Malwarebytes' Anti-Malware 1.36
Database version: 2104
Windows 5.1.2600 Service Pack 3
10/05/2009 19:26:10
mbam-log-2009-05-10 (19-26-02).txt
Scan type: Quick Scan
Objects scanned: 83077
Time elapsed: 2 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> No action taken.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Owner\protect.dll (Worm.Autorun) -> No action taken.
C:\Documents and Settings\LocalService\protect.dll (Worm.Autorun) -> No action taken.
C:\WINDOWS\system32\config\SystemProfile\protect.dll (Worm.Autorun) -> No action taken.
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\lmn_setup.exe (Trojan.Downloader) -> No action taken.
problems with autochk.dll / msb.dll [Solved]
-
This topic is locked
#1
Posted 10 May 2009 - 12:31 PM
-
- Member
-
- 41 posts
Member
#2
Posted 23 May 2009 - 05:17 PM
-
- Retired Staff
-
- 5,152 posts
R.I.P.
Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.
Step #1
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Double-click GooredFix.exe to run it.
- Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
- A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Step #2
- Download OTListIt2 to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Step #3
Download Rooter.exe to your desktop
- Then doubleclick it to start the tool
- A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here
#3
Posted 23 May 2009 - 06:32 PM
- Topic Starter
-
- Member
-
- 41 posts
Member
i miss the days of just being able to run adaware, then HJT if it was a "bad" case. Things are so confusing now 
Goored Fix:
GooredFix v1.92 by jpshortstuff
Log created at 01:08 on 24/05/2009 running Option #1 (Owner)
Firefox version 3.0.10 (en-GB)
=====Suspect Goored Entries=====
C:\Program Files\Mozilla Firefox\extensions\{CDA20898-0EC4-4252-B3F4-CB5010C93253}
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\Program Files\AVG\AVG8\ToolbarFF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"
OTList2:
OTL logfile created on: 24/05/2009 01:18:43 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
766.95 Mb Total Physical Memory | 277.30 Mb Available Physical Memory | 36.16% Memory free
1.79 Gb Paging File | 1.33 Gb Available in Paging File | 74.45% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 102.56 Gb Free Space | 55.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 2.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAINPC
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\avast!Antivirus.exe ()
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AresChatServer [On_Demand | Stopped]) -- C:\Program Files\Ares\chatServer.exe (Ares Development Group)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avast!Antivirus [Auto | Running]) -- C:\WINDOWS\System32\avast!Antivirus.exe ()
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WinVNC4 [Auto | Running]) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AN983 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AN983.sys (ADMtek Incorporated.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (IntelS51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelS51.sys (Intel Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSide [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CDA20898-0EC4-4252-B3F4-CB5010C93253}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.24
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.06.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.1.0.7
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/04 08:58:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/05/04 08:58:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/08 14:00:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 17:25:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 15:59:50 | 00,000,000 | ---D | M]
[2008/07/05 15:10:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/07/05 15:10:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/21 01:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6sixzov2.default\extensions
[2009/02/05 14:58:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6sixzov2.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/04/30 22:05:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6sixzov2.default\extensions\[email protected]
[2009/05/21 01:15:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 15:59:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/10 19:08:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CDA20898-0EC4-4252-B3F4-CB5010C93253}
[2009/04/29 15:59:44 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 15:59:44 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/29 18:06:46 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/09/29 18:06:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/29 18:06:46 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/09/29 18:06:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 20:35:05 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/09/29 18:06:46 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/29 18:06:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/29 18:06:46 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (305748 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10550 more lines...
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1208953580703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1213631039562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun....ows-i586-jc.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 12:06:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - File not found
O34 - HKLM BootExecute: (*) - * [2009/05/24 01:08:38 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
========== Files/Folders - Created Within 30 Days ==========
[1 C:\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/24 01:07:47 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/05/24 01:04:30 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/05/24 01:04:15 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GooredFix.exe
[2009/05/23 22:56:24 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/05/23 22:56:18 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29125.exe
[2009/05/23 22:47:13 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/23 22:27:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\temp
[2009/05/23 21:34:17 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/23 21:34:13 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/23 21:34:12 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/23 21:31:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/23 21:31:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/23 21:31:28 | 00,139,776 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/05/23 21:31:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/23 21:31:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/23 21:31:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/23 21:31:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/23 21:31:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/23 21:26:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/22 16:56:10 | 00,003,220 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090522_165607.reg
[2009/05/22 09:38:08 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\avast!Antivirus.exe
[2009/05/22 01:08:50 | 00,000,136 | ---- | C] () -- C:\WINDOWS\System32\vp_setup.exe.bat
[2009/05/20 09:03:47 | 00,208,829 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Pawn-1.1.10.zip
[2009/05/18 14:35:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Slapdash Games
[2009/05/18 14:35:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Slapdash Games
[2009/05/18 09:49:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XLab
[2009/05/17 16:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Drugstore Mania
[2009/05/17 16:10:53 | 00,000,000 | ---D | C] -- C:\Program Files\Drugstore Mania
[2009/05/17 16:09:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Yard Sale Hidden Treasures - Lucky Junction
[2009/05/17 16:09:44 | 00,000,000 | ---D | C] -- C:\Program Files\Yard Sale Hidden Treasures - Lucky Junction
[2009/05/13 14:45:41 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/13 14:42:14 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/11 15:02:01 | 00,000,000 | ---D | C] -- C:\fishsim2
[2009/05/10 19:02:18 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/10 18:36:17 | 00,500,480 | ---- | C] (Proland Software) -- C:\Documents and Settings\All Users\Documents\cleanautorun.exe
[2009/05/10 18:23:33 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rundll32.exe
[2009/05/10 18:23:33 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rundll32.exe
[2009/05/10 14:31:37 | 00,000,000 | ---D | C] -- C:\rsit
[2009/05/10 14:16:52 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
[2009/05/07 15:46:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Laura Jones and the Secret Legacy of Nikola Tesla
[2009/05/07 15:46:25 | 00,000,000 | ---D | C] -- C:\Program Files\Laura Jones and the Secret Legacy of Nikola Tesla
[2009/05/04 15:20:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Wandering Willows
[2009/05/04 15:20:02 | 00,000,000 | ---D | C] -- C:\Program Files\Wandering Willows
[2009/05/02 20:11:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Twintale Entertainment
[2009/05/02 20:08:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Pocahontas - Princess of Powhatan
[2009/05/02 20:08:52 | 00,000,000 | ---D | C] -- C:\Program Files\Pocahontas - Princess of Powhatan
[2009/05/01 15:25:07 | 00,000,616 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2009/05/01 15:18:25 | 00,161,816 | ---- | C] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2009/05/01 15:18:24 | 00,000,000 | ---D | C] -- C:\Program Files\RegGenie
[2009/05/01 00:57:57 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/04/29 20:51:02 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/04/29 20:47:19 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
[2009/04/27 13:02:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\3 Days Zoo Mystery
[2009/04/27 12:22:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\3 Days Zoo Mystery
[2009/04/27 12:22:19 | 00,000,000 | ---D | C] -- C:\Program Files\3 Days Zoo Mystery
[2009/04/26 16:04:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Real Crimes - The Unicorn Killer
[2009/04/25 14:22:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\PJ Pride Pet Detective Destination Europe
[2009/04/25 14:21:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cate West - The Velvet Keys
[2009/04/25 14:21:37 | 00,000,000 | ---D | C] -- C:\Program Files\Cate West - The Velvet Keys
[2009/04/24 15:11:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2009/03/30 19:37:29 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/02/19 23:43:47 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/18 16:21:36 | 00,000,915 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008/10/02 12:40:38 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/09/19 22:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 22:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 22:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 22:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/23 19:46:25 | 00,000,020 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/06/18 10:37:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/14 16:35:52 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/12 16:09:02 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/12 16:09:02 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/12 16:09:02 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/12 16:09:02 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/12 16:09:02 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/12 16:09:02 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/12 16:09:00 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/12 16:08:58 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/12 16:08:58 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/06 19:13:06 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/25 23:40:51 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\swsystem.dll
[2008/05/16 15:01:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 15:01:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 15:01:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 15:01:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 15:01:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/15 13:27:02 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/10 22:48:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/05/01 19:09:49 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/01 19:09:46 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/01 19:09:46 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/01 19:09:45 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/01 19:09:45 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/29 19:26:51 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/04/23 19:51:49 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/04/23 13:28:37 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/04/23 13:21:52 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/04/23 13:21:24 | 00,127,681 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/04/23 13:21:18 | 00,102,622 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/04/23 12:11:44 | 00,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/03/31 13:00:00 | 00,000,593 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== Files - Modified Within 30 Days ==========
[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/24 01:09:52 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/05/24 01:09:25 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/05/24 01:09:25 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GooredFix.exe
[2009/05/23 23:39:45 | 00,305,748 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/23 23:35:38 | 36,377,403 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/23 23:02:35 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/23 23:01:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/23 22:59:53 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/23 22:59:37 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/23 22:58:52 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/05/23 22:58:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/23 22:58:48 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/05/23 22:58:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/23 22:54:46 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29125.exe
[2009/05/23 22:49:45 | 00,003,220 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090522_165607.reg
[2009/05/23 22:01:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/23 21:58:24 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090523-233945.backup
[2009/05/23 21:34:17 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/23 21:01:06 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/23 17:25:44 | 00,139,776 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/05/23 09:00:36 | 00,059,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/22 09:37:58 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\avast!Antivirus.exe
[2009/05/22 01:08:50 | 00,000,136 | ---- | M] () -- C:\WINDOWS\System32\vp_setup.exe.bat
[2009/05/21 20:11:10 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/21 03:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/05/20 09:03:56 | 00,208,829 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Pawn-1.1.10.zip
[2009/05/14 21:02:35 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/05/14 21:02:35 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/05/13 14:45:41 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/10 19:44:09 | 00,036,352 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\Thumbs.db
[2009/05/10 18:36:31 | 00,500,480 | ---- | M] (Proland Software) -- C:\Documents and Settings\All Users\Documents\cleanautorun.exe
[2009/05/10 14:16:57 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 21:44:59 | 00,000,586 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2009/05/06 18:33:51 | 00,000,915 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2009/05/03 10:26:59 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/03 10:26:59 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/03 10:26:59 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/03 10:26:49 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/01 15:25:07 | 00,000,616 | ---- | M] () -- C:\WINDOWS\RegGenie.ini
[2009/04/29 20:51:02 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/04/29 20:49:42 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
========== LOP Check ==========
[2009/05/18 09:49:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/29 22:33:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/08/23 17:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/18 15:59:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2008/11/08 13:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2008/12/21 16:18:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlwaysNeat
[2009/02/10 20:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ApeZone
[2008/12/26 19:22:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arkadium
[2008/05/16 16:35:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2009/05/23 16:39:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/21 22:01:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games Vancouver
[2008/06/18 14:27:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFish
[2008/08/04 10:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2009/01/01 11:48:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/02/19 20:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2008/06/06 15:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalChocolate
[2009/02/15 13:14:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2009/01/06 12:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2008/04/23 15:18:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/29 16:00:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2008/08/27 10:00:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009/01/12 13:43:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2008/06/28 13:45:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2009/02/04 13:10:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/06/30 08:27:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2008/10/27 10:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/01/06 13:43:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/09/22 09:13:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/11/20 14:34:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2009/02/05 21:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
[2009/05/23 07:45:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2008/04/30 15:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2008/11/21 15:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/02/01 16:07:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2008/06/17 08:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/04/21 21:42:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2008/12/19 15:09:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2009/01/06 12:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2008/12/17 14:34:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/05/29 21:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/01/13 09:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/10 20:36:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mandragora
[2009/03/08 14:07:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/04/30 18:48:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/09/14 23:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
[2009/04/09 16:00:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2008/12/01 17:34:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2008/11/29 11:39:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/01/23 15:15:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2008/09/10 10:49:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
[2009/05/04 15:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/17 13:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2008/11/29 23:46:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2009/02/24 14:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2008/10/05 12:56:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RealArcade
[2008/12/22 13:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/05/18 14:35:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2009/01/13 14:45:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sowhat
[2008/06/05 11:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/05/23 23:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/05/23 13:17:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/05 14:52:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2008/08/15 19:11:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/01/17 16:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/06/10 22:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2008/04/23 18:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/06/16 13:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/05/18 09:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2008/04/23 18:31:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/05/23 21:45:15 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data
[2009/04/27 13:03:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3 Days Zoo Mystery
[2009/02/21 04:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acreon
[2008/05/06 18:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2008/08/23 17:13:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2008/06/13 17:36:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2008/07/11 13:43:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2009/01/24 09:42:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlterLab
[2008/08/01 07:21:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amaranth Games
[2008/08/11 20:25:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ancient Quest of Saqqarah__reflexive
[2008/12/04 21:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Archibald's Adventures
[2008/11/12 23:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artogon
[2009/05/05 01:54:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
[2009/04/21 20:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azuaz Games
[2008/09/04 09:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BeachPartyCraze
[2008/08/29 11:08:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2008/06/18 14:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BigFish
[2009/01/01 11:48:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2009/01/24 09:03:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2009/03/02 19:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BrandX Games
[2008/12/19 20:49:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CatmoonGames
[2008/12/22 20:25:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cat's Eye Games
[2008/06/09 13:54:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus
[2008/11/13 00:25:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus.media
[2009/01/30 16:34:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coyotes Tale
[2008/11/24 15:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivX
[2008/10/17 12:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dragon Altar Games
[2008/09/04 14:18:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2009/01/06 12:19:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eGames
[2008/10/02 19:47:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EleFun Games
[2009/01/09 16:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fabulous Finds
[2008/07/13 11:35:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FarmerJane
[2008/11/25 13:29:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2009/02/04 13:10:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2008/09/26 13:12:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles2
[2008/12/19 23:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2008/05/17 14:19:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
[2008/11/14 10:32:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
[2008/12/26 16:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games
[2008/06/04 09:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GamesCafe
[2008/11/20 14:34:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gogii Games
[2008/08/15 19:12:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Go-Go Gourmet Chef of the Year
[2009/02/05 21:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gold Casual Games
[2008/10/03 16:58:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/04/18 20:35:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HiT-MM
[2008/06/16 17:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HP
[2008/04/23 13:18:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2008/12/28 20:34:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IOMediaSupport6SZZ001s
[2009/01/27 16:26:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Island
[2008/05/29 17:28:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ITTNord
[2009/01/06 12:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2008/08/23 10:03:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Realty hitzwarez net
[2009/01/28 17:09:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jetsetter
[2008/10/03 18:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JoyBits
[2008/07/29 15:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2008/05/02 11:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LTOA
[2008/05/29 21:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2008/04/23 16:25:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2008/05/17 14:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Seeds
[2009/01/13 09:56:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2008/05/01 19:12:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Media Player Classic
[2008/12/17 13:48:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Meridian93
[2008/12/10 20:04:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2008/07/05 15:10:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2008/05/13 21:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2008/07/03 12:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MysteryStudio
[2009/02/17 15:55:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\panoramik
[2009/05/04 15:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2009/04/24 15:11:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2009/02/24 14:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PoBros
[2008/12/10 15:40:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2008/05/16 19:06:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Purple Patch Games
[2009/03/22 17:21:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Real
[2008/08/23 11:56:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Righteous Kill
[2009/01/25 21:48:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2008/10/24 09:20:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecretIslandEng
[2008/12/18 16:10:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
[2008/12/02 18:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shape games
[2009/04/04 16:41:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ShinyTales
[2009/04/12 14:01:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skunk Studios
[2008/12/28 20:34:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spinapse
[2009/04/17 15:51:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop Games
[2008/05/10 15:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sudden Games
[2008/05/16 16:37:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SultanofPersia
[2008/07/05 08:31:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SulusGames
[2008/04/23 12:10:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/01/06 02:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Players
[2008/12/28 20:34:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Prefs
[2009/05/16 15:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2008/08/25 17:46:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TMInc
[2009/03/20 14:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Total Eclipse
[2009/05/02 20:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Twintale Entertainment
[2009/04/06 20:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ubisoft
[2008/04/28 17:34:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/01/17 16:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Valusoft
[2009/02/20 03:27:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ventrilo
[2009/02/14 15:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\V-Games
[2009/02/06 02:10:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ViquaSoft
[2008/04/25 15:02:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\vlc
[2008/04/28 14:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wildfire
[2008/04/23 13:37:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2009/05/23 21:01:06 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2003/03/31 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/23 22:59:37 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/05/23 23:02:35 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/05/23 22:58:52 | 00,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/05/21 03:00:00 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/05/23 22:58:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7547DA5B
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA9F45B5
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FF74A17
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14FA5E46
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65241CBC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EB551C8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2C80DE4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2CD146E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDEB08FD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4CB577E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2FF2B0A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D7D575C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A28B4A2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1740DC47
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E224648
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E07EA07E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6FD7157
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD13A410
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95970EA3
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
< End of report >
Extras:
OTL Extras logfile created on: 24/05/2009 01:18:43 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
766.95 Mb Total Physical Memory | 277.30 Mb Available Physical Memory | 36.16% Memory free
1.79 Gb Paging File | 1.33 Gb Available in Paging File | 74.45% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 102.56 Gb Free Space | 55.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 2.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAINPC
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"14229:TCP" = 14229:TCP:*:Enabled:BitComet 14229 TCP
"14229:UDP" = 14229:UDP:*:Enabled:BitComet 14229 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader: 6112
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client (www.BitComet.com)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:winvnc4 (RealVNC Ltd.)
C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows (Ares Development Group)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek ()
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe ()
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ()
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher (Blizzard Entertainment)
C:\Documents and Settings\Owner\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = TRS2006
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD6E97C6-310B-487A-945E-18965FF0E20E}" = NVIDIA PhysX v8.06.12
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"3 Days Zoo Mystery1.0" = 3 Days Zoo Mystery
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.2
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adventure Chronicles - The Search for Lost Treasure 1.00" = Adventure Chronicles - The Search for Lost Treasure 1.00
"Affair Bureau 1.00" = Affair Bureau 1.00
"Ares" = Ares 2.0.9
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"Between the Worlds 1.00" = Between the Worlds 1.00
"BFGC" = Big Fish Games Client
"BitComet" = BitComet 1.09
"ca" = ca
"Cate West - The Velvet Keys1.1" = Cate West - The Velvet Keys
"CCleaner" = CCleaner (remove only)
"CSI - NY1.0" = CSI - NY
"Diamond Drop 21.0" = Diamond Drop 2
"Dream Chronicles The Chosen Child1.0.104" = Dream Chronicles The Chosen Child
"Drugstore Mania1.0" = Drugstore Mania
"Escape Rosecliff Island1.00" = Escape Rosecliff Island
"Farm Frenzy Pizza Party 1.00" = Farm Frenzy Pizza Party 1.00
"Farm Frenzy_is1" = Farm Frenzy
"Flux Family Secrets - The Ripple Effect1.0" = Flux Family Secrets - The Ripple Effect
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Updater" = Google Updater
"Hidden in Time - Mirror Mirror 1.00" = Hidden in Time - Mirror Mirror 1.00
"Hidden Mysteries Buckingham Palace1.0" = Hidden Mysteries Buckingham Palace
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Intel® 536EP Modem" = Intel® 536EP Modem
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Laura Jones and the Secret Legacy of Nikola Tesla1.0" = Laura Jones and the Secret Legacy of Nikola Tesla
"LimeWire" = LimeWire PRO 4.16.7
"Lost in the City 1.00" = Lost in the City 1.00
"Lost Secrets Bermuda Triangle1.0" = Lost Secrets Bermuda Triangle
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money Tree1.0" = Money Tree
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mystery Stories-Island of Hope1.0" = Mystery Stories-Island of Hope
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NickChase Detective Story 1.00" = NickChase Detective Story 1.00
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Paranormal Agency 1.00" = Paranormal Agency 1.00
"PJ Pride 2 Destination Europe 1.00" = PJ Pride 2 Destination Europe 1.00
"PJ Pride Pet Detective Destination Europe1.0" = PJ Pride Pet Detective Destination Europe
"Plan It Green1.0" = Plan It Green
"Pocahontas - Princess of Powhatan1.0" = Pocahontas - Princess of Powhatan
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Enterprise Edition 4.1.9
"Serpent of Isis BETA 1.00" = Serpent of Isis BETA 1.00
"SiS 661FX_760_741_M661FX_M760_M741" = SiS 661FX_760_741_M661FX_M760_M741
"Soulseek" = SoulSeek Client 156c
"ST5UNST #1" = FSUTILS
"Sunset Studio Love on the High Seas 1.00" = Sunset Studio Love on the High Seas 1.00
"SystemRequirementsLab" = System Requirements Lab
"The Amazing Brain Train1.0" = The Amazing Brain Train
"Treasure Seekers - Visions of Gold FINAL 1.00" = Treasure Seekers - Visions of Gold FINAL 1.00
"Tumblebugs 2_is1" = Tumblebugs 2
"Undiscovered World The Incan Sun 1.00" = Undiscovered World The Incan Sun 1.00
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Wandering Willows1.0.250" = Wandering Willows
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wonderburg1.0" = Wonderburg
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yard Sale Hidden Treasures - Lucky Junction1.04" = Yard Sale Hidden Treasures - Lucky Junction
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05/05/2009 00:33:32 | Computer Name = MAINPC | Source = Application Hang | ID = 1002
Description = Hanging application Wow.exe, version 3.1.1.9835, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 05/05/2009 16:00:01 | Computer Name = MAINPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 05/05/2009 21:17:33 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
Description =
Error - 06/05/2009 14:26:49 | Computer Name = MAINPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 07/05/2009 14:52:42 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
Description =
Error - 07/05/2009 14:52:48 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
Description =
Error - 08/05/2009 04:16:01 | Computer Name = MAINPC | Source = MPSampleSubmission | ID = 5000
Description =
Error - 17/05/2009 08:18:45 | Computer Name = MAINPC | Source = Application Hang | ID = 1002
Description = Hanging application SunsetStudios2_Final.exe, version 1.0.0.21, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 18/05/2009 09:37:37 | Computer Name = MAINPC | Source = Application Hang | ID = 1002
Description = Hanging application yardsale2.exe, version 9.5.14.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 20/05/2009 04:13:25 | Computer Name = MAINPC | Source = Application Error | ID = 1000
Description = Faulting application service-466.exe, version 0.0.0.0, faulting module
service-466.exe, version 0.0.0.0, fault address 0x00003fe6.
[ System Events ]
Error - 23/05/2009 16:02:23 | Computer Name = MAINPC | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.
Error - 23/05/2009 16:12:30 | Computer Name = MAINPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 23/05/2009 16:21:19 | Computer Name = MAINPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 23/05/2009 16:35:33 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.
Error - 23/05/2009 16:36:13 | Computer Name = MAINPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 23/05/2009 16:38:33 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 23/05/2009 16:40:22 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.
Error - 23/05/2009 16:54:37 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.
Error - 23/05/2009 17:00:44 | Computer Name = MAINPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.
Error - 23/05/2009 17:52:41 | Computer Name = MAINPC | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.
< End of report >
Rooter:
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\avast!Antivirus.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
1 - "C:\Rooter$\Rooter_1.txt" - 24/05/2009| 1:28
----------------------\\ Scan completed at 1:28
#4
Posted 23 May 2009 - 06:43 PM
-
- Retired Staff
-
- 5,152 posts
R.I.P.
Thank you for the welcome, and thank you in advance for your help
You're welcome
i miss the days of just being able to run adaware, then HJT if it was a "bad" case. Things are so confusing now
So do I, now-a-days infections are alot more complicating and harder to remove.
You are using peer-to-peer programs, specifically BitComet.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
Step #1
Please double-click GooredFix.exe on your Desktop to run it.
- Select "2. Fix Goored" by typing 2 and pressing Enter.
- Make sure all instances of Firefox are closed at this point.
- Type y at the prompt and press Enter again.
- A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Step #2
Run OTList2.exe
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Files C:\WINDOWS\System32\vp_setup.exe.bat :Commands [purity] [emptytemp] [start explorer] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
#5
Posted 23 May 2009 - 06:52 PM
- Topic Starter
-
- Member
-
- 41 posts
Member
Goored:
GooredFix v1.92 by jpshortstuff
Log created at 01:50 on 24/05/2009 running Option #2 (Owner)
Firefox version 3.0.10 (en-GB)
=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{CDA20898-0EC4-4252-B3F4-CB5010C93253}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\Program Files\AVG\AVG8\ToolbarFF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"
OTLIST:
========== FILES ==========
C:\WINDOWS\System32\vp_setup.exe.bat moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTL by OldTimer - Version 2.1.1.0 log created on 05242009_015313
Files moved on Reboot...
Registry entries deleted on Reboot...
Edited by NorthernLight, 23 May 2009 - 07:04 PM.
#6
Posted 24 May 2009 - 02:29 PM
-
- Retired Staff
-
- 5,152 posts
R.I.P.
Launch Malwarebytes' Anti-Malware
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
#7
Posted 24 May 2009 - 06:52 PM
- Topic Starter
-
- Member
-
- 41 posts
Member
btw, just realised we share the same birthday(except im older).
#8
Posted 25 May 2009 - 12:55 PM
-
- Retired Staff
-
- 5,152 posts
R.I.P.
as for the kaspersky i think i need to replace some ram and run that tomorrow
Thanks for letting me know!
btw, just realised we share the same birthday(except im older).
Wow, that's cool, that's because its the best day of the year
#9
Posted 26 May 2009 - 05:17 PM
- Topic Starter
-
- Member
-
- 41 posts
Member
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 26, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 26, 2009 20:57:34
Records in database: 2253344
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Files scanned: 186551
Threat name: 5
Infected objects: 21
Suspicious objects: 89
Duration of the scan: 02:26:47
File name / Threat name / Threats count
C:\Program Files\RealVNC\VNC4\wm_hooks.dll/C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 7
C:\Documents and Settings\LocalService\Application Data\916653139.exe Infected: not-a-virus:FraudTool.Win32.MalwareDoctor.g 1
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JDBVY7UQ\mlw[1].exe Infected: not-a-virus:FraudTool.Win32.MalwareDoctor.g 1
C:\Documents and Settings\Owner\Desktop\aaron\hijackthis.log Suspicious: Exploit.HTML.Mht 1 2
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\000a\MoviezChannelsInstaler.exe Infected: Email-Worm.Win32.LovGate.f 1
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\000a\Panda Titanium Crack.zip.exe Infected: Email-Worm.Win32.LovGate.f 1
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0021\Mafia Trainer!!!.exe Infected: Email-Worm.Win32.LovGate.f 1
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0804\Mafia Trainer!!!.exe Infected: Email-Worm.Win32.LovGate.f 1
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0c0c\CloneCD + crack.exe Infected: Email-Worm.Win32.LovGate.f 1
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0c0c\The world of lovers.txt.exe Infected: Email-Worm.Win32.LovGate.f 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RegCure\Logs\Regcure-01-06-08-12-15-16.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-02-06-08-15-09-44.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-02-06-08-21-10-29.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-02-07-08-10-04-52.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-02-07-08-22-24-19.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-03-06-08-15-51-24.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-03-06-08-22-52-23.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-04-07-08-20-09-41.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-06-05-08-10-11-54.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-06-05-08-16-07-14.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-06-05-08-18-46-20.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-06-06-08-18-02-11.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-06-06-08-22-10-08.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-07-05-08-11-28-24.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-07-05-08-12-42-20.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-07-05-08-14-13-46.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-07-05-08-15-33-34.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-08-05-08-14-56-59.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-08-05-08-15-14-17.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-08-06-08-14-03-35.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-09-05-08-23-37-06.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-10-05-08-16-47-07.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-10-05-08-17-17-01.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-10-05-08-19-11-08.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-10-05-08-22-06-51.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-10-05-08-22-55-27.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-11-05-08-19-06-02.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-11-05-08-20-12-32.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-11-06-08-12-16-13.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-12-05-08-13-33-54.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-12-05-08-14-56-00.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-12-05-08-17-48-45.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-12-05-08-19-12-53.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-12-05-08-23-19-58.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-12-06-08-13-11-00.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-13-06-08-13-05-13.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-14-05-08-14-35-44.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-14-05-08-17-25-08.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-14-06-08-15-08-38.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-15-05-08-16-04-15.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-15-05-08-21-21-52.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-05-08-20-25-37.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-06-08-16-33-01.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-06-08-16-33-06.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-06-08-16-34-08.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-06-08-16-34-10.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-06-08-16-34-32.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-06-08-16-34-35.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-06-08-16-35-02.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-06-08-16-36-03.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-06-08-16-36-08.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-06-08-16-36-50.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-16-06-08-16-36-52.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-17-05-08-14-22-51.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-18-05-08-10-12-08.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-18-05-08-13-12-43.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-18-05-08-19-25-17.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-18-05-08-21-13-02.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-18-06-08-10-51-56.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-18-06-08-11-05-14.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-18-06-08-11-11-44.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-18-06-08-20-16-15.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-19-05-08-15-24-59.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-19-05-08-20-06-08.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-19-06-08-03-07-26.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-20-05-08-22-00-24.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-20-05-08-22-33-06.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-20-06-08-13-48-21.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-21-05-08-12-24-48.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-21-05-08-12-25-50.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-21-06-08-09-12-45.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-22-05-08-03-01-55.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-22-05-08-21-04-38.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-22-06-08-19-12-04.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-23-06-08-14-11-43.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-24-05-08-12-40-17.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-24-05-08-20-13-52.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-24-06-08-20-20-19.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-26-05-08-11-57-18.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-26-06-08-11-17-43.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-28-05-08-12-03-46.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-29-06-08-16-04-07.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-30-05-08-14-12-22.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-30-06-08-13-56-05.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-31-05-08-00-20-05.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\RegCure\Logs\Regcure-31-05-08-12-53-43.zip Suspicious: Exploit.HTML.Mht 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080705-150814-528 Suspicious: Exploit.HTML.Mht 1
C:\Program Files\Trend Micro\HijackThis\hijackthis.log Suspicious: Exploit.HTML.Mht 1
C:\System Volume Information\_restore{D94C13D3-D156-4C80-A344-890C48E1CB46}\RP546\A0065684.exe Infected: not-a-virus:FraudTool.Win32.MalwareDoctor.g 1
The selected area was scanned.
#10
Posted 26 May 2009 - 05:24 PM
- Topic Starter
-
- Member
-
- 41 posts
Member
Malwarebytes' Anti-Malware 1.37
Database version: 2183
Windows 5.1.2600 Service Pack 3
27/05/2009 00:24:29
mbam-log-2009-05-27 (00-24-29).txt
Scan type: Quick Scan
Objects scanned: 87662
Time elapsed: 3 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast!Antivirus (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#11
Posted 27 May 2009 - 08:03 AM
-
- Retired Staff
-
- 5,152 posts
R.I.P.
Please download the OTMoveIt3 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:processes explorer.exe :Files C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JDBVY7UQ\mlw[1].exe C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\000a\MoviezChannelsInstaler.exe C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\000a\Panda Titanium Crack.zip.exe C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0021\Mafia Trainer!!!.exe C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0804\Mafia Trainer!!!.exe C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0c0c\CloneCD + crack.exe C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0c0c\The world of lovers.txt.exe C:\Program Files\RegCure :commands [purity] [emptytemp] [start explorer]
- Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
#12
Posted 27 May 2009 - 12:46 PM
- Topic Starter
-
- Member
-
- 41 posts
Member
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JDBVY7UQ\mlw[1].exe moved successfully.
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\000a\MoviezChannelsInstaler.exe moved successfully.
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\000a\Panda Titanium Crack.zip.exe moved successfully.
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0021\Mafia Trainer!!!.exe moved successfully.
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0804\Mafia Trainer!!!.exe moved successfully.
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0c0c\CloneCD + crack.exe moved successfully.
C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0c0c\The world of lovers.txt.exe moved successfully.
C:\Program Files\RegCure\Uninstall moved successfully.
C:\Program Files\RegCure\Logs moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_September_27_08_10_47_09 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_September_24_08_15_27_36 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_September_17_08_16_46_31 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_September_13_08_13_44_17 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_September_12_08_13_08_34 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_September_09_08_20_21_31 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_October_26_08_08_38_15 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_October_15_08_12_15_34 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_October_14_08_10_53_03 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_October_12_08_11_06_11 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_October_07_08_20_00_31 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_October_02_08_10_37_59 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_November_29_08_11_02_09 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_November_26_08_15_38_15 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_November_24_08_19_15_45 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_November_21_08_00_05_41 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_November_09_08_09_23_33 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_November_05_08_13_37_03 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_November_03_08_20_39_32 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_31_08_00_20_00 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_28_08_12_03_41 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_26_09_00_03_04 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_26_08_11_57_13 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_24_09_20_46_33 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_24_08_20_13_48 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_22_09_16_54_01 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_22_09_00_32_27 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_20_08_22_00_19 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_19_08_20_06_04 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_19_08_15_24_55 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_18_08_21_12_57 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_18_08_19_25_13 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_18_08_13_12_39 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_17_09_22_48_58 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_15_08_16_04_10 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_13_09_12_23_33 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_12_08_23_19_53 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_12_08_17_48_41 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_11_09_17_24_13 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_11_08_20_12_27 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_10_09_23_19_42 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_10_08_22_55_23 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_10_08_22_06_46 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_10_08_17_16_56 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_10_08_16_47_01 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_09_09_16_08_11 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_07_09_20_00_10 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_07_08_15_33_30 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_07_08_12_42_15 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_06_08_18_46_15 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_06_08_10_11_49 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_May_01_09_14_38_19 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_March_28_09_15_44_42 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_March_24_09_17_58_01 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_March_11_09_18_20_16 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_March_11_09_17_06_02 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_March_07_09_16_01_39 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_March_04_09_15_30_27 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_29_08_16_04_02 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_26_08_11_17_38 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_19_08_03_06_23 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_18_08_20_16_10 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_16_08_16_36_42 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_16_08_16_35_58 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_16_08_16_34_25 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_16_08_16_34_00 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_16_08_16_32_56 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_12_08_13_10_56 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_11_08_12_15_55 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_08_08_14_03_31 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_06_08_22_10_03 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_06_08_18_02_06 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_02_08_15_09_40 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_June_01_08_12_15_12 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_23_08_12_05_57 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_22_08_17_00_04 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_21_08_13_54_53 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_20_08_15_11_47 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_17_08_19_39_17 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_17_08_15_01_17 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_15_08_14_55_29 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_12_08_13_07_43 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_08_08_19_49_37 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_07_08_19_11_07 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_05_08_17_03_00 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_04_08_20_09_36 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_July_02_08_22_24_14 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_January_29_09_21_01_30 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_January_25_09_14_09_11 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_January_24_09_14_06_00 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_January_21_09_13_15_21 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_January_19_09_20_14_31 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_January_17_09_17_03_07 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_January_16_09_16_33_17 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_January_14_09_20_02_58 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_January_08_09_19_56_29 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_January_05_09_17_03_05 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_January_04_09_22_37_21 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_26_09_14_37_05 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_24_09_19_23_31 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_21_09_16_16_30 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_17_09_19_52_06 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_16_09_17_27_50 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_13_09_14_53_08 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_12_09_10_26_39 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_10_09_19_53_01 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_08_09_13_06_59 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_06_09_20_03_42 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_04_09_12_31_30 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_February_02_09_14_43_53 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_December_31_08_17_03_09 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_December_30_08_18_58_36 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_December_28_08_19_59_44 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_December_26_08_19_32_23 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_December_17_08_13_31_08 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_December_06_08_10_18_16 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_December_05_08_13_09_31 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_December_02_08_13_46_24 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_December_01_08_16_30_39 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_August_30_08_17_11_29 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_August_29_08_11_51_38 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_August_27_08_13_58_40 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_August_24_08_14_31_34 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_August_23_08_19_35_35 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_August_22_08_14_56_35 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_August_21_08_11_40_32 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_August_14_08_21_43_01 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_August_10_08_11_03_01 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_August_06_08_11_10_33 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_August_05_08_19_09_29 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_April_29_09_19_33_15 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_April_27_09_14_40_39 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_April_25_09_15_04_57 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_April_23_09_19_19_29 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_April_20_09_17_03_11 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_April_14_09_15_47_29 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_April_08_09_14_11_35 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_April_06_09_16_39_52 moved successfully.
C:\Program Files\RegCure\Backup\RegCureBak_April_02_09_08_58_42 moved successfully.
C:\Program Files\RegCure\Backup moved successfully.
C:\Program Files\RegCure moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_GZ9Ogoge7jlikiWbMqZF scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_d0c.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\XFJPN9U6\client_ad[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VERZ9W9Z\st[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTM by OldTimer - Version 2.1.0.0 log created on 05272009_193952
Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_GZ9Ogoge7jlikiWbMqZF not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_d0c.dat not found!
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\XFJPN9U6\client_ad[1].htm not found!
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VERZ9W9Z\st[1] not found!
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\XUL.mfl moved successfully.
Registry entries deleted on Reboot...
#13
Posted 27 May 2009 - 01:36 PM
-
- Retired Staff
-
- 5,152 posts
R.I.P.
Download and scan with SUPERAntiSpyware Free for Home Users
- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
- Under "Configuration and Preferences", click the Preferences button.
- Click the Scanning Control tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Click the "Close" button to leave the control center screen.
- Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan.
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply. - Click Close to exit the program.
#14
Posted 27 May 2009 - 02:44 PM
- Topic Starter
-
- Member
-
- 41 posts
Member
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/27/2009 at 09:31 PM
Application Version : 4.26.1004
Core Rules Database Version : 3912
Trace Rules Database Version: 1856
Scan type : Complete Scan
Total Scan Time : 00:40:05
Memory items scanned : 468
Memory threats detected : 0
Registry items scanned : 5381
Registry threats detected : 9
File items scanned : 25730
File threats detected : 4
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
Rogue.Component/Trace
HKLM\Software\Microsoft\88B2DE46
HKLM\Software\Microsoft\88B2DE46#88b2de46
HKLM\Software\Microsoft\88B2DE46#rid
HKLM\Software\Microsoft\88B2DE46#aid
HKLM\Software\Microsoft\88B2DE46#Version
HKLM\Software\Microsoft\88B2DE46#red_srv
HKLM\Software\Microsoft\88B2DE46#red_srv_bckp
HKLM\Software\Microsoft\88B2DE46#88b273c6
HKLM\Software\Microsoft\88B2DE46#88b21a23
Trojan.Dropper/Gen-NV
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\916653139.EXE
Trojan.Agent/Gen-Keygen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D94C13D3-D156-4C80-A344-890C48E1CB46}\RP466\A0054902.EXE
#15
Posted 28 May 2009 - 01:09 PM
-
- Retired Staff
-
- 5,152 posts
R.I.P.
Step #1
Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.
Please go to the link below to update.
http://www.adobe.com.../readstep2.html
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systemsUpgrading Java:
- Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
- Click the "Download" button to the right.
- Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
- Click on Continue.
- Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")
Step #2
Download TFC by OldTimer to your desktop
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
- Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Step #3
I see you have already ran RSIT, but if you do not still have it still, please
- Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
