
[2010/09/26 17:05:35 | 038,273,024 | ---- | M] () -- I:\WINDOWS\system32\config\software.sav
[2010/09/26 17:05:36 | 004,980,736 | ---- | M] () -- I:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 13:00:00 | 000,009,029 | ---- | M] () -- I:\WINDOWS\system32\ansi.sys
[2003/12/19 03:00:00 | 000,013,387 | ---- | M] () -- I:\WINDOWS\system32\CinemSup.sys
[2004/08/04 13:00:00 | 000,027,097 | ---- | M] () -- I:\WINDOWS\system32\country.sys
[2004/08/04 13:00:00 | 000,004,768 | ---- | M] () -- I:\WINDOWS\system32\himem.sys
[2004/08/04 13:00:00 | 000,042,809 | ---- | M] () -- I:\WINDOWS\system32\key01.sys
[2008/04/13 22:20:56 | 000,042,537 | ---- | M] () -- I:\WINDOWS\system32\keyboard.sys
[2004/08/04 13:00:00 | 000,027,866 | ---- | M] () -- I:\WINDOWS\system32\ntdos.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- I:\WINDOWS\system32\ntdos404.sys
[2004/08/04 13:00:00 | 000,029,370 | ---- | M] () -- I:\WINDOWS\system32\ntdos411.sys
[2004/08/04 13:00:00 | 000,029,274 | ---- | M] () -- I:\WINDOWS\system32\ntdos412.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- I:\WINDOWS\system32\ntdos804.sys
[2008/04/13 22:19:40 | 000,033,840 | ---- | M] () -- I:\WINDOWS\system32\ntio.sys
[2008/04/13 22:19:44 | 000,034,560 | ---- | M] () -- I:\WINDOWS\system32\ntio404.sys
[2008/04/13 22:19:40 | 000,035,648 | ---- | M] () -- I:\WINDOWS\system32\ntio411.sys
[2008/04/13 22:19:44 | 000,035,424 | ---- | M] () -- I:\WINDOWS\system32\ntio412.sys
[2008/04/13 22:19:42 | 000,034,560 | ---- | M] () -- I:\WINDOWS\system32\ntio804.sys
[2008/04/14 00:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\watchdog.sys
[2011/03/03 14:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/09/12 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8A.DLL
[2006/09/12 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8A.DLL
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2010/07/08 10:03:44 | 000,000,013 | ---- | M] () -- I:\alrt_200.data
[2010/05/27 13:31:05 | 000,000,000 | ---- | M] () -- I:\Autoexec.bat
[2010/09/26 17:05:35 | 000,000,210 | -HS- | M] () -- I:\boot.ini
[2011/04/22 11:35:52 | 2650,132,480 | -HS- | M] () -- I:\hiberfil.sys
[2011/04/17 17:31:16 | 000,000,502 | ---- | M] () -- I:\JavaRa.log
[2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- I:\NTDETECT.COM
[2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- I:\ntldr
[2010/03/12 22:43:46 | 000,262,144 | ---- | M] () -- I:\ntuser.dat
[2010/03/12 22:43:46 | 000,001,024 | -H-- | M] () -- I:\ntuser.dat.LOG
[2011/04/22 11:34:52 | 2145,386,496 | -HS- | M] () -- I:\pagefile.sys
[2010/05/27 11:28:01 | 005,197,824 | -H-- | M] () -- I:\SZKGFS.dat
[2000/07/21 10:40:58 | 000,002,048 | ---- | M] () -- I:\w2ksect.bin

< %PROGRAMFILES%\*. >
[2011/02/01 13:15:20 | 000,000,000 | ---D | M] -- I:\Program Files\Adobe
[2010/02/25 11:27:05 | 000,000,000 | ---D | M] -- I:\Program Files\AMD
[2011/02/06 23:05:44 | 000,000,000 | ---D | M] -- I:\Program Files\ArcSoft
[2011/04/21 12:01:12 | 000,000,000 | ---D | M] -- I:\Program Files\Ask.com
[2010/10/02 18:48:54 | 000,000,000 | ---D | M] -- I:\Program Files\ASUS
[2010/09/19 20:25:19 | 000,000,000 | ---D | M] -- I:\Program Files\Avanquest
[2011/04/07 21:13:16 | 000,000,000 | ---D | M] -- I:\Program Files\Bonjour
[2010/02/27 10:20:41 | 000,000,000 | ---D | M] -- I:\Program Files\BT Broadband Desktop Help
[2010/02/27 10:11:53 | 000,000,000 | ---D | M] -- I:\Program Files\BTHomeHub
[2010/09/28 12:58:11 | 000,000,000 | ---D | M] -- I:\Program Files\Canon
[2010/09/28 08:52:16 | 000,000,000 | -H-D | M] -- I:\Program Files\CanonBJ
[2011/04/09 11:00:01 | 000,000,000 | ---D | M] -- I:\Program Files\Common Files
[2010/02/23 14:17:38 | 000,000,000 | ---D | M] -- I:\Program Files\ComPlus Applications
[2010/06/06 18:02:57 | 000,000,000 | ---D | M] -- I:\Program Files\Conduit
[2010/10/02 14:41:02 | 000,000,000 | ---D | M] -- I:\Program Files\Creative
[2010/02/28 21:38:54 | 000,000,000 | ---D | M] -- I:\Program Files\DIFX
[2010/09/19 20:07:16 | 000,000,000 | ---D | M] -- I:\Program Files\EASEUS
[2011/02/06 22:41:05 | 000,000,000 | ---D | M] -- I:\Program Files\ffdshow
[2011/01/18 14:37:49 | 000,000,000 | ---D | M] -- I:\Program Files\Free Offers from Freeze.com
[2010/12/01 21:04:12 | 000,000,000 | ---D | M] -- I:\Program Files\Google
[2011/02/07 13:54:50 | 000,000,000 | -H-D | M] -- I:\Program Files\InstallShield Installation Information
[2011/04/13 09:02:53 | 000,000,000 | ---D | M] -- I:\Program Files\Internet Explorer
[2010/06/01 13:01:56 | 000,000,000 | ---D | M] -- I:\Program Files\iolo
[2011/04/09 10:52:26 | 000,000,000 | ---D | M] -- I:\Program Files\iTunes
[2011/01/14 13:27:48 | 000,000,000 | ---D | M] -- I:\Program Files\James River Software
[2011/04/17 17:16:07 | 000,000,000 | ---D | M] -- I:\Program Files\Java
[2011/01/09 14:17:25 | 000,000,000 | ---D | M] -- I:\Program Files\LimeWire
[2010/05/28 09:21:36 | 000,000,000 | ---D | M] -- I:\Program Files\Messenger
[2011/04/11 08:26:58 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft
[2010/02/27 00:15:11 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft ActiveSync
[2010/07/05 10:19:50 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/23 14:20:28 | 000,000,000 | ---D | M] -- I:\Program Files\microsoft frontpage
[2010/02/27 00:17:55 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft Office
[2010/10/09 18:30:32 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/09 18:31:25 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft Sync Framework
[2010/02/27 00:14:57 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft Visual Studio
[2011/01/01 16:04:32 | 000,000,000 | ---D | M] -- I:\Program Files\Microsoft.NET
[2010/09/26 21:05:55 | 000,000,000 | ---D | M] -- I:\Program Files\Movie Maker
[2011/04/09 10:55:32 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox
[2010/10/09 20:31:28 | 000,000,000 | ---D | M] -- I:\Program Files\MSBuild
[2010/05/06 17:36:14 | 000,000,000 | ---D | M] -- I:\Program Files\MSN
[2010/02/23 14:16:54 | 000,000,000 | ---D | M] -- I:\Program Files\MSN Gaming Zone
[2010/02/28 13:00:11 | 000,000,000 | ---D | M] -- I:\Program Files\MSXML 4.0
[2010/09/23 22:05:00 | 000,000,000 | ---D | M] -- I:\Program Files\Nero
[2010/02/23 14:18:38 | 000,000,000 | ---D | M] -- I:\Program Files\NetMeeting
[2010/12/21 19:30:53 | 000,000,000 | ---D | M] -- I:\Program Files\Nokia
[2010/02/23 14:17:03 | 000,000,000 | ---D | M] -- I:\Program Files\Online Services
[2010/10/09 18:01:32 | 000,000,000 | ---D | M] -- I:\Program Files\OpenOffice.org 3
[2010/12/16 09:14:46 | 000,000,000 | ---D | M] -- I:\Program Files\Outlook Express
[2011/04/09 11:28:03 | 000,000,000 | ---D | M] -- I:\Program Files\Panda Security
[2010/02/26 18:27:35 | 000,000,000 | ---D | M] -- I:\Program Files\Panda Software
[2010/06/11 14:44:39 | 000,000,000 | ---D | M] -- I:\Program Files\ParetoLogic
[2010/12/21 19:32:05 | 000,000,000 | ---D | M] -- I:\Program Files\PC Connectivity Solution
[2010/10/09 20:31:21 | 000,000,000 | ---D | M] -- I:\Program Files\Reference Assemblies
[2011/01/19 15:25:19 | 000,000,000 | ---D | M] -- I:\Program Files\Registry Patrol
[2010/04/05 22:08:10 | 000,000,000 | ---D | M] -- I:\Program Files\Roxio
[2010/09/30 16:57:17 | 000,000,000 | ---D | M] -- I:\Program Files\ScanSoft
[2011/01/09 14:24:52 | 000,000,000 | ---D | M] -- I:\Program Files\Shareaza Applications
[2010/09/15 18:43:55 | 000,000,000 | ---D | M] -- I:\Program Files\SIW
[2010/12/31 21:33:13 | 000,000,000 | ---D | M] -- I:\Program Files\Sonic
[2011/04/22 09:10:04 | 000,000,000 | ---D | M] -- I:\Program Files\SUPERAntiSpyware
[2010/09/16 17:10:00 | 000,000,000 | ---D | M] -- I:\Program Files\SyncToy 2.1
[2010/05/28 09:25:54 | 000,000,000 | ---D | M] -- I:\Program Files\TomTom HOME 2
[2010/02/28 15:19:32 | 000,000,000 | ---D | M] -- I:\Program Files\TomTom International B.V
[2010/02/23 14:31:46 | 000,000,000 | -H-D | M] -- I:\Program Files\Uninstall Information
[2010/10/24 12:29:11 | 000,000,000 | ---D | M] -- I:\Program Files\Veetle
[2010/10/20 19:57:17 | 000,000,000 | ---D | M] -- I:\Program Files\vShare
[2011/01/01 16:43:04 | 000,000,000 | ---D | M] -- I:\Program Files\Windows Desktop Search
[2010/10/09 18:31:55 | 000,000,000 | ---D | M] -- I:\Program Files\Windows Live
[2010/10/09 18:29:13 | 000,000,000 | ---D | M] -- I:\Program Files\Windows Live SkyDrive
[2010/09/26 21:36:05 | 000,000,000 | ---D | M] -- I:\Program Files\Windows Media Connect 2
[2010/09/26 21:36:05 | 000,000,000 | ---D | M] -- I:\Program Files\Windows Media Player
[2010/02/23 14:16:46 | 000,000,000 | ---D | M] -- I:\Program Files\Windows NT
[2010/02/23 14:19:11 | 000,000,000 | -H-D | M] -- I:\Program Files\WindowsUpdate
[2010/08/11 09:01:42 | 000,000,000 | ---D | M] -- I:\Program Files\WinZip
[2010/08/11 09:07:12 | 000,000,000 | ---D | M] -- I:\Program Files\WinZip E-Mail Companion
[2010/02/23 14:20:28 | 000,000,000 | ---D | M] -- I:\Program Files\xerox
[2010/03/12 22:43:44 | 000,000,000 | ---D | M] -- I:\Program Files\Yahoo!

< %appdata%\*.* >
[2010/10/09 11:32:55 | 000,000,059 | ---- | M] () -- I:\Documents and Settings\Owner\Application Data\default.pls
[2010/02/23 13:24:49 | 000,000,062 | -HS- | M] () -- I:\Documents and Settings\Owner\Application Data\desktop.ini
[2011/02/04 21:49:05 | 000,111,424 | ---- | M] () -- I:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT


< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- I:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- I:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- I:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- I:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- I:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/05/29 16:00:13 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- I:\WINDOWS\NLDRV\001\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- I:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- I:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/07/26 11:16:24 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- I:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- I:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- I:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- I:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-13 08:04:15

< >

< End of report >

JGMG1312

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-06-06
Operating System : XP

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by Belahzur on Sat 23 Apr 2011, 7:27 am

Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by JGMG1312 on Sat 23 Apr 2011, 6:54 pm

ComboFix 11-04-22.01 - Owner 22/04/2011 23:26:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2527.2049 [GMT 1:00]
Running from: i:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: Panda Global Protection 2011 *Disabled/Updated* {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2011 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
i:\documents and settings\MARGARET\Application Data\PriceGong
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\1.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\a.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\b.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\c.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\d.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\e.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\f.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\g.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\h.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\i.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\J.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\k.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\l.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\m.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\mru.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\n.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\o.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\p.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\q.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\r.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\s.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\t.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\u.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\v.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\w.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\x.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\y.xml
i:\documents and settings\MARGARET\Application Data\PriceGong\Data\z.xml
i:\documents and settings\MARGARET\Desktop\Internet Explorer.lnk
i:\documents and settings\Owner\Application Data\Erhici
i:\documents and settings\Owner\Application Data\Erhici\lala.exe
i:\documents and settings\Owner\Application Data\PriceGong
i:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
i:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
i:\documents and settings\Owner\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
.
.
2011-04-17 15:52 . 2011-04-17 15:52 73728 ----a-w- i:\windows\system32\javacpl.cpl
2011-04-14 21:34 . 2011-04-14 21:34 -------- d--h--w- i:\windows\PIF
2011-04-14 09:06 . 2011-04-14 09:07 -------- d-----w- i:\documents and settings\MARGARET\Application Data\shareazamediabartb
2011-04-14 09:06 . 2011-04-14 09:06 -------- d-----w- i:\documents and settings\MARGARET\Application Data\ArcSoft
2011-04-14 09:05 . 2011-04-14 09:05 -------- d-----w- i:\documents and settings\MARGARET\Local Settings\Application Data\Identities
2011-04-14 09:05 . 2011-04-14 09:05 -------- d-----w- i:\documents and settings\MARGARET\Application Data\Windows Desktop Search
2011-04-09 10:28 . 2009-06-30 09:37 28552 ----a-w- i:\windows\system32\drivers\pavboot.sys
2011-04-07 20:13 . 2011-04-07 20:13 -------- d-----w- i:\program files\Bonjour
2011-04-05 17:31 . 2011-04-09 17:45 -------- d-----w- i:\documents and settings\Owner\Application Data\Mekau
2011-04-05 17:31 . 2011-04-07 20:04 -------- d-----w- i:\documents and settings\Owner\Application Data\Axbu
2011-04-05 14:05 . 2011-04-05 14:06 -------- dc-h--w- i:\windows\ie8
2011-03-29 15:23 . 2011-03-29 15:23 -------- d-----w- i:\documents and settings\All Users\Application Data\ParetoLogic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 03:00 . 2010-09-18 13:31 13880 ----a-w- i:\windows\system32\drivers\COMFiltr.sys
2011-04-17 15:52 . 2010-05-03 18:04 472808 ----a-w- i:\windows\system32\deployJava1.dll
2011-03-11 01:54 . 2010-06-01 12:02 87688 ----a-w- i:\windows\system32\IncContxMenu.dll
2011-03-11 01:53 . 2010-06-01 12:01 11776 ----a-w- i:\windows\system32\smrgdf.exe
2011-03-11 01:53 . 2010-06-01 12:01 29696 ----a-w- i:\windows\system32\iolobtdfg.exe
2011-03-11 01:36 . 2010-06-01 12:02 2234552 ----a-w- i:\windows\system32\Incinerator.dll
2011-03-07 05:33 . 2010-02-23 13:17 692736 ----a-w- i:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 04:42 420864 ----a-w- i:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 00:00 1857920 ----a-w- i:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-14 04:42 1469440 ------w- i:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2008-04-14 04:42 916480 ----a-w- i:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 04:41 43520 ------w- i:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2008-04-13 23:07 385024 ------w- i:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-13 23:47 455936 ----a-w- i:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-13 23:45 357888 ----a-w- i:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-02-25 13:12 5120 ----a-w- i:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 04:39 290432 ----a-w- i:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 04:42 270848 ----a-w- i:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 04:41 186880 ----a-w- i:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 04:41 978944 ----a-w- i:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2007-04-03 07:44 974848 ----a-w- i:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2010-02-23 13:16 2067456 ----a-w- i:\windows\system32\mstscax.dll
2011-02-01 20:05 . 2011-01-19 22:46 2828 --sha-w- i:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-02-01 20:03 . 2011-01-19 22:46 88 --sh--r- i:\documents and settings\All Users\Application Data\227A7E50F6.sys
2011-01-27 11:57 . 2010-02-23 13:16 677888 ----a-w- i:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2010-10-19 12:59 585152 ----a-w- i:\progra~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}]
2010-01-20 16:36 87488 ----a-w- i:\progra~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EE9A4208-64EC-11DE-8440-204256D89593}"= "i:\progra~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll" [2010-01-20 87488]
.
[HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="i:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"swg"="i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-11 39408]
"SUPERAntiSpyware"="i:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-22 2423752]
"NokiaOviSuite2"="i:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-01-31 703360]
"ctfmon.exe"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="i:\program files\Panda Security\Panda Global Protection 2011\APVXDWIN.EXE" [2010-08-26 988480]
"SCANINICIO"="i:\program files\Panda Security\Panda Global Protection 2011\Inicio.exe" [2010-06-11 68928]
"YSearchProtection"="i:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WinZip E-Mail Companion OEAPI"="i:\program files\WinZip E-Mail Companion\loadwzco.exe" [2007-11-19 75136]
"SSBkgdUpdate"="i:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824]
"PDF3 Registry Controller"="i:\program files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-26 106496]
"OpwareSE4"="i:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"ISUSScheduler"="i:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DVAPTray"="i:\windows\System32\DVAPTray.exe" [2009-10-30 188416]
"ArcSoft Connection Service"="i:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
.
i:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - i:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "i:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- i:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55 55552 ----a-w- i:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"i:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1039:TCP"= 1039:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 pavboot;pavboot;i:\windows\system32\drivers\pavboot.sys [09/04/2011 11:28 28552]
R1 APPFLT;App Filter Plugin;i:\windows\system32\drivers\APPFLT.SYS [18/09/2010 14:24 76296]
R1 DSAFLT;DSA Filter Plugin;i:\windows\system32\drivers\dsaflt.sys [18/09/2010 14:24 53256]
R1 FNETMON;NetMon Filter Plugin;i:\windows\system32\drivers\fnetmon.sys [18/09/2010 14:24 22024]
R1 IDSFLT;Ids Filter Plugin;i:\windows\system32\drivers\idsflt.sys [18/09/2010 14:24 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];i:\windows\system32\drivers\NETFLTDI.SYS [18/09/2010 14:24 159112]
R1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R1 ShldDrv;Panda File Shield Driver;i:\windows\system32\drivers\ShlDrv51.sys [18/09/2010 14:22 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;i:\windows\system32\drivers\wnmflt.sys [18/09/2010 14:24 46856]
R2 Akamai;Akamai NetSession Interface;i:\windows\System32\svchost.exe -k Akamai [14/04/2008 05:42 14336]
R2 AmFSM;AmFSM;i:\windows\system32\drivers\amm8651.sys [18/09/2010 14:23 59080]
R2 ioloFileInfoList;iolo FileInfoList Service;i:\program files\iolo\Common\Lib\ioloServiceManager.exe [01/06/2010 13:02 724152]
R2 ioloSystemService;iolo System Service;i:\program files\iolo\Common\Lib\ioloServiceManager.exe [01/06/2010 13:02 724152]
R2 PavProc;Panda Process Protection Driver;i:\windows\system32\drivers\PavProc.sys [18/09/2010 14:22 163336]
R2 PskSvcRetail;Panda PSK service;i:\program files\Panda Security\Panda Global Protection 2011\psksvc.exe [18/09/2010 14:24 28992]
R2 TomTomHOMEService;TomTomHOMEService;i:\program files\TomTom HOME 2\TomTomHOMEService.exe [09/03/2011 13:30 92592]
R3 AvFlt;Antivirus Filter Driver;i:\windows\system32\drivers\av5flt.sys --> i:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;i:\windows\system32\drivers\COMFiltr.sys [18/09/2010 14:31 13880]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;i:\windows\system32\drivers\neti1642.sys [18/09/2010 14:23 199688]
R3 PavSRK.sys;PavSRK.sys;\??\i:\windows\system32\PavSRK.sys --> i:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\i:\windows\system32\PavTPK.sys --> i:\windows\system32\PavTPK.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;i:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [11/05/2010 14:09 135664]
S3 ASUSHWIO;ASUSHWIO;\??\i:\windows\system32\drivers\ASUSHWIO.sys --> i:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 BBSvc;Bing Bar Update Service;i:\program files\Microsoft\BingBar\BBSvc.EXE [15/03/2011 22:27 183560]
S3 cpuz134;cpuz134;\??\i:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> i:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;i:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- i:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2010-09-18 i:\windows\Tasks\Basic clean-up.job
- i:\program files\Panda Security\Panda Global Protection 2011\PlaTasks.exe [2010-09-18 18:12]
.
2010-06-11 i:\windows\Tasks\FileCure Default.job
- i:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2011-04-23 i:\windows\Tasks\FileCure Startup.job
- i:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2011-04-23 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 13:09]
.
2011-04-23 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 13:09]
.
2011-04-23 i:\windows\Tasks\OGALogon.job
- i:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2011-04-22 i:\windows\Tasks\ParetoLogic Registration3.job
- i:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-01-28 21:19]
.
2011-04-23 i:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- i:\program files\Ask.com\UpdateTask.exe [2010-02-04 16:50]
.
2011-04-23 i:\windows\Tasks\User_Feed_Synchronization-{79938DB7-4041-44CF-9335-4C24FB8105E7}.job
- i:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:27811
uSearchAssistant =
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - i:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - i:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
IE: Read EXIF - i:\program files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=i:\progra~1\PANDAS~2\PANDAG~1\PAVSCRIP.EXE "%1" %*
VBSFile=i:\progra~1\PANDAS~2\PANDAG~1\PAVSCRIP.EXE "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-{5E252DC5-DD1E-D79B-017D-F6C1B1A6C949} - i:\documents and settings\Owner\Application Data\Erhici\lala.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-23 03:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1432)
i:\program files\SUPERAntiSpyware\SASWINLO.DLL
i:\windows\system32\WININET.dll
i:\windows\system32\avldr.dll
.
- - - - - - - > 'explorer.exe'(6816)
i:\windows\system32\WININET.dll
i:\program files\Panda Security\Panda Global Protection 2011\pavoepl.dll
i:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
i:\windows\system32\WPDShServiceObj.dll
i:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
i:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
i:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
i:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
i:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
i:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
i:\program files\Bonjour\mDNSResponder.exe
i:\program files\Common Files\Motive\McciCMService.exe
i:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
i:\program files\Panda Security\Panda Global Protection 2011\PsCtrls.exe
i:\program files\Panda Security\Panda Global Protection 2011\PavFnSvr.exe
i:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
i:\program files\panda security\panda global protection 2011\firewall\PSHOST.EXE
i:\program files\Panda Security\Panda Global Protection 2011\PsImSvc.exe
i:\program files\Microsoft\BingBar\SeaPort.EXE
i:\program files\Panda Security\Panda Global Protection 2011\TPSrv.exe
i:\windows\system32\MsPMSPSv.exe
i:\windows\system32\SearchIndexer.exe
i:\program files\PANDA SECURITY\PANDA GLOBAL PROTECTION 2011\WebProxy.exe
i:\program files\Panda Security\Panda Global Protection 2011\pavsrvx86.exe
i:\program files\Panda Security\Panda Global Protection 2011\AVENGINE.EXE
i:\windows\SOUNDMAN.EXE
i:\progra~1\SHAREA~1\MediaBar\Datamngr\DATAMN~1.EXE
i:\program files\PC Connectivity Solution\ServiceLayer.exe
i:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
i:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
i:\program files\Panda Security\Panda Global Protection 2011\SRVLOAD.EXE
i:\program files\Panda Security\Panda Global Protection 2011\PavBckPT.exe
i:\progra~1\COMMON~1\Nokia\MPLATF~1\NOKIAM~1.EXE
i:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
i:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2011-04-23 04:39:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-23 03:39
.
Pre-Run: 182,540,410,880 bytes free
Post-Run: 182,582,382,592 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F36F1ED355F44F06FC1B78BECC218737

JGMG1312

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-06-06
Operating System : XP

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by Belahzur on Sun 24 Apr 2011, 7:01 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyOverride = ;*.local
    uInternet Settings,ProxyServer = http=127.0.0.1:27811
    uSearchAssistant =
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by JGMG1312 on Fri 29 Apr 2011, 6:56 am

ComboFix 11-04-27.04 - Owner 28/04/2011 17:47:27.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2527.2055 [GMT 1:00]
Running from: i:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: i:\documents and settings\Owner\Desktop\CFScript.txt
AV: Panda Global Protection 2011 *Disabled/Updated* {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2011 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))
.
.
2011-04-22 22:02 . 2011-04-23 03:42 -------- d-----w- I:\Combo-Fix
2011-04-17 15:52 . 2011-04-17 15:52 73728 ----a-w- i:\windows\system32\javacpl.cpl
2011-04-14 21:34 . 2011-04-14 21:34 -------- d--h--w- i:\windows\PIF
2011-04-14 09:06 . 2011-04-14 09:07 -------- d-----w- i:\documents and settings\MARGARET\Application Data\shareazamediabartb
2011-04-14 09:06 . 2011-04-14 09:06 -------- d-----w- i:\documents and settings\MARGARET\Application Data\ArcSoft
2011-04-14 09:05 . 2011-04-14 09:05 -------- d-----w- i:\documents and settings\MARGARET\Local Settings\Application Data\Identities
2011-04-14 09:05 . 2011-04-14 09:05 -------- d-----w- i:\documents and settings\MARGARET\Application Data\Windows Desktop Search
2011-04-09 10:28 . 2009-06-30 09:37 28552 ----a-w- i:\windows\system32\drivers\pavboot.sys
2011-04-07 20:13 . 2011-04-07 20:13 -------- d-----w- i:\program files\Bonjour
2011-04-05 17:31 . 2011-04-09 17:45 -------- d-----w- i:\documents and settings\Owner\Application Data\Mekau
2011-04-05 17:31 . 2011-04-07 20:04 -------- d-----w- i:\documents and settings\Owner\Application Data\Axbu
2011-04-05 14:05 . 2011-04-05 14:06 -------- dc-h--w- i:\windows\ie8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 15:10 . 2010-09-18 13:31 13880 ----a-w- i:\windows\system32\drivers\COMFiltr.sys
2011-04-17 15:52 . 2010-05-03 18:04 472808 ----a-w- i:\windows\system32\deployJava1.dll
2011-03-11 01:54 . 2010-06-01 12:02 87688 ----a-w- i:\windows\system32\IncContxMenu.dll
2011-03-11 01:53 . 2010-06-01 12:01 11776 ----a-w- i:\windows\system32\smrgdf.exe
2011-03-11 01:53 . 2010-06-01 12:01 29696 ----a-w- i:\windows\system32\iolobtdfg.exe
2011-03-11 01:36 . 2010-06-01 12:02 2234552 ----a-w- i:\windows\system32\Incinerator.dll
2011-03-07 05:33 . 2010-02-23 13:17 692736 ----a-w- i:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 04:42 420864 ----a-w- i:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 00:00 1857920 ----a-w- i:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-14 04:42 1469440 ------w- i:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2008-04-14 04:42 916480 ----a-w- i:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 04:41 43520 ------w- i:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2008-04-13 23:07 385024 ------w- i:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-13 23:47 455936 ----a-w- i:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-13 23:45 357888 ----a-w- i:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-02-25 13:12 5120 ----a-w- i:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 04:39 290432 ----a-w- i:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 04:42 270848 ----a-w- i:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 04:41 186880 ----a-w- i:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 04:41 978944 ----a-w- i:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2007-04-03 07:44 974848 ----a-w- i:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2010-02-23 13:16 2067456 ----a-w- i:\windows\system32\mstscax.dll
2011-02-01 20:05 . 2011-01-19 22:46 2828 --sha-w- i:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-02-01 20:03 . 2011-01-19 22:46 88 --sh--r- i:\documents and settings\All Users\Application Data\227A7E50F6.sys
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-28 15:03 . 2011-04-28 15:03 16384 i:\windows\Temp\Perflib_Perfdata_330.dat
+ 2011-04-28 18:42 . 2011-04-28 18:42 58177 i:\windows\Temp\cteng_tld.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2010-10-19 12:59 585152 ----a-w- i:\progra~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}]
2010-01-20 16:36 87488 ----a-w- i:\progra~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EE9A4208-64EC-11DE-8440-204256D89593}"= "i:\progra~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll" [2010-01-20 87488]
.
[HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="i:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"swg"="i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-11 39408]
"SUPERAntiSpyware"="i:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-22 2423752]
"NokiaOviSuite2"="i:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-01-31 703360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="i:\program files\Panda Security\Panda Global Protection 2011\APVXDWIN.EXE" [2010-08-26 988480]
"SCANINICIO"="i:\program files\Panda Security\Panda Global Protection 2011\Inicio.exe" [2010-06-11 68928]
"YSearchProtection"="i:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WinZip E-Mail Companion OEAPI"="i:\program files\WinZip E-Mail Companion\loadwzco.exe" [2007-11-19 75136]
"SSBkgdUpdate"="i:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824]
"PDF3 Registry Controller"="i:\program files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-26 106496]
"OpwareSE4"="i:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"ISUSScheduler"="i:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DVAPTray"="i:\windows\System32\DVAPTray.exe" [2009-10-30 188416]
"ArcSoft Connection Service"="i:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
.
i:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - i:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "i:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- i:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55 55552 ----a-w- i:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"i:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2254:TCP"= 2254:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 pavboot;pavboot;i:\windows\system32\drivers\pavboot.sys [09/04/2011 11:28 28552]
R1 APPFLT;App Filter Plugin;i:\windows\system32\drivers\APPFLT.SYS [18/09/2010 14:24 76296]
R1 DSAFLT;DSA Filter Plugin;i:\windows\system32\drivers\dsaflt.sys [18/09/2010 14:24 53256]
R1 FNETMON;NetMon Filter Plugin;i:\windows\system32\drivers\fnetmon.sys [18/09/2010 14:24 22024]
R1 IDSFLT;Ids Filter Plugin;i:\windows\system32\drivers\idsflt.sys [18/09/2010 14:24 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];i:\windows\system32\drivers\NETFLTDI.SYS [18/09/2010 14:24 159112]
R1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R1 ShldDrv;Panda File Shield Driver;i:\windows\system32\drivers\ShlDrv51.sys [18/09/2010 14:22 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;i:\windows\system32\drivers\wnmflt.sys [18/09/2010 14:24 46856]
R2 Akamai;Akamai NetSession Interface;i:\windows\System32\svchost.exe -k Akamai [14/04/2008 05:42 14336]
R2 AmFSM;AmFSM;i:\windows\system32\drivers\amm8651.sys [18/09/2010 14:23 59080]
R2 ioloFileInfoList;iolo FileInfoList Service;i:\program files\iolo\Common\Lib\ioloServiceManager.exe [01/06/2010 13:02 724152]
R2 ioloSystemService;iolo System Service;i:\program files\iolo\Common\Lib\ioloServiceManager.exe [01/06/2010 13:02 724152]
R2 PavProc;Panda Process Protection Driver;i:\windows\system32\drivers\PavProc.sys [18/09/2010 14:22 163336]
R2 PskSvcRetail;Panda PSK service;i:\program files\Panda Security\Panda Global Protection 2011\psksvc.exe [18/09/2010 14:24 28992]
R2 TomTomHOMEService;TomTomHOMEService;i:\program files\TomTom HOME 2\TomTomHOMEService.exe [09/03/2011 13:30 92592]
R3 AvFlt;Antivirus Filter Driver;i:\windows\system32\drivers\av5flt.sys --> i:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;i:\windows\system32\drivers\COMFiltr.sys [18/09/2010 14:31 13880]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;i:\windows\system32\drivers\neti1642.sys [18/09/2010 14:23 199688]
R3 PavSRK.sys;PavSRK.sys;\??\i:\windows\system32\PavSRK.sys --> i:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\i:\windows\system32\PavTPK.sys --> i:\windows\system32\PavTPK.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;i:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [11/05/2010 14:09 135664]
S3 ASUSHWIO;ASUSHWIO;\??\i:\windows\system32\drivers\ASUSHWIO.sys --> i:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 BBSvc;Bing Bar Update Service;i:\program files\Microsoft\BingBar\BBSvc.EXE [15/03/2011 22:27 183560]
S3 gupdatem;Google Update Service (gupdatem);i:\program files\Google\Update\GoogleUpdate.exe [11/05/2010 14:09 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;i:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- i:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2010-09-18 i:\windows\Tasks\Basic clean-up.job
- i:\program files\Panda Security\Panda Global Protection 2011\PlaTasks.exe [2010-09-18 18:12]
.
2010-06-11 i:\windows\Tasks\FileCure Default.job
- i:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2011-04-28 i:\windows\Tasks\FileCure Startup.job
- i:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2011-04-28 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 13:09]
.
2011-04-28 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 13:09]
.
2011-04-28 i:\windows\Tasks\OGALogon.job
- i:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2011-04-27 i:\windows\Tasks\ParetoLogic Registration3.job
- i:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-01-28 21:19]
.
2011-04-28 i:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- i:\program files\Ask.com\UpdateTask.exe [2010-02-04 16:50]
.
2011-04-28 i:\windows\Tasks\User_Feed_Synchronization-{79938DB7-4041-44CF-9335-4C24FB8105E7}.job
- i:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchAssistant =
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - i:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - i:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
IE: Read EXIF - i:\program files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-28 19:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1440)
i:\program files\SUPERAntiSpyware\SASWINLO.DLL
i:\windows\system32\WININET.dll
i:\windows\system32\avldr.dll
.
- - - - - - - > 'explorer.exe'(17984)
i:\windows\system32\WININET.dll
i:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-28 20:27:40
ComboFix-quarantined-files.txt 2011-04-28 19:26
ComboFix2.txt 2011-04-28 12:40
ComboFix3.txt 2011-04-23 03:40
.
Pre-Run: 183,433,273,344 bytes free
Post-Run: 183,456,608,256 bytes free
.
- - End Of File - - A80EEFFA1F27078B80005FB04CA03D08

JGMG1312

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-06-06
Operating System : XP

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by Belahzur on Sat 30 Apr 2011, 8:28 am

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by JGMG1312 on Tue 03 May 2011, 8:02 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=9a90c37d0471204d98a2ecafa6a31b5c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-30 12:01:00
# local_time=2011-04-30 01:01:00 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1536 16777175 100 0 1814924 1814924 0 0
# compatibility_mode=8192 67108863 100 0 258 258 0 0
# scanned=156480
# found=9
# cleaned=9
# scan_time=5055
F:\my new data\Nero-8.3.6.0_eng_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
I:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_2B2D3C33D6174A579BC2AA69B4736301\p1v1_PPIRegistryReviver_w.exe a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C
I:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_2B2D3C33D6174A579BC2AA69B4736301\PPIRegistryReviverSetup.exe a variant of Win32/SlowPCfighter application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I:\Qoobox\Quarantine\I\Documents and Settings\Owner\Application Data\Erhici\lala.exe.vir a variant of Win32/Kryptik.MSK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I:\System Volume Information\_restore{E83A862A-16EB-4549-BFDE-FB05C0A3CD70}\RP279\A0064642.exe a variant of Win32/Kryptik.MSK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I:\System Volume Information\_restore{E83A862A-16EB-4549-BFDE-FB05C0A3CD70}\RP287\A0065961.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
I:\System Volume Information\_restore{E83A862A-16EB-4549-BFDE-FB05C0A3CD70}\RP292\A0066402.exe a variant of Win32/Kryptik.MSK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I:\System Volume Information\_restore{E83A862A-16EB-4549-BFDE-FB05C0A3CD70}\RP296\A0069821.exe a variant of Win32/SlowPCfighter application (deleted - quarantined) 00000000000000000000000000000000 C
I:\System Volume Information\_restore{E83A862A-16EB-4549-BFDE-FB05C0A3CD70}\RP296\A0069822.exe a variant of Win32/SlowPCfighter application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

JGMG1312

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-06-06
Operating System : XP

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by Belahzur on Wed 04 May 2011, 12:26 am

Nice one.

Hello.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by JGMG1312 on Wed 04 May 2011, 3:09 am

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
Akamai NetSession Interface
ArcSoft PhotoStudio Darkroom 2
Athlon 64 Processor Driver
Bing Bar
Bonjour
BT Broadband Desktop Help
BT Broadband Support Tools
BT Wireless Connection Manager
BT Yahoo! Applications
BTHomeHub
Canon MP Navigator 3.0
Canon MP810
Canon MP810 User Registration
Canon Utilities Easy-PhotoPrint
DVAPTray
GoToAssist Corporate
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
iolo technologies' System Mechanic
Java(TM) 6 Update 24
Junk Mail filter update
MediaBar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSN
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Ovi Desktop Sync Engine
OviMPlatform
Panda ActiveScan 2.0
Panda Global Protection 2011
Panda Secure Vault 5
ParetoLogic FileCure
PC Connectivity Solution
Realtek AC'97 Audio
ScanSoft OmniPage SE 4.0
ScanSoft PDF Converter 3.0
ScanSoft PDF Create! 3.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SIW version 2010.07.14
SUPERAntiSpyware
SyncToy 2.1 (x86)
TomTom HOME 2.8.1.2218
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.18
vShare Plugin
Windows Driver Package - Nokia Modem (06/09/2010 4.5)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinZip 14.5
WinZip E-Mail Companion
Yahoo! Search Protection
Yahoo! Software Update


JGMG1312

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-06-06
Operating System : XP

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by Belahzur on Wed 04 May 2011, 4:43 am

Okay just 1 update to do.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Your Java needs updating!

  • Please go to Start > Control Panel, click on Java.
  • When the Java control panel opens, go into the Update tab.
  • At the bottom of that window, press the "Update Now" button and it will attempt to download the latest Java update.
  • Next, the Updater window opens, hit the Install button. It will now attempt to download the update.
  • Untick the box for installing the Yahoo Toolbar when asked.

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by JGMG1312 on Wed 04 May 2011, 6:45 am

dont see much difference and now i am getting the message javaw.exe has encountered a problem and needs to close

JGMG1312

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-06-06
Operating System : XP

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by Belahzur on Thu 05 May 2011, 1:25 am

Hello.
Please re-open Hijack This. Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by JGMG1312 on Thu 05 May 2011, 2:33 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:30:39, on 04/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Common Files\Motive\McciCMService.exe
I:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
I:\Program Files\Panda Security\Panda Global Protection 2011\PsCtrls.exe
I:\Program Files\Panda Security\Panda Global Protection 2011\PavFnSvr.exe
I:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
i:\program files\panda security\panda global protection 2011\firewall\PSHOST.EXE
I:\Program Files\Panda Security\Panda Global Protection 2011\PsImSvc.exe
I:\Program Files\Panda Security\Panda Global Protection 2011\PskSvc.exe
I:\Program Files\Microsoft\BingBar\SeaPort.EXE
I:\WINDOWS\system32\svchost.exe
I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
I:\Program Files\Panda Security\Panda Global Protection 2011\TPSrv.exe
I:\WINDOWS\system32\MsPMSPSv.exe
I:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2011\WebProxy.exe
I:\Program Files\Panda Security\Panda Global Protection 2011\pavsrvx86.exe
I:\Program Files\Panda Security\Panda Global Protection 2011\AVENGINE.EXE
I:\WINDOWS\Explorer.EXE
I:\Program Files\Panda Security\Panda Global Protection 2011\APVXDWIN.EXE
I:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
I:\Program Files\WinZip E-Mail Companion\loadwzco.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
I:\WINDOWS\System32\DVAPTray.exe
I:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\DATAMN~1.EXE
I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
I:\Program Files\Common Files\Java\Java Update\jusched.exe
I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Panda Security\Panda Global Protection 2011\SRVLOAD.EXE
I:\Program Files\Panda Security\Panda Global Protection 2011\PavBckPT.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
I:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - I:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "I:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - I:\PROGRA~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - I:\PROGRA~1\SHAREA~1\MediaBar\ToolBar\ShareazaMediabarDx.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "I:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [APVXDWIN] "I:\Program Files\Panda Security\Panda Global Protection 2011\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "I:\Program Files\Panda Security\Panda Global Protection 2011\Inicio.exe"
O4 - HKLM\..\Run: [YSearchProtection] "I:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "I:\Program Files\WinZip E-Mail Companion\loadwzco.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "I:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PDF3 Registry Controller] "I:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [OpwareSE4] "I:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "I:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVAPTray] I:\WINDOWS\System32\DVAPTray.exe
O4 - HKLM\..\Run: [DATAMNGR] I:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - [You must be registered and logged in to see this link.] Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - I:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - I:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - I:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - I:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - I:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - I:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - I:\Program Files\Panda Security\Panda Global Protection 2011\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - I:\Program Files\Panda Security\Panda Global Protection 2011\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - I:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - I:\Program Files\Panda Security\Panda Global Protection 2011\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - i:\program files\panda security\panda global protection 2011\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - I:\Program Files\Panda Security\Panda Global Protection 2011\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - I:\Program Files\Panda Security\Panda Global Protection 2011\PskSvc.exe
O23 - Service: ServiceLayer - Nokia - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - I:\Program Files\Panda Security\Panda Global Protection 2011\TPSrv.exe

--
End of file - 12052 bytes

JGMG1312

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-06-06
Operating System : XP

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by Belahzur on Thu 05 May 2011, 9:05 am

Hello.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Common Files\Java\Java Update\jusched.exe"



  • Press "Fix Checked"
  • Close Hijack This.

I recommend you remove the Java Quick Starter because it's not needed.
To do so, follow these instructions.

Go to Start > Control Panel > Java.
In the Java control panel, open the click the Advanced tab. Click the + in front of Miscellaneous and uncheck the Java Quick Starter box.

See here for more info.

Reboot normally. That error shouldn't happen anymore.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by JGMG1312 on Thu 05 May 2011, 7:39 pm

just done what you said but still getting same java error

JGMG1312

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-06-06
Operating System : XP

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by Belahzur on Fri 06 May 2011, 5:36 am

When does it happen?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by JGMG1312 on Fri 06 May 2011, 7:10 am

WHEN I WENT INTO JAVA CONTROL PANEL TO REMOVE JAVA QUICK STARTER LIKE YOU ASKED ME TO DO

JGMG1312

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-06-06
Operating System : XP

View user profile

Back to top Go down

Re: LALA.EXE UNKNOWN VIRUS POST 1

Post by Sponsored content Today at 7:55 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum