Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virtumondo + koobface mbam wont run

Started by camster98 , Dec 06 2009 06:49 PM

  • Please log in to reply

#1
camster98
Posted 06 December 2009 - 06:49 PM

camster98

    Member

  • Member
  • PipPipPip
  • 135 posts
today i noticed most apps wont open. no error messages nothing. scaned with avast win32:rootkit-gen was found in a few files. mbam wont run. cant load most antivirus sites.
OTL logfile created on: 12/6/2009 6:06:30 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Users\greg\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 97.99% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.59 Gb Total Space | 261.34 Gb Free Space | 90.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREG-PC
Current User Name: greg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/06 18:00:45 | 00,557,568 | ---- | M] (OldTimer Tools) -- C:\Users\greg\Downloads\OTL.exe
PRC - [2009/12/06 17:56:22 | 00,038,400 | ---- | M] (Andreas Hausladen) -- C:\Windows\Temp\VRTDECC.tmp
PRC - [2009/12/05 21:46:21 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 17:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 17:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 17:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/06/12 23:05:22 | 00,057,608 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite\upeksvr.exe
PRC - [2008/09/29 16:07:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\collsvc.exe
PRC - [2008/09/16 11:53:49 | 02,947,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/16 11:51:12 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2008/09/09 12:57:52 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2006/11/02 03:46:03 | 00,067,584 | ---- | M] (Netopsystems AG) -- C:\Windows\System32\FastNetSrv.exe
PRC - [2006/11/02 03:46:03 | 00,061,440 | ---- | M] (xgyt pugd dqtc) -- C:\Windows\System32\lsm32.sys


========== Modules (SafeList) ==========

MOD - [2009/12/06 18:00:45 | 00,557,568 | ---- | M] (OldTimer Tools) -- C:\Users\greg\Downloads\OTL.exe
MOD - [2008/09/16 11:51:16 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 17:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/03 15:54:10 | 00,133,664 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2008/09/29 16:07:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel®
SRV - [2008/09/16 11:52:59 | 00,061,440 | ---- | M] () -- C:\Windows\System32\Iasv32.dll -- (Ias)
SRV - [2008/09/16 11:50:29 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 06:34:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 03:46:03 | 00,067,584 | ---- | M] (Netopsystems AG) -- C:\Windows\System32\FastNetSrv.exe -- (fastnetsrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/05 21:46:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/05 21:46:25 | 00,000,000 | ---D | M]

[2009/12/05 21:43:38 | 00,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Mozilla\Extensions
[2009/12/05 21:39:35 | 00,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\nurgp7f9.default\extensions
[2009/12/05 21:43:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [calc] C:\Windows\System32\calc.DLL File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [calc] C:\Windows\System32\config\SYSTEM~1\ntuser.DLL File not found
O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Unprotector] C:\Windows\TEMP\VRT6F0D.tmp File not found
O4 - Startup: C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3113068.lnk = C:\Users\greg\AppData\Local\Temp\mvNat.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Windows\system32\curslib.dll) - C:\Windows\System32\curslib.dll ()
O20 - AppInit_DLLs: (loguteyu.dll) - C:\Windows\System32\loguteyu.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c002DDA5: DllName - C:\Windows\system32\__c002DDA5.dat - C:\Windows\System32\__c002DDA5.dat (AIMP DevTeam)
O20 - Winlogon\Notify\__c00C1C08: DllName - C:\Windows\system32\__c00C1C08.dat - C:\Windows\System32\__c00C1C08.dat (AIMP DevTeam)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\Protector Suite\psqlpwd.dll - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O27 - HKLM IFEO\1.exe: Debugger - C:\WINDOWS\system32\ahui.exe File not found
O27 - HKLM IFEO\cmd.exe: Debugger - C:\WINDOWS\system32\ahui.exe File not found
O27 - HKLM IFEO\reader_s.exe: Debugger - C:\WINDOWS\system32\ahui.exe File not found
O27 - HKLM IFEO\regedit.exe: Debugger - C:\WINDOWS\system32\ahui.exe File not found
O27 - HKLM IFEO\servises.exe: Debugger - C:\WINDOWS\system32\ahui.exe File not found
O27 - HKLM IFEO\sys64_nov.exe: Debugger - C:\WINDOWS\system32\ahui.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Windows\system32\wincert.dll) - C:\Windows\System32\wincert.dll (Microsoft Corporation)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\Iasv32.dll ()
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/06 18:08:01 | 00,000,000 | ---D | C] -- C:\Users\greg\AppData\Roaming\Malwarebytes
[2009/12/06 18:07:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/06 18:07:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/06 18:02:27 | 00,000,000 | ---D | C] -- C:\Users\greg\AppData\Roaming\Protector Suite
[2009/12/06 16:54:49 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/12/06 16:54:34 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/12/06 16:54:34 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/12/06 16:54:31 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/05 22:34:07 | 00,000,000 | ---D | C] -- C:\Windows\Debug
[2009/12/05 22:28:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\x64
[2009/12/05 22:27:21 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/12/05 22:25:33 | 00,000,000 | ---D | C] -- C:\Windows\CSC
[2009/12/05 22:21:22 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/12/05 22:08:18 | 00,032,256 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\__c002DDA5.dat
[2009/12/05 22:08:12 | 00,071,680 | ---- | C] (Eset ) -- C:\sepepu.exe
[2009/12/05 22:06:51 | 00,032,256 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\__c00C1C08.dat
[2009/12/05 22:06:42 | 00,071,680 | ---- | C] (Eset ) -- C:\rinl.exe
[2009/12/05 22:00:59 | 00,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2009/12/05 21:56:17 | 00,000,000 | ---D | C] -- C:\Users\greg\Documents\My Drivers
[2009/12/05 21:56:17 | 00,000,000 | ---D | C] -- C:\Users\greg\AppData\Local\Innovative Solutions
[2009/12/05 21:56:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2009/12/05 21:53:30 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/12/05 21:53:13 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/12/05 21:50:10 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/12/05 21:49:32 | 00,000,000 | ---D | C] -- C:\Users\greg\AppData\Local\Downloaded Installations
[2009/12/05 21:48:40 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/12/05 21:48:23 | 00,000,000 | ---D | C] -- C:\Users\greg\AppData\Roaming\uTorrent
[2009/12/05 21:39:26 | 00,000,000 | ---D | C] -- C:\Users\greg\AppData\Roaming\Mozilla
[2009/12/05 21:39:26 | 00,000,000 | ---D | C] -- C:\Users\greg\AppData\Local\Mozilla
[2009/12/05 21:39:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)
[2009/12/05 21:39:04 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/12/05 21:33:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2009/12/05 21:33:44 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2009/12/05 21:33:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SPBA
[2009/12/05 21:33:10 | 00,000,000 | ---D | C] -- C:\Program Files\Protector Suite
[2009/12/05 21:33:06 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/12/05 21:31:11 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/12/05 21:30:48 | 01,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2009/12/05 21:30:48 | 01,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2009/12/05 21:30:48 | 00,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2009/12/05 21:30:48 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2009/12/05 21:30:48 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2009/12/05 21:30:48 | 00,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2009/12/05 21:30:48 | 00,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2009/12/05 21:30:48 | 00,160,256 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2009/12/05 21:30:48 | 00,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2009/12/05 21:30:48 | 00,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2009/12/05 21:30:48 | 00,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2009/12/05 21:30:48 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/12/05 21:30:47 | 00,000,000 | -H-D | C] -- C:\Program Files\Temp
[2009/12/05 21:30:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/12/05 21:30:16 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/12/05 21:30:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/12/05 21:29:34 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/12/05 21:28:21 | 00,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2009/12/05 21:28:20 | 00,000,000 | ---D | C] -- C:\Intel
[2009/12/05 21:27:10 | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2009/12/05 21:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\intel
[2009/12/05 21:26:29 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/12/05 21:26:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2009/12/05 20:37:41 | 00,000,000 | R--D | C] -- C:\Users\greg\Searches
[2009/12/05 20:37:35 | 00,000,000 | ---D | C] -- C:\Users\greg\AppData\Roaming\Identities
[2009/12/05 20:37:33 | 00,000,000 | R--D | C] -- C:\Users\greg\Contacts
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\AppData\Local\Temporary Internet Files
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\Templates
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\Start Menu
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\SendTo
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\Recent
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\PrintHood
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\NetHood
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\Documents\My Videos
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\Documents\My Pictures
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\Documents\My Music
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\My Documents
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\Local Settings
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\AppData\Local\History
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\Cookies
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\Application Data
[2009/12/05 20:37:30 | 00,000,000 | -HSD | C] -- C:\Users\greg\AppData\Local\Application Data
[2009/12/05 20:37:29 | 00,000,000 | --SD | C] -- C:\Users\greg\AppData\Roaming\Microsoft
[2009/12/05 20:37:29 | 00,000,000 | R--D | C] -- C:\Users\greg\Videos
[2009/12/05 20:37:29 | 00,000,000 | R--D | C] -- C:\Users\greg\Saved Games
[2009/12/05 20:37:29 | 00,000,000 | R--D | C] -- C:\Users\greg\Pictures
[2009/12/05 20:37:29 | 00,000,000 | R--D | C] -- C:\Users\greg\Music
[2009/12/05 20:37:29 | 00,000,000 | R--D | C] -- C:\Users\greg\Links
[2009/12/05 20:37:29 | 00,000,000 | R--D | C] -- C:\Users\greg\Favorites
[2009/12/05 20:37:29 | 00,000,000 | R--D | C] -- C:\Users\greg\Downloads
[2009/12/05 20:37:29 | 00,000,000 | R--D | C] -- C:\Users\greg\Documents
[2009/12/05 20:37:29 | 00,000,000 | R--D | C] -- C:\Users\greg\Desktop
[2009/12/05 20:37:29 | 00,000,000 | -H-D | C] -- C:\Users\greg\AppData
[2009/12/05 20:37:29 | 00,000,000 | ---D | C] -- C:\Users\greg\AppData\Local\Temp
[2009/12/05 20:37:29 | 00,000,000 | ---D | C] -- C:\Users\greg\AppData\Local\Microsoft
[2009/12/05 20:37:29 | 00,000,000 | ---D | C] -- C:\Users\greg\AppData\Roaming\Media Center Programs

========== Files - Modified Within 14 Days ==========

[2009/12/06 18:10:03 | 00,786,432 | -HS- | M] () -- C:\Users\greg\NTUSER.DAT
[2009/12/06 18:07:57 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/06 18:03:27 | 00,006,456 | -H-- | M] () -- C:\Windows\System32\vudujayo
[2009/12/06 18:00:33 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/06 18:00:33 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/06 18:00:33 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/06 17:56:38 | 00,032,256 | ---- | M] () -- C:\Windows\System32\6938222.exe
[2009/12/06 17:56:37 | 00,000,744 | ---- | M] () -- C:\Windows\System32\7359583.exe
[2009/12/06 17:55:21 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/06 17:55:20 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/06 17:55:20 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/06 17:55:05 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/06 17:16:56 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/12/06 17:16:45 | 00,524,288 | -HS- | M] () -- C:\Users\greg\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2009/12/06 17:16:45 | 00,524,288 | -HS- | M] () -- C:\Users\greg\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2009/12/06 17:16:45 | 00,065,536 | -HS- | M] () -- C:\Users\greg\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2009/12/06 17:16:22 | 01,780,256 | -H-- | M] () -- C:\Users\greg\AppData\Local\IconCache.db
[2009/12/06 16:54:50 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/12/06 16:54:49 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/12/05 22:31:04 | 00,110,966 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/12/05 22:30:50 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/12/05 22:28:12 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/12/05 22:25:07 | 00,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/05 22:08:09 | 00,075,264 | ---- | M] () -- C:\euaupd.exe
[2009/12/05 22:07:25 | 00,004,096 | ---- | M] () -- C:\Windows\System32\drivers\unpr.sys
[2009/12/05 22:07:00 | 00,020,172 | ---- | M] () -- C:\Windows\System32\t1p0_184276692427.b1k
[2009/12/05 22:06:51 | 00,000,056 | ---- | M] () -- C:\xcrashdump.dat
[2009/12/05 22:06:43 | 00,000,813 | -HS- | M] () -- C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2009/12/05 22:06:38 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/05 22:06:38 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/05 22:01:01 | 00,000,919 | ---- | M] () -- C:\Users\greg\Desktop\DriverMax.lnk
[2009/12/05 21:57:19 | 00,000,743 | ---- | M] () -- C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3113068.lnk
[2009/12/05 21:53:15 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/12/05 21:48:40 | 00,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/12/05 21:39:40 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/12/05 20:37:49 | 00,048,600 | ---- | M] () -- C:\Users\greg\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/05 20:37:30 | 00,000,020 | -HS- | M] () -- C:\Users\greg\ntuser.ini
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/24 17:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/11/24 17:49:48 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/11/24 17:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr

========== Files Created - No Company Name ==========

[2009/12/06 18:07:57 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/06 17:56:38 | 00,032,256 | ---- | C] () -- C:\Windows\System32\6938222.exe
[2009/12/06 17:56:37 | 00,000,744 | ---- | C] () -- C:\Windows\System32\7359583.exe
[2009/12/06 16:54:50 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/12/06 16:54:34 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/12/05 22:28:12 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/12/05 22:27:56 | 00,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/12/05 22:08:09 | 00,030,206 | ---- | C] () -- C:\dijp.exe
[2009/12/05 22:08:07 | 00,075,264 | ---- | C] () -- C:\euaupd.exe
[2009/12/05 22:07:25 | 00,004,096 | ---- | C] () -- C:\Windows\System32\drivers\unpr.sys
[2009/12/05 22:06:59 | 00,020,172 | ---- | C] () -- C:\Windows\System32\t1p0_184276692427.b1k
[2009/12/05 22:06:51 | 00,000,056 | ---- | C] () -- C:\xcrashdump.dat
[2009/12/05 22:06:38 | 00,075,264 | ---- | C] () -- C:\bvnidya.exe
[2009/12/05 22:06:38 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/12/05 22:06:38 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/12/05 22:06:37 | 00,030,206 | ---- | C] () -- C:\vttgyjt.exe
[2009/12/05 22:01:01 | 00,000,919 | ---- | C] () -- C:\Users\greg\Desktop\DriverMax.lnk
[2009/12/05 21:57:19 | 00,000,743 | ---- | C] () -- C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3113068.lnk
[2009/12/05 21:53:15 | 00,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2009/12/05 21:53:13 | 00,333,203 | RHS- | C] () -- C:\bootmgr
[2009/12/05 21:48:40 | 00,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/12/05 21:39:40 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/05 21:28:19 | 02,584,543 | ---- | C] () -- C:\Windows\System32\iglhxa32.cpa
[2009/12/05 21:28:19 | 00,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/12/05 21:28:19 | 00,058,811 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2009/12/05 21:28:19 | 00,058,602 | ---- | C] () -- C:\Windows\System32\iglhxg32.vp
[2009/12/05 21:28:19 | 00,058,602 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2009/12/05 21:28:19 | 00,045,028 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2009/12/05 21:28:19 | 00,001,073 | ---- | C] () -- C:\Windows\System32\iglhxa32.vp
[2009/12/05 21:28:18 | 00,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/12/05 21:28:18 | 00,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/12/05 21:28:18 | 00,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/12/05 21:25:34 | 00,001,724 | ---- | C] () -- C:\Users\greg\Desktop\Mozilla Firefox.lnk
[2009/12/05 20:37:30 | 00,524,288 | -HS- | C] () -- C:\Users\greg\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2009/12/05 20:37:30 | 00,524,288 | -HS- | C] () -- C:\Users\greg\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2009/12/05 20:37:30 | 00,065,536 | -HS- | C] () -- C:\Users\greg\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2009/12/05 20:37:30 | 00,000,020 | -HS- | C] () -- C:\Users\greg\ntuser.ini
[2009/12/05 20:37:29 | 00,786,432 | -HS- | C] () -- C:\Users\greg\NTUSER.DAT
[2009/09/06 16:49:41 | 00,045,568 | -HS- | C] () -- C:\Windows\System32\wadiwuti.dll
[2009/09/06 16:49:40 | 00,039,424 | -HS- | C] () -- C:\Windows\System32\fuzosoni.dll
[2009/09/05 22:06:40 | 00,052,736 | -HS- | C] () -- C:\Windows\System32\yijokuwu.dll
[2009/09/05 22:06:40 | 00,052,736 | -HS- | C] () -- C:\Windows\System32\togitata.dll
[2009/09/05 22:06:40 | 00,052,736 | -HS- | C] () -- C:\Windows\System32\loguteyu.dll
[2008/09/17 07:16:24 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1537.dll
[2008/09/16 11:58:20 | 00,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/09/16 11:53:33 | 00,031,744 | ---- | C] () -- C:\Windows\System32\curslib.dll
[2008/09/16 11:52:59 | 00,061,440 | ---- | C] () -- C:\Windows\System32\Iasv32.dll
[2008/09/16 11:52:59 | 00,061,440 | ---- | C] () -- C:\Windows\System32\FastUv32.dll
[2008/09/16 11:52:59 | 00,002,432 | ---- | C] () -- C:\Windows\System32\winmes.sys
[2006/11/02 06:34:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:46:03 | 00,044,544 | ---- | C] () -- C:\Windows\System32\BtwSrv.dll
[2006/11/02 03:46:03 | 00,000,003 | ---- | C] () -- C:\Windows\System32\FInstall.sys
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/12/06 18:02:27 | 00,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Protector Suite
[2009/12/06 17:16:25 | 00,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\uTorrent
[2009/12/06 17:16:57 | 00,001,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/12/05 22:08:09 | 00,075,264 | ---- | M] () -- C:\euaupd.exe


< MD5 for: AGP440.SYS >
[2008/09/16 11:47:49 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/09/16 11:47:49 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/09/16 11:47:49 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/09/16 11:47:48 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/09/16 11:47:48 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/09/16 11:47:48 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006/11/22 08:58:10 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2006/11/22 08:58:10 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2006/11/22 08:58:10 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/07/20 06:14:44 | 00,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\iaStor.sys
[2008/07/20 06:14:44 | 00,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008/07/20 06:14:44 | 00,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_649e6da2\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/09/16 11:49:46 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/09/16 11:49:46 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/09/16 11:49:46 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/09/16 11:52:27 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/09/16 11:52:27 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/09/16 11:49:39 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/09/16 11:49:39 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/09/16 11:49:39 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/09/16 11:55:47 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/09/16 11:55:47 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL Extras logfile created on: 12/6/2009 6:06:30 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Users\greg\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 97.99% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.59 Gb Total Space | 261.34 Gb Free Space | 90.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREG-PC
Current User Name: greg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11729BDD-16E3-44C9-B7C4-B122AEBC32A8}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{26187809-BC76-48A8-88EC-6F0F6386E728}" = protocol=6 | dir=in | app=c:\users\greg\appdata\local\temp\mvnat.exe |
"{2891AB8A-1CA6-4BA3-B34B-1842BCA76606}" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe |
"{2CD346DD-2429-465A-9DA2-75A9A3F07FF0}" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"{4014A864-5013-472B-A67E-51E202C6475C}" = protocol=6 | dir=in | app=c:\users\greg\appdata\local\temp\audiodgt.exe |
"{6F8A48BC-1D74-4CE1-8B16-ED6F601E5C30}" = protocol=6 | dir=in | app=c:\windows\system32\logonui.exe |
"{9640A5A2-F6F5-4548-9019-D2456EB29524}" = protocol=17 | dir=in | app=c:\windows\system32\logonui.exe |
"{9E08B8F6-ED6C-4BDD-B173-A9E58539B896}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{AD8E693E-AAFF-4525-8989-4FDE12FC7601}" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"{AE2E6E32-1A03-4427-BEA0-FD398E0D0296}" = protocol=17 | dir=in | app=c:\users\greg\appdata\local\temp\mvnat.exe |
"{B7FE3CCD-8729-40D3-8E58-2DD5D000D7CF}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{CBAC5FA8-CC64-4F64-A6A9-14B0AC57F558}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CCDF50F1-A131-4222-BF83-82393546FBE6}" = protocol=17 | dir=in | app=c:\users\greg\appdata\local\temp\audiodgt.exe |
"{DFAC08AF-4BCC-4ECA-80AF-0157DDC8ABCB}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{E6388165-542F-489C-A58A-1FA30C51FE5C}" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe |
"{EB26ADA6-55DE-4717-82CE-3A483B9AA8FD}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{7010F660-F97B-4565-9BA2-F985FFFB42B1}" = VAIO Mode Switch
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"avast!" = avast! Antivirus
"DMX5_is1" = DriverMax 5
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2009 7:56:47 PM | Computer Name = greg-PC | Source = Application Error | ID = 1000
Description = Faulting application igfxsrvc.exe, version 7.14.10.1537, time stamp
0x488fabd9, faulting module igfxsrvc.exe, version 7.14.10.1537, time stamp 0x488fabd9,
exception code 0xc0000005, fault offset 0x00006f93, process id 0xfcc, application
start time 0x01ca76cfc5080771.

Error - 12/6/2009 7:56:51 PM | Computer Name = greg-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 6.0.6001.18000,
time stamp 0x8ee72967, faulting module curslib.dll, version 6.0.88.4, time stamp
0x4b168454, exception code 0xc0000005, fault offset 0x00006229, process id 0xa58,
application start time 0x01ca76cfc70ef331.

Error - 12/6/2009 7:56:53 PM | Computer Name = greg-PC | Source = Application Error | ID = 1000
Description = Faulting application unregmp2.exe, version 11.0.6001.7008, time stamp
0x8ee72967, faulting module curslib.dll, version 6.0.88.4, time stamp 0x4b168454,
exception code 0xc0000005, fault offset 0x00006229, process id 0xba8, application
start time 0x01ca76cfc7115491.

Error - 12/6/2009 7:56:56 PM | Computer Name = greg-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 6.0.6001.18000,
time stamp 0x8ee72967, faulting module curslib.dll, version 6.0.88.4, time stamp
0x4b168454, exception code 0xc0000005, fault offset 0x00006229, process id 0xc08,
application start time 0x01ca76cfca08ab31.

Error - 12/6/2009 7:57:01 PM | Computer Name = greg-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchProtocolHost.exe, version 6.0.6001.18000,
time stamp 0x8ee72967, faulting module curslib.dll, version 6.0.88.4, time stamp
0x4b168454, exception code 0xc0000005, fault offset 0x00006229, process id 0xea4,
application start time 0x01ca76cfcd0725f1.

Error - 12/6/2009 7:57:23 PM | Computer Name = greg-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18000, time stamp
0x47918e5d, faulting module curslib.dll, version 0.0.0.0, time stamp 0x4b168454,
exception code 0xc0000005, fault offset 0x00006229, process id 0xc88, application
start time 0x01ca76cfb22a4191.

Error - 12/6/2009 7:58:24 PM | Computer Name = greg-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 6.0.6001.18000, time
stamp 0x47919483, faulting module curslib.dll, version 0.0.0.0, time stamp 0x4b168454,
exception code 0xc0000005, fault offset 0x00006229, process id 0x9a4, application
start time 0x01ca76cf9e2c7551.

Error - 12/6/2009 8:01:08 PM | Computer Name = greg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 12/6/2009 8:01:42 PM | Computer Name = greg-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x4b18b14e, faulting module svchost.exe, version 6.0.6001.18000, time stamp 0x4b18b14e,
exception code 0xc0000005, fault offset 0x000019fc, process id 0xbe4, application
start time 0x01ca76d073e2d8b1.

Error - 12/6/2009 8:05:03 PM | Computer Name = greg-PC | Source = Application Error | ID = 1000
Description = Faulting application ashAvast.exe, version 4.8.1367.0, time stamp
0x4b0c702e, faulting module curslib.dll, version 0.0.0.0, time stamp 0x4b168454,
exception code 0xc0000005, fault offset 0x00005e48, process id 0x10cc, application
start time 0x01ca76d0eb812931.

[ System Events ]
Error - 12/6/2009 6:54:50 PM | Computer Name = greg-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/6/2009 6:54:50 PM | Computer Name = greg-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/6/2009 6:54:50 PM | Computer Name = greg-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/6/2009 6:54:50 PM | Computer Name = greg-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/6/2009 7:55:22 PM | Computer Name = greg-PC | Source = HTTP | ID = 15016
Description =

Error - 12/6/2009 7:55:47 PM | Computer Name = greg-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/6/2009 7:55:47 PM | Computer Name = greg-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/6/2009 7:58:33 PM | Computer Name = greg-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/6/2009 7:59:03 PM | Computer Name = greg-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 12/6/2009 8:02:45 PM | Computer Name = greg-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/06 18:48
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: aswRdr.SYS
Image Path: C:\Windows\System32\Drivers\aswRdr.SYS
Address: 0x8FFE1000 Size: 15104 File Visible: No Signed: -
Status: -

Name: aswSP.SYS
Image Path: C:\Windows\System32\Drivers\aswSP.SYS
Address: 0x90271000 Size: 135168 File Visible: No Signed: -
Status: -

Name: aswTdi.SYS
Image Path: C:\Windows\System32\Drivers\aswTdi.SYS
Address: 0x8FF8F000 Size: 39104 File Visible: No Signed: -
Status: -

Name: dump_dumpfve.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x9035F000 Size: 69632 File Visible: No Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x82911000 Size: 888832 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAA1B7000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1324 Status: Locked to the Windows API!

SSDT
-------------------
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xaa1950b0

==EOF==

well after looking over the otl logs i can safely say that virtumondo is definitely present.
but non virtumundo synptoms are present so it may be a nice little bundle of stuff

Edited by camster98, 06 December 2009 - 06:56 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP