Possible garrys mod virus?

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Possible garrys mod virus?

Post by planetsngalaxies on Sun 10 Jul 2011, 12:56 pm

Last week my computer began running CHKDSK at every start up. After some investigating I discovered it was related to garrys mod. CHKDSK would only run if my brother had been playing garrys mod the last time the computer was on. My brother plays it online and whenever he joins a server I noticed a blue screen which pops up and says "A Lua Script is creating a render target". This only started happening within the last few weeks.

To try to fix the CHKDSK problem I tried to uninstall garrys mod but to my surprise one of the folders wouldn't delete. Its path was "C:\Program Files\Steam\steamapps\user\garrysmod\garrysmod\lua_temp\weapons_______________".

The strange folder name is what caught my attention. Besides the long line of underscores, every time I tried to delete it said "Cannot delete weapons__________________: The directory is not empty". Trying to open it gave me an error message saying it was not accessible and "The file or directory is corrupted and unreadable."

After searching for solutions online and using various methods to remove it I decided to run a full CHKDSK. It didn't work. The folder is empty and it can be renamed and moved, just not deleted. Right now it's on my desktop (I've deleted all other garrys mod files successfully) and renamed it to "what_is_this". I ran another full CHKDSK earlier today and still can't delete it.

I've heard of people getting viruses through shady garrys mod servers and they involve lua files. My guess is it's either that or my hard drive is just dying but I thought I'd check here first before I replace it.

edit: Just some additional information. When I tried deleting it with Unlocker a yellow triangle with an exclamation point appeared in the tray with a bubble saying "Unlocker.exe - Corrupt File The file or directory C: is corrupt and unreadable. Please run the Chkdsk utility."

This warning also popped up when I ran Spybot S&D earlier today and just a few minutes ago when I ran OTL.


Last edited by planetsngalaxies on Mon 11 Jul 2011, 10:56 am; edited 3 times in total

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Sun 10 Jul 2011, 12:59 pm

OTL logfile created on: 7/9/2011 6:15:03 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\memoirs\Desktop\gmod virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 83.44% Memory free
5.11 Gb Paging File | 4.58 Gb Available in Paging File | 89.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 390.63 Gb Total Space | 41.24 Gb Free Space | 10.56% Space Free | Partition Type: NTFS

Computer Name: ADRIAN-9B9F6298 | User Name: memoirs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/09 18:01:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\memoirs\Desktop\gmod virus\OTL.com
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/16 16:52:45 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2010/10/03 01:13:42 | 000,470,544 | ---- | M] () -- C:\Program Files\Core Temp\Core Temp.exe
PRC - [2010/04/12 17:29:29 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\JDK\bin\jqs.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/08 11:10:20 | 000,450,560 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/09/08 11:09:40 | 000,184,320 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/04/13 17:12:19 | 000,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011/07/09 18:01:17 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\memoirs\Desktop\gmod virus\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/04/12 17:29:29 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\JDK\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/15 13:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/09/08 11:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/09/08 11:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/06 15:33:50 | 006,388,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/12/23 22:53:26 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/12/23 22:53:25 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/08/01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/12/01 03:46:20 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/12/01 03:46:20 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.5.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.0.20110225
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.6.20101009
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1032

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\memoirs\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\JDK\lib\deploy\jqs\ff [2009/05/09 21:22:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/30 00:30:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/30 00:30:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2010/12/23 00:05:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2011/01/30 00:30:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 01:40:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/22 22:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008/11/03 08:27:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/25 19:30:09 | 000,000,000 | ---D | M]

[2009/06/12 19:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\memoirs\Application Data\Mozilla\Extensions
[2011/07/07 04:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\extensions
[2011/01/02 20:48:04 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/07/08 22:15:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/07 12:08:36 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Documents and Settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2011/01/03 02:19:02 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Documents and Settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011/01/30 00:18:46 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Documents and Settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2011/03/12 00:13:58 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/04/21 17:37:12 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\extensions\firefox@ghostery.com
[2011/02/15 22:41:30 | 000,000,000 | ---D | M] (Read It Later) -- C:\Documents and Settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\extensions\isreaditlater@ideashower.com
[2011/06/25 01:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/07 20:26:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MEMOIRS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0A4ZO8AH.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MEMOIRS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0A4ZO8AH.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MEMOIRS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0A4ZO8AH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MEMOIRS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0A4ZO8AH.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MEMOIRS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0A4ZO8AH.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MEMOIRS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0A4ZO8AH.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MEMOIRS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0A4ZO8AH.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
[2009/05/09 21:22:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\JDK\LIB\DEPLOY\JQS\FF
[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/08/26 16:40:37 | 000,416,183 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14390 more lines...
O2 - BHO: (DivX Plus Web Player HTML5


Last edited by planetsngalaxies on Sun 10 Jul 2011, 1:02 pm; edited 1 time in total

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Sun 10 Jul 2011, 1:00 pm

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/09 18:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\memoirs\Desktop\gmod virus
[2011/07/09 00:18:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\memoirs\Recent
[2011/07/09 00:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/08 23:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\G-Programs
[2011/07/08 02:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\memoirs\Local Settings\Application Data\fotw
[2011/07/08 02:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\memoirs\Application Data\fotw
[2011/07/07 00:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/07/07 00:50:13 | 000,145,000 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2011/07/07 00:50:09 | 013,895,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2011/07/07 00:50:09 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2011/07/07 00:50:06 | 000,543,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\easyupdatusapiu.dll
[2011/07/07 00:50:06 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2011/07/07 00:48:55 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/07/07 00:48:54 | 016,068,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/07/07 00:48:54 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/07/07 00:48:53 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/07/07 00:48:47 | 013,004,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/07/07 00:48:47 | 012,753,664 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2011/07/07 00:48:47 | 005,332,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/07/07 00:48:47 | 004,198,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/07/07 00:48:47 | 002,808,936 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/07/07 00:48:47 | 002,328,576 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2011/07/07 00:48:47 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/06/30 06:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\memoirs\Desktop\what_is_this
[2011/06/20 18:43:38 | 000,131,072 | ---- | C] (JCA Consulting) -- C:\WINDOWS\System32\JCDtEx.dll
[2011/06/20 18:43:38 | 000,081,920 | ---- | C] (JCA Consulting) -- C:\WINDOWS\System32\JCRegEx.dll
[2011/06/20 18:43:38 | 000,028,672 | ---- | C] (JCA Consulting) -- C:\WINDOWS\System32\JCSortEx.dll
[2011/06/20 18:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\AOK Mod Pack Studio Lite
[2011/06/20 18:43:25 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011/06/20 17:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/06/20 17:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\memoirs\Start Menu\Programs\Age of Chivalry Hegemony
[2011/06/15 14:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/06/14 14:01:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/14 13:57:00 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/06/14 13:55:34 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2006/09/03 23:08:01 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll
[2006/09/03 23:08:01 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\AxInterop.SHDocVw.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/09 17:49:21 | 000,000,314 | -HS- | M] () -- C:\boot.ini
[2011/07/09 17:38:02 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\memoirs\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2011/07/09 17:30:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1454471165-839522115-1007UA.job
[2011/07/09 17:24:15 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/09 17:21:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/09 03:27:53 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\memoirs\Desktop\xvideoscomf3c03456fd58a7f058c460668439c5bb.html
[2011/07/09 00:20:11 | 000,431,588 | ---- | M] () -- C:\Documents and Settings\memoirs\Desktop\cc_20110709_001956.reg
[2011/07/07 14:46:23 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/07 14:46:23 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/07 01:05:48 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/07 00:49:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/07/06 21:30:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1454471165-839522115-1007Core.job
[2011/07/05 00:43:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/01 17:18:06 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\memoirs\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/06/25 19:16:27 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\memoirs\Desktop\shauncore mad 3.bmp
[2011/06/25 18:34:00 | 000,004,804 | ---- | M] () -- C:\Documents and Settings\memoirs\.recently-used.xbel
[2011/06/25 18:23:38 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\memoirs\Desktop\shauncore mad 2.bmp
[2011/06/25 01:40:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\memoirs\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/23 03:13:16 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\memoirs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/23 01:05:35 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\memoirs\Desktop\shauncore mad.bmp
[2011/06/22 02:15:02 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\memoirs\Desktop\shaunfail1.bmp
[2011/06/19 03:50:39 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\memoirs\Desktop\untitled.bmp
[2011/06/15 17:04:01 | 000,441,546 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 17:04:01 | 000,071,482 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/12 23:47:25 | 000,140,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/06/12 23:47:17 | 000,280,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/09 03:27:53 | 000,010,076 | ---- | C] () -- C:\Documents and Settings\memoirs\Desktop\Skin.swf
[2011/07/09 03:27:53 | 000,009,038 | ---- | C] () -- C:\Documents and Settings\memoirs\Desktop\FLVPlayer.swf
[2011/07/09 03:27:53 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\memoirs\Desktop\xvideoscomf3c03456fd58a7f058c460668439c5bb.html
[2011/07/09 00:19:58 | 000,431,588 | ---- | C] () -- C:\Documents and Settings\memoirs\Desktop\cc_20110709_001956.reg
[2011/07/07 00:49:47 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/07 00:49:47 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/07 00:49:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/07 00:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/07/07 00:48:54 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/07/07 00:48:50 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/25 19:16:26 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\memoirs\Desktop\shauncore mad 3.bmp
[2011/06/25 18:34:00 | 000,004,804 | ---- | C] () -- C:\Documents and Settings\memoirs\.recently-used.xbel
[2011/06/25 18:23:37 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\memoirs\Desktop\shauncore mad 2.bmp
[2011/06/23 01:05:34 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\memoirs\Desktop\shauncore mad.bmp
[2011/06/22 02:15:01 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\memoirs\Desktop\shaunfail1.bmp
[2011/06/19 03:50:38 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\memoirs\Desktop\untitled.bmp
[2011/05/03 20:48:18 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/03/20 18:43:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2010/12/17 20:58:36 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\memoirs\Local Settings\Application Data\d3d9caps.dat
[2010/09/15 20:21:49 | 000,041,240 | ---- | C] () -- C:\WINDOWS\System32\firewallinstallhelper.dll
[2010/07/11 16:00:19 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\memoirs\Application Data\PnkBstrK.sys
[2010/07/11 15:59:39 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/05/10 18:08:02 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/02/13 13:58:34 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2010/02/13 13:58:34 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2010/01/04 19:08:06 | 000,000,531 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/09/29 14:10:25 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/08/26 11:16:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/08/26 11:16:43 | 000,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/07/06 18:59:21 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/10 14:16:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/04 14:20:46 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\memoirs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/12 04:23:42 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/05/12 04:23:41 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2009/03/08 19:19:02 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/03/08 19:19:02 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/02/22 17:16:59 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/02/22 17:16:59 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/02/22 17:16:59 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/02/22 16:30:05 | 000,035,708 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2009/02/19 08:54:57 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2009/01/09 03:10:42 | 000,020,163 | ---- | C] () -- C:\WINDOWS\W2BNEUnin.dat
[2008/12/28 15:51:45 | 000,001,188 | ---- | C] () -- C:\WINDOWS\nwplayer.ini
[2008/11/14 21:52:47 | 000,140,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/14 21:52:39 | 000,280,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/11/14 21:52:13 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/11/03 15:10:43 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/11/03 14:30:11 | 000,154,679 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2008/11/03 08:26:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/11/03 07:02:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/03 06:55:08 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/11/03 06:21:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/03 06:16:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/02 16:28:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/02 16:25:56 | 000,149,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/12/01 03:46:31 | 000,441,546 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/12/01 03:46:31 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/12/01 03:46:31 | 000,071,482 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/12/01 03:46:31 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/12/01 03:46:23 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/12/01 03:46:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/12/01 03:46:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/12/01 03:45:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/12/01 03:45:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/12/01 03:44:56 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 18:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/06/15 21:17:34 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/06/15 21:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/06/15 21:17:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/06/15 21:17:34 | 000,265,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/11/03 07:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2008/11/20 18:09:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/06/20 18:43:39 | 000,000,000 | ---D | M] -- C:\Program Files\AOK Mod Pack Studio Lite
[2010/12/16 01:06:20 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/01/09 02:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
[2008/11/03 07:08:41 | 000,000,000 | ---D | M] -- C:\Program Files\AutoPatcher
[2011/07/09 00:15:00 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/04/09 22:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/01/26 16:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\Core Temp
[2010/06/23 08:06:26 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2010/07/09 00:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\Deluge
[2010/12/23 23:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2010/12/25 10:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011/01/30 00:30:11 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2011/03/08 15:34:54 | 000,000,000 | ---D | M] -- C:\Program Files\Dragon Age
[2011/03/22 22:17:05 | 000,000,000 | ---D | M] -- C:\Program Files\Dragon Age 2
[2011/03/20 18:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2011/06/23 02:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\Free FLV Converter
[2011/07/08 23:52:03 | 000,000,000 | ---D | M] -- C:\Program Files\G-Programs
[2011/04/09 02:08:07 | 000,000,000 | ---D | M] -- C:\Program Files\GeMM
[2011/05/25 21:24:24 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/07/09 00:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\GTK2-Runtime
[2008/11/14 23:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\Guitar Pro 5
[2009/06/12 18:33:55 | 000,000,000 | ---D | M] -- C:\Program Files\HighMAT CD Writing Wizard
[2010/03/03 18:31:17 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallJammer Registry
[2011/04/17 14:43:19 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/29 21:47:56 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/11/03 07:39:55 | 000,000,000 | ---D | M] -- C:\Program Files\Malicious Software Removal Tool
[2011/07/08 22:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/18 15:04:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mass Effect
[2010/09/13 18:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mass Effect 2
[2009/06/12 23:13:15 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/06/14 15:35:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/11/03 06:19:56 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/06/20 18:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/07/23 21:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/11/29 20:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2011/06/15 19:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/11/29 20:21:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2008/11/29 20:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/12/27 03:00:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2008/11/29 20:18:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/04/27 00:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\mIRC
[2010/06/22 21:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mount&Blade Warband
[2011/04/08 22:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/06/25 01:40:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/01/30 00:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7
[2009/01/16 22:52:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2008/11/03 07:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/07/23 21:19:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/11/03 06:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/11/03 06:16:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/11/03 07:39:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/01/17 05:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/06/12 23:06:33 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/05/23 21:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
[2008/12/30 00:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\NoteWorthy Player
[2011/03/06 02:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\NTCore
[2011/07/07 00:54:54 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/12/25 12:09:23 | 000,000,000 | ---D | M] -- C:\Program Files\Olympus
[2010/12/15 21:12:23 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/06/04 10:15:01 | 000,000,000 | ---D | M] -- C:\Program Files\Paradox Interactive
[2011/03/22 22:18:22 | 000,000,000 | ---D | M] -- C:\Program Files\paulstretch
[2010/12/28 22:46:39 | 000,000,000 | ---D | M] -- C:\Program Files\Phyxion.net
[2010/07/11 20:57:15 | 000,000,000 | ---D | M] -- C:\Program Files\PS3 Media Server
[2010/12/16 01:07:10 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/11/03 08:26:37 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/09/21 21:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Rectangle Red
[2008/11/03 07:35:52 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/05/12 15:41:47 | 000,000,000 | ---D | M] -- C:\Program Files\RollerCoaster Tycoon
[2010/06/13 07:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/21 17:26:14 | 000,000,000 | ---D | M] -- C:\Program Files\StarCraft
[2011/02/04 19:10:02 | 000,000,000 | ---D | M] -- C:\Program Files\Stardock
[2011/02/04 19:09:44 | 000,000,000 | ---D | M] -- C:\Program Files\Stardock Games
[2011/07/09 17:38:09 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/05/09 21:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2011/04/17 18:34:57 | 000,000,000 | ---D | M] -- C:\Program Files\The Witcher Enhanced Edition
[2009/09/29 14:09:43 | 000,000,000 | ---D | M] -- C:\Program Files\Thief - Deadly Shadows
[2011/03/20 18:47:59 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2011/07/08 15:05:59 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2009/03/08 23:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Unreal Anthology
[2008/11/03 15:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/04/26 14:06:07 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft II BNE
[2011/07/02 09:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2008/11/03 07:25:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/11/03 07:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal Viewer
[2010/06/14 15:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/06/14 15:35:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/01/21 23:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/06/12 23:06:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/06/12 23:06:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/12/23 01:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\WinMerge
[2011/03/28 22:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2008/11/03 06:19:56 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/12/15 21:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\Zune


< MD5 for: AGP440.SYS >
[2004/08/03 18:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/06/12 23:01:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/06/12 23:01:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 18:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/06/12 23:01:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/06/12 23:01:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 15:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/03 18:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/06/12 23:01:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/06/12 23:01:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 15:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 17:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-08 21:59:13

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/15 21:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/15 21:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/15 21:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/15 21:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/15 21:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/15 21:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\memoirs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\memoirs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\memoirs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\memoirs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2008/04/13 17:12:22 | 000,832,512 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/15 21:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/15 21:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/15 21:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/15 21:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/15 21:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/15 21:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\memoirs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\memoirs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\memoirs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\memoirs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2008/04/13 17:12:22 | 000,832,512 | ---- | M] (Microsoft Corporation)

< End of report >

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Sun 10 Jul 2011, 1:03 pm

aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-09 18:32:01
-----------------------------
18:32:01.765 OS Version: Windows 5.1.2600 Service Pack 3
18:32:01.765 Number of processors: 4 586 0x203
18:32:01.765 ComputerName: ADRIAN-9B9F6298 UserName: memoirs
18:32:03.296 Initialize success
18:32:54.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
18:32:54.031 Disk 0 Vendor: WDC_WD5000AACS-00ZUB0 01.01B01 Size: 476940MB BusType: 3
18:32:56.421 Disk 0 MBR read successfully
18:32:56.421 Disk 0 MBR scan
18:32:56.421 Disk 0 unknown MBR code
18:32:58.421 Disk 0 scanning sectors +976768065
18:32:58.437 Disk 0 scanning C:\WINDOWS\system32\drivers
18:33:04.484 Service scanning
18:33:05.343 Disk 0 trace - called modules:
18:33:05.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:33:05.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfcc5dab8]
18:33:05.343 3 CLASSPNP.SYS[f5e07fd7] -> nt!IofCallDriver -> \Device\00000078[0xfcc1cf18]
18:33:05.343 5 ACPI.sys[f5c9e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0xfcc99940]
18:33:05.343 Scan finished successfully
18:33:19.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\memoirs\Desktop\MBR.dat"
18:33:19.765 The log file has been saved successfully to "C:\Documents and Settings\memoirs\Desktop\aswMBR.txt"


planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Sun 10 Jul 2011, 1:03 pm

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 20
Java(TM) SE Development Kit 6 Update 13
Java DB 10.4.1.3
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.1.53.64
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Malwarebytes' Anti-Malware mbamservice.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
``````````End of Log````````````

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Tue 12 Jul 2011, 1:11 pm

bump

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by Belahzur on Wed 13 Jul 2011, 11:23 am

Hi,


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Wed 13 Jul 2011, 6:39 pm

Hi Belahzur,

I followed the instructions for Combofix but a major problem has occurred. After I ran it my computer restarted but at the black load screen where you select which way to run Windows, it gave the error:

"Windows could not start because the following file is missing or corrupt:
{Windows root}\system32\hal.dll
Please re-install a copy of the above file."

The only reason I could think this could be happening is, several months ago I edited the boot.ini so Windows would run in a "3gb enabled mode". Unfortunately, I can't find the backup I made then and I don't remember what the original boot.ini read.

I'm still able to run Fedora (Linux) instead of Windows on the same machine. Here is the boot.ini as it is now:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windo ws XP Professional SP2" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windo ws XP Professional w/3GB" /fastdetect /3GB /Userva=2900

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Wed 13 Jul 2011, 7:35 pm

Alright, I was able to get Windows to start again by replacing boot.ini with the backup that was created. The backup was:


[boot loader]
timeout=6
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windo ws XP Professional SP2" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windo ws XP Professional w/3GB" /fastdetect /3GB /Userva=2900

which I assume was the boot.ini before I ran PCHelpForum.exe

However, there is no ComboFix.txt in the C:\ directory and for some reason it created an Internet Explorer icon on my desktop. Should I run PCHelpForum.exe again and, if so, what should I do to prevent the hal.dll error from happening again?

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Fri 15 Jul 2011, 8:52 pm

Is my situation hopeless? Please don't give up on me, Belahzur!

Just some additional information: Every time I log on to my regular administrator account the little blue ComboFix box pops up for a millisecond (this is right when I log on and all my startup programs are starting). But other than the that everything else is fine on this account and I can use my computer normally.

However, other accounts on this computer are unusable. If I log on to those the ComboFix box pops up but it keeps flickering and I can't do anything but alt+ctrl+del and log off or restart.

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by Belahzur on Mon 18 Jul 2011, 3:12 am

Hello.
Sorry for the delay, been busy.

Did you get a full log?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Mon 18 Jul 2011, 11:29 am

Hi

There was no ComboFix.txt in C:\ but there was a ComboFix2.txt in C:\Qoobox. Hopefully this is the correct file:

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\jdk\bin\jusched.exe" [2009-05-10 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2008-8-8 1011320]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"\\\\GOLLUM\\SID MEIER'S CIVILIZATION 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\insurgency\\hl2.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
"c:\\JDK\\bin\\java.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\EA Games\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\adrianwar\\counter-strike\\hl.exe"=
"c:\\Program Files\\Unreal Anthology\\UnrealTournament\\System\\UnrealTournament.exe"=

R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\EBoost.sys [8/8/2008 5:17 AM 96376]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [8/8/2008 5:17 AM 843384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/9/2009 3:04 AM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\memoirs\Application Data\Mozilla\Firefox\Profiles\0a4zo8ah.default\
FF - plugin: c:\jdk\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\jdk\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-07 12:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3524)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\wudfhost.exe
c:\jdk\bin\jqs.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\jdk\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-07-07 12:52:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-07 19:51
ComboFix2.txt 2010-06-22 03:16
ComboFix3.txt 2010-06-21 19:37
ComboFix4.txt 2010-06-20 18:16
ComboFix5.txt 2010-07-07 19:31

Pre-Run: 83,780,628,480 bytes free
Post-Run: 84,274,728,960 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - FE2D4B1395587D79CA219BD92D6C10B0

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by Belahzur on Wed 20 Jul 2011, 12:10 pm

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Thu 21 Jul 2011, 6:23 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=545800214e767c44919dba26d77e7bcd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-21 07:21:41
# local_time=2011-07-21 12:21:41 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=350176
# found=5
# cleaned=5
# scan_time=7257
C:\Documents and Settings\All Users\Application Data\eAp06504aLlMj06504\eAp06504aLlMj06504.exe a variant of Win32/Kryptik.MNK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\memoirs\Application Data\Sun\Java\Deployment\cache\6.0\60\e8267fc-651627af probably a variant of Win32/Agent.LMMBFXF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\G-Programs\G-Addon\G-Addon.exe probably a variant of Win32/Agent.CNGGIXJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{E6D0EFC5-8EBF-48C0-B25D-A38E76BFF896}\RP7\A0013013.exe a variant of Win32/Kryptik.MNK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{E6D0EFC5-8EBF-48C0-B25D-A38E76BFF896}\RP7\A0013014.exe probably a variant of Win32/Agent.CNGGIXJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by Belahzur on Thu 21 Jul 2011, 10:47 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    C:\Documents and Settings\All Users\Application Data\eAp06504aLlMj06504

    :commands
    [emptytemp]
    [clearallrestorepoints]
    [reboot]



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Fri 22 Jul 2011, 12:11 pm

All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\eAp06504aLlMj06504 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: abe
->Temp folder emptied: 710567 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 1483637774 bytes
->Temporary Internet Files folder emptied: 3683971 bytes
->Java cache emptied: 1852842 bytes
->FireFox cache emptied: 560512528 bytes
->Flash cache emptied: 104943 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: memoirs
->Temp folder emptied: 35499563 bytes
->Temporary Internet Files folder emptied: 4933920 bytes
->Java cache emptied: 16940407 bytes
->FireFox cache emptied: 280532132 bytes
->Google Chrome cache emptied: 337605728 bytes
->Flash cache emptied: 2571521 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 163840 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 214128880 bytes

Total Files Cleaned = 2,807.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.26.1 log created on 07212011_174356

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by Belahzur on Sun 24 Jul 2011, 7:33 am

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Sun 24 Jul 2011, 12:21 pm

As good as ever but that un-deletable folder is still on my desktop. Since we cleaned out the viruses and malware do you think the problem is that my hard drive is just malfunctioning?

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Tue 26 Jul 2011, 7:16 am

Alright I assume that's a yes, haha.

Thanks again for everything Belahzur

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by Belahzur on Wed 27 Jul 2011, 12:32 pm

Can you take a screenshot of that folder? I want to see it.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Wed 27 Jul 2011, 2:41 pm

Sure. Here it is along with the message I get when I try to open or delete it.


planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by Sneakyone on Sat 30 Jul 2011, 5:38 pm

Hi,

Open up command prompt and type: CHKDSK /r then hit enter.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Sat 13 Aug 2011, 12:20 pm

Haha! It worked!

Thank you! I was able to delete it.

planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by Sneakyone on Sat 13 Aug 2011, 12:39 pm

You're welcome, glad to help. Do you require anymore assistance?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Possible garrys mod virus?

Post by planetsngalaxies on Sat 13 Aug 2011, 8:36 pm

No, everything is running fine. However, somebody did steal my credit card info and tried to purchase something last week and I don't have any of that information saved on my hard drive.

Could this have been from one of the trojans Belahzur helped me remove that could've include a key logger? Should we do another scan?


planetsngalaxies

Newbie Surfer
Newbie Surfer

Posts : 33
Joined : 2010-06-17
Operating System : Windows XP and Linux

View user profile

Back to top Go down

Re: Possible garrys mod virus?

Post by Sponsored content Today at 7:53 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum