Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32 Taterf & Win32 Rimecud & Win32 Frethog [Solved]

Started by dragonskin29 , Jan 14 2010 11:40 PM

  • This topic is locked This topic is locked

#1
dragonskin29
Posted 14 January 2010 - 11:40 PM

dragonskin29

    Member

  • Member
  • PipPip
  • 49 posts
Well first my brother's laptop got infected through a pen drive. The very next day all 4 computers were infected, and me being the geeky guy realised that all the firewalls were somehow shut down.
Anyways I'll be formatting all the other 3 computers since they have been infected the most unable to surf the internet and they encountering BSODs.
However my desktop is somewhat clean because Microsft Security Essentials detected about 8 viruses and apparently cleaned them. After that I ran a MBAM scan and it cleaned around 6 viruses. The logs are below.

What I want to check now is, is my computer still infected and should I go for a format as well?

Here is teh 1st MBAM Log

Malwarebytes' Anti-Malware 1.44
Database version: 3548
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/13/2010 6:09:11 AM
mbam-log-2010-01-13 (06-09-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 230482
Time elapsed: 3 hour(s), 16 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{23CA5465-7565-4779-8FD1-DA2B461B85E1}\RP134\A0080494.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23CA5465-7565-4779-8FD1-DA2B461B85E1}\RP134\A0080495.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.



Here is the log today. Its clean. Also sorry but the first scan is a full scan.


Malwarebytes' Anti-Malware 1.44
Database version: 3548
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/15/2010 10:31:11 AM
mbam-log-2010-01-15 (10-31-11).txt

Scan type: Quick Scan
Objects scanned: 107776
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I read the Malware and Spyware Cleaning Guide cleaned out all the temp files, created a registry backup however I can't run Gmer the program crashes and I get a BSOD. I have no idea why. If there is any fix for this please tell me.

Here is the OTL Log.
Thanks for all the help! :)

OTL logfile created on: 1/15/2010 10:54:40 AM - Run 1
OTL by OldTimer - Version 3.1.24.1 Folder = C:\Documents and Settings\Althaf Hameez\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 83.47 Gb Free Space | 35.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 119.29 Mb Total Space | 57.35 Mb Free Space | 48.07% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALTHAFH
Current User Name: Althaf Hameez
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/15 10:24:53 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Althaf Hameez\My Documents\Downloads\OTL.exe
PRC - [2010/01/09 20:42:36 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/15 19:15:37 | 00,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/11/18 23:01:20 | 00,163,840 | ---- | M] () -- C:\Program Files\EyeDefender\EyeDefender.exe
PRC - [2009/11/17 01:28:38 | 00,839,168 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/09/06 12:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/01 10:58:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/05/16 08:45:52 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009/04/22 17:38:50 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/02/17 13:20:32 | 17,508,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/04/28 06:14:00 | 00,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/11/26 16:40:38 | 00,413,696 | ---- | M] (Eberhard Werle) -- C:\Program Files\Calibrize\CalibrizeResume.exe
PRC - [2004/08/04 06:26:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/01/15 10:24:53 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Althaf Hameez\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 06:27:02 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/06 12:38:06 | 00,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/09/01 10:58:03 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/08/23 09:53:29 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/05/16 08:45:52 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/05/15 21:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:2.1
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.7.20091104
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:2.0.25
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6
FF - prefs.js..extensions.enabledItems: {24d1fe20-76df-11de-8a39-0800200c9a66}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.85
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 20:42:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 20:42:48 | 00,000,000 | ---D | M]

[2009/07/08 21:46:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Extensions
[2010/01/13 17:55:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions
[2009/12/11 18:32:55 | 00,000,000 | ---D | M] (ANTHEM) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2009/07/24 22:16:11 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{24d1fe20-76df-11de-8a39-0800200c9a66}
[2009/09/26 20:56:25 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2009/11/05 21:47:29 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/11 18:32:58 | 00,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/12/11 18:33:01 | 00,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/01/08 20:16:19 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/07 22:52:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\[email protected]
[2009/07/10 13:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\[email protected]
[2009/11/07 22:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\yetanothersmoothscrolling@kataho
[2010/01/13 17:55:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/08 22:25:27 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/12/18 06:01:54 | 00,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [CalibrizeResume] C:\Program Files\Calibrize\CalibrizeResume.exe (Eberhard Werle)
O4 - HKCU..\Run: [CGFLoader] C:\Program Files\Calibrize\CalibrizeLoader.exe (Colorjinn)
O4 - HKCU..\Run: [EyeDefender] C:\Program Files\EyeDefender\EyeDefender.exe ()
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [TransBar] C:\Documents and Settings\Althaf Hameez\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe (AKSoftware)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/08 20:48:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\AutoRun\command - "" = F:\e9naq.exe -- File not found
O33 - MountPoints2\{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\open\Command - "" = F:\e9naq.exe -- File not found
O33 - MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\AutoRun\command - "" = wscript.exe bit2008_BEST4EVER.VBS
O33 - MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\open\Command - "" = wscript.exe bit2008_BEST4EVER.VBS
O33 - MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\Shell\AutoplaY\cOmmAnd - "" = fbyd.pif
O33 - MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\Shell\AutoRun\command - "" = fbyd.pif
O33 - MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\Shell\eXPlOre\COmmANd - "" = fbyd.pif
O33 - MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\Shell\Open\CoMmAnd - "" = fbyd.pif
O33 - MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\Shell\AutoRun\command - "" = wscript.exe bit2008_BEST4EVER.VBS
O33 - MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\Shell\open\Command - "" = wscript.exe bit2008_BEST4EVER.VBS
O33 - MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\AutoRun\command - "" = F:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\open\Command - "" = F:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\AutoRun\command - "" = F:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\ExploRE\CoMmaNd - "" = F:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\OPeN\commAnd - "" = F:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Install.bat -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\I\Shell\configure\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\I\Shell\install\command - "" = I:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/09 01:51:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765225245048832)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/15 10:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/01/15 10:37:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/15 10:37:02 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/14 20:42:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/01/14 20:40:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Althaf Hameez\Application Data\GlarySoft
[2010/01/14 20:36:09 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/01/14 19:11:39 | 00,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun503.exe
[2010/01/14 19:11:37 | 00,000,000 | ---D | C] -- C:\Program Files\TEKKEN 3
[2010/01/14 13:13:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Althaf Hameez\Desktop\Automobile
[2009/08/26 13:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/17 17:26:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/08/17 16:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2009/07/08 20:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/08 20:48:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/08 20:48:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/01/15 10:50:26 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{05907B57-49A5-43FD-A1AD-E45FD3B73D3F}.job
[2010/01/15 10:48:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/15 10:47:39 | 00,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/01/15 10:47:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/15 10:47:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/15 10:34:12 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\Althaf Hameez\NTUSER.DAT
[2010/01/15 10:34:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Althaf Hameez\ntuser.ini
[2010/01/14 20:36:17 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\Althaf Hameez\Desktop\Glary Utilities.lnk
[2010/01/14 19:19:25 | 11,230,294 | -H-- | M] () -- C:\Documents and Settings\Althaf Hameez\Local Settings\Application Data\IconCache.db
[2010/01/14 19:11:31 | 00,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun503.exe
[2010/01/14 13:11:32 | 07,730,800 | ---- | M] () -- C:\Documents and Settings\Althaf Hameez\Desktop\attachments_2010_01_14.zip
[2010/01/12 22:13:11 | 00,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Free Edition.job
[2010/01/10 20:50:39 | 00,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/01/10 19:59:12 | 01,183,744 | ---- | M] () -- C:\Documents and Settings\Althaf Hameez\My Documents\Bank.accdb
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/01/14 20:36:19 | 00,000,328 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/01/14 20:36:17 | 00,000,675 | ---- | C] () -- C:\Documents and Settings\Althaf Hameez\Desktop\Glary Utilities.lnk
[2010/01/14 13:08:47 | 07,730,800 | ---- | C] () -- C:\Documents and Settings\Althaf Hameez\Desktop\attachments_2010_01_14.zip
[2010/01/12 22:09:03 | 00,000,280 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Free Edition.job
[2009/12/17 20:29:42 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/12/07 16:27:39 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/12/01 01:03:46 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/10/18 07:42:47 | 00,000,096 | ---- | C] () -- C:\WINDOWS\System32\WinShake.ini
[2009/10/10 21:27:42 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\klif.sys
[2009/09/26 22:55:18 | 00,569,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/26 19:16:41 | 00,000,111 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/09/11 20:44:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/01 10:59:33 | 00,139,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/08/19 13:25:53 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/08/19 13:25:53 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/20 17:41:22 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2009/07/15 19:33:21 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/07/10 14:11:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\windowfx3.ini
[2009/07/10 14:10:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\windowfx2.ini
[2009/07/09 21:58:34 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Althaf Hameez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 00:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/06/06 18:13:06 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2004/07/17 17:06:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2009/08/19 14:01:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/08/13 15:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2009/07/15 21:39:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/11/11 18:08:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Amazon
[2009/12/04 21:39:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Any Audio Converter
[2009/12/02 20:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Any Video Converter
[2009/11/01 07:22:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Auslogics
[2009/12/07 16:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Canneverbe_Limited
[2009/08/19 14:01:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\DAEMON Tools Pro
[2009/09/10 18:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Flickroom.7F2D43979C1E442A06B65B60EA738890E1A9A99A.1
[2009/07/08 22:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Foxit
[2010/01/14 20:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\GlarySoft
[2009/08/26 11:21:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\GrabPro
[2009/07/30 19:53:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\ImgBurn
[2009/10/25 10:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\InfraRecorder
[2009/07/08 22:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\IObit
[2009/08/23 19:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\IrfanView
[2009/08/14 23:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\JGoodies
[2009/08/13 15:10:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Locktime
[2009/08/19 06:22:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\MechCAD
[2009/11/20 09:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\OpenDNS Updater
[2009/12/07 21:07:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Orbit
[2009/09/05 23:06:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Rainmeter
[2009/11/21 16:27:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\runic games
[2009/07/26 14:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Spesoft Text To MP3
[2009/11/12 22:15:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\TeraCopy
[2010/01/15 10:45:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\uTorrent
[2010/01/15 10:47:39 | 00,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/01/12 22:13:11 | 00,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Free Edition.job
[2010/01/15 10:50:26 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{05907B57-49A5-43FD-A1AD-E45FD3B73D3F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 00,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2004/08/04 06:35:44 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 00:06:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:35:44 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 00:10:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 04:29:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 06:26:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 06:26:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/07 00:16:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/04 06:26:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 06:26:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:26:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 06:26:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 05:42:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/05/16 09:09:20 | 00,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >

OTL Extras logfile created on: 1/15/2010 10:54:40 AM - Run 1
OTL by OldTimer - Version 3.1.24.1 Folder = C:\Documents and Settings\Althaf Hameez\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 83.47 Gb Free Space | 35.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 119.29 Mb Total Space | 57.35 Mb Free Space | 48.07% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALTHAFH
Current User Name: Althaf Hameez
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"80:TCP" = 80:TCP:*:Enabled:89

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe" = C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed -- ()
"C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War -- (Epic Games, Inc.)
"C:\Program Files\CrossLoop\CrossLoopConnect.exe" = C:\Program Files\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing -- (CrossLoop)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Activision\Prototype\prototypef.exe" = C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype™ -- (Activision)
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Documents and Settings\Althaf Hameez\My Documents\Downloads\fre_wxp_x86_en\binfre_wxp_x86_en\zsserver.exe" = C:\Documents and Settings\Althaf Hameez\My Documents\Downloads\fre_wxp_x86_en\binfre_wxp_x86_en\zsserver.exe:*:Enabled:ZoneOS ZoneScreen wizard -- (ZoneOS)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Althaf Hameez\Desktop\L4D2\Left 4 Dead 2\left4dead2.exe" = C:\Documents and Settings\Althaf Hameez\Desktop\L4D2\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E3CCCDC-3BB2-B5D5-A547-5F157E1BADB8}" = Catalyst Control Center Core Implementation
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{131C976E-E991-40FA-163F-B29022346F01}" = CCC Help English
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java™ SE Development Kit 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{48EB0E22-B055-44B5-B566-057F145CB7E7}" = ManicTime
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5A53992C-48D6-D4DB-75A7-5D13388DAB9A}" = ccc-core-static
"{5D8D5D01-4BF1-4524-B4D6-54A35E7140CC}" = Jazler Radio II
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AE858CD-7AD6-D9E6-627E-E452A71896E7}" = Catalyst Control Center Graphics Full Existing
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8BC8DA36-302D-14FA-55AE-5CAAF1CA4F25}" = Catalyst Control Center Graphics Light
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A44C8D37-B36B-D378-2201-97137494E339}" = ccc-utility
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B07DF6E6-9ECA-47F3-9B04-614DDFF34804}" = Fusion
"{B0D108B8-E6D7-8021-742D-165BA1802C6F}" = Flickroom
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB37C263-9B7F-6A1C-A1B8-333C3FB80614}" = ccc-core-preinstall
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DE5CD0E9-9296-788D-F082-54454791A65E}" = Catalyst Control Center Graphics Previews Common
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EBB15EA8-B7CF-E90C-B977-18777AFC63F0}" = Catalyst Control Center HydraVision Full
"{EC27630A-EAFB-AB2A-56CC-7F5189845D85}" = Catalyst Control Center Graphics Full New
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Any Audio Converter_is1" = Any Audio Converter 2.0.3
"Any Video Converter_is1" = Any Video Converter 2.7.7
"ATI Display Driver" = ATI Display Driver
"Atomic RAR Password Recovery_is1" = Atomic RAR Password Recovery 1.20
"Audacity_is1" = Audacity 1.2.6
"Calibrize_is1" = Calibrize 2.0
"CDisplay_is1" = CDisplay 1.8
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CrossLoop_is1" = CrossLoop 2.51
"Crysis WARHEAD®" = Crysis WARHEAD®
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Everything" = Everything 1.2.1.371
"Flickroom.7F2D43979C1E442A06B65B60EA738890E1A9A99A.1" = Flickroom
"Foxit Reader" = Foxit Reader
"Glary Utilities_is1" = Glary Utilities Pro 2.18.0.786
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"IrfanView" = IrfanView (remove only)
"JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"mIRC" = mIRC
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"OpenDNS Updater" = OpenDNS Updater 2.2
"Orbit_is1" = Orbit Downloader
"PowerISO" = PowerISO
"PRJPRO" = Microsoft Office Project Professional 2007
"Product_Name" = TEKKEN 3
"Rainmeter" = Rainmeter (remove only)
"Recuva" = Recuva (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"Runic Games Torchlight" = Torchlight
"ScanModule V5.1" = ScanModule V5.1
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SopCast" = SopCast 3.2.4
"Speccy" = Speccy
"Spesoft Text To MP3 Speaker_is1" = Spesoft Text To MP3 Speaker 1.00
"SShockDeinstallKey" = System Shock2
"StepMania" = StepMania (remove only)
"TeraCopy_is1" = TeraCopy 2.01
"ViGlance" = ViGlance
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.0.0
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WindowFX" = WindowFX
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EyeDefender" = EyeDefender 1.08
"TransBar" = TransBar
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2009 11:39:21 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =

Error - 9/4/2009 12:11:29 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =

Error - 9/19/2009 11:19:01 PM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =

Error - 10/4/2009 6:29:24 AM | Computer Name = ALTHAFH | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 10/4/2009 6:29:24 AM | Computer Name = ALTHAFH | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 10/12/2009 9:54:47 AM | Computer Name = ALTHAFH | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 10/21/2009 1:46:57 AM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 10/21/2009 1:47:03 AM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 10/31/2009 9:27:10 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =

Error - 10/31/2009 10:34:14 PM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application registration.exe, version 1.0.0.54, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

[ Application Events ]
Error - 8/27/2009 11:39:21 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =

Error - 9/4/2009 12:11:29 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =

Error - 9/19/2009 11:19:01 PM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =

Error - 10/4/2009 6:29:24 AM | Computer Name = ALTHAFH | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 10/4/2009 6:29:24 AM | Computer Name = ALTHAFH | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 10/12/2009 9:54:47 AM | Computer Name = ALTHAFH | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 10/21/2009 1:46:57 AM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 10/21/2009 1:47:03 AM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 10/31/2009 9:27:10 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =

Error - 10/31/2009 10:34:14 PM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application registration.exe, version 1.0.0.54, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

[ System Events ]
Error - 1/15/2010 1:02:37 AM | Computer Name = ALTHAFH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/15/2010 1:02:37 AM | Computer Name = ALTHAFH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/15/2010 1:03:05 AM | Computer Name = ALTHAFH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7034
Description = The NMSAccessU service terminated unexpectedly. It has done this
1 time(s).

Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Hamachi 2.0 Tunneling Engine service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/15/2010 1:18:00 AM | Computer Name = ALTHAFH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
  • 0

Advertisements

#2
dragonskin29
Posted 14 January 2010 - 11:56 PM

dragonskin29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
O and also I don't know if this would be important but these are the ones detected by Microsoft Security Essentials.

Posted Image
  • 0

#3
Essexboy
Posted 17 January 2010 - 11:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay - I will need a fresh look at your system plus an update on your symptoms

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#4
dragonskin29
Posted 17 January 2010 - 07:24 PM

dragonskin29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hey no probs abt the delay I can see how busy you all are :)
Sry for my delay but we are on 2 vastly different time zones :S

Anyways OTS log is attached as requested.
For my symptoms there are none actually I've removed the rest of the computers from the network and I'll be formatting them all soon. Somehow it didn't spread to mine.
However what I want to check are there any viruses doing something which isn't showing any symptoms, or if there has been a backdoor trojan leaving my system exposed.

Thanks :)Attached File  OTS.Txt   164.28KB   151 downloads
  • 0

#5
Essexboy
Posted 18 January 2010 - 01:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks quite good actually - there are several suspect mountpoints probably derived from the infected network systems, if they are legit they will re-establish next time you connect. But, I feel better safe than sorry

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\AutoRun\command -> 
YY -> \{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\AutoRun\command\\"" -> F:\e9naq.exe [F:\e9naq.exe]
YN -> \{3dd696f0-f935-11de-9b30-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\open\Command -> 
YY -> \{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\open\Command\\"" -> F:\e9naq.exe [F:\e9naq.exe]
YN -> \{79ce9b86-e962-11de-9afc-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\AutoRun\command -> 
YN -> \{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\AutoRun\command\\"" -> [wscript.exe bit2008_BEST4EVER.VBS]
YN -> \{79ce9b86-e962-11de-9afc-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\open\Command -> 
YN -> \{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\open\Command\\"" -> [wscript.exe bit2008_BEST4EVER.VBS]
YN -> \{c0b1c833-6c68-11de-833d-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\AutoplaY\cOmmAnd -> 
YN -> \{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\AutoplaY\cOmmAnd\\"" -> [fbyd.pif]
YN -> \{c0b1c833-6c68-11de-833d-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\AutoRun\command -> 
YN -> \{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\AutoRun\command\\"" -> [fbyd.pif]
YN -> \{c0b1c833-6c68-11de-833d-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\eXPlOre\COmmANd -> 
YN -> \{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\eXPlOre\COmmANd\\"" -> [fbyd.pif]
YN -> \{c0b1c833-6c68-11de-833d-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\Open\CoMmAnd -> 
YN -> \{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\Open\CoMmAnd\\"" -> [fbyd.pif]
YN -> \{d9af201d-915d-11de-99f6-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\Shell\AutoRun\command -> 
YN -> \{d9af201d-915d-11de-99f6-001fd008249b}\Shell\AutoRun\command\\"" -> [wscript.exe bit2008_BEST4EVER.VBS]
YN -> \{d9af201d-915d-11de-99f6-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\Shell\open\Command -> 
YN -> \{d9af201d-915d-11de-99f6-001fd008249b}\Shell\open\Command\\"" -> [wscript.exe bit2008_BEST4EVER.VBS]
YN -> \{e12d5f4a-b0d0-11de-9a53-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\AutoRun\command -> 
YY -> \{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\AutoRun\command\\"" -> F:\8xcrbho6.exe [F:\8xcrbho6.exe]
YN -> \{e12d5f4a-b0d0-11de-9a53-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\open\Command -> 
YY -> \{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\open\Command\\"" -> F:\8xcrbho6.exe [F:\8xcrbho6.exe]
YN -> \{e6457012-76b9-11de-9664-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\AutoRun\command -> 
YY -> \{e6457012-76b9-11de-9664-001fd008249b}\Shell\AutoRun\command\\"" -> F:\tmp.folder\restore.exe [F:\tmp.folder/restore.exe]
YN -> \{e6457012-76b9-11de-9664-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\ExploRE\CoMmaNd -> 
YY -> \{e6457012-76b9-11de-9664-001fd008249b}\Shell\ExploRE\CoMmaNd\\"" -> F:\tmp.folder\restore.exe [F:\tmp.folder/restore.exe]
YN -> \{e6457012-76b9-11de-9664-001fd008249b} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\OPeN\commAnd -> 
YY -> \{e6457012-76b9-11de-9664-001fd008249b}\Shell\OPeN\commAnd\\"" -> F:\tmp.folder\restore.exe [F:\tmp.folder/restore.exe]
[Files/Folders - Modified Within 30 Days]
NY ->  6 C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\*.tmp
[Custom Scans]
YY ->  install.exe -> C:\install.exe
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

THEN

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#6
dragonskin29
Posted 18 January 2010 - 07:08 PM

dragonskin29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
The OTS Log as Requested :)


All Processes Killed
[Registry - Safe List]
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\AutoRun\command\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\AutoRun\command not found.
File F:\e9naq.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dd696f0-f935-11de-9b30-001fd008249b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3dd696f0-f935-11de-9b30-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\open\Command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\open\Command not found.
File F:\e9naq.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79ce9b86-e962-11de-9afc-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\AutoRun\command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79ce9b86-e962-11de-9afc-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\open\Command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\open\Command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0b1c833-6c68-11de-833d-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\AutoplaY\cOmmAnd\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\AutoplaY\cOmmAnd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0b1c833-6c68-11de-833d-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\AutoRun\command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0b1c833-6c68-11de-833d-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\eXPlOre\COmmANd\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\eXPlOre\COmmANd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0b1c833-6c68-11de-833d-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\Open\CoMmAnd\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\sheLl\Open\CoMmAnd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9af201d-915d-11de-99f6-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\Shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\Shell\AutoRun\command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9af201d-915d-11de-99f6-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\Shell\open\Command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\Shell\open\Command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\AutoRun\command not found.
File F:\8xcrbho6.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\open\Command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\open\Command not found.
File F:\8xcrbho6.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6457012-76b9-11de-9664-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\AutoRun\command not found.
File F:\tmp.folder\restore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6457012-76b9-11de-9664-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\ExploRE\CoMmaNd\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\ExploRE\CoMmaNd not found.
File F:\tmp.folder\restore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6457012-76b9-11de-9664-001fd008249b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\OPeN\commAnd\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\OPeN\commAnd not found.
File F:\tmp.folder\restore.exe not found.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\APS5B.tmp deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\isp21.tmp\_Setup.dll deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\isp21.tmp folder deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\JETBA51.tmp deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\Loc\1033\Banner.gif deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\Loc\1033\Finish.rtf deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\Loc\1033\repairWellcome.rtf deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\Loc\1033\unFinish.rtf deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\Loc\1033\unWellcome.rtf deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\Loc\1033\Wellcome.rtf deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\Loc\1033 folder deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\Loc folder deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\AnimGif.dll deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\CABSetup.dll deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\CustomLicense.dll deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\Folder.ico deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\main_icon.ico deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\newadvsplash.dll deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\nsDialogs.dll deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\SETUP.RPT deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\System.dll deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp\TopInstall_EU.gif deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\nsx39.tmp folder deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\pdo51.tmp deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\set1D.tmp deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\wiz5.tmp deleted successfully.
C:\Documents and Settings\Althaf Hameez\Local Settings\Temp\~DF6069.tmp deleted successfully.
[Custom Scans]
C:\install.exe moved successfully.
[Empty Temp Folders]


User: All Users

User: Althaf Hameez
->Temp folder emptied: 276879538 bytes
->Temporary Internet Files folder emptied: 8049408 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 121129316 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 12612 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 609229 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1679106672 bytes

Total Files Cleaned = 1,989.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.19.1 fix logfile created on 01192010_062507

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Im running the MBAM scan at the moment Ill post up the log once it is done. Thanks a lot :)
  • 0

#7
dragonskin29
Posted 18 January 2010 - 07:15 PM

dragonskin29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Here is the MBAM log. It came out clean :)

Malwarebytes' Anti-Malware 1.44
Database version: 3596
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/19/2010 6:44:59 AM
mbam-log-2010-01-19 (06-44-59).txt

Scan type: Quick Scan
Objects scanned: 107463
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


No problems in running either scan
  • 0

#8
Essexboy
Posted 19 January 2010 - 12:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you noticing anything unusual, heavy disc activity or errors appearing ? As looking at your logs to date you appear to have dodged the bullet :)
  • 0

#9
dragonskin29
Posted 19 January 2010 - 06:52 PM

dragonskin29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Nope I dont notice any unusual high disc activity or errors. However I just tried it and I still can't run GMER half way through it crashes with a BSOD. Just wondering if it was related? I couldn't notice any error codes because the computer then automatically restarted.

Apart from that I dont notice any other errors. :) Thank God :)
  • 0

#10
Essexboy
Posted 20 January 2010 - 02:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That happens with GMER about 5% of the time for no rhyme nor reason

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


SPRING CLEAN

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#11
dragonskin29
Posted 20 January 2010 - 07:35 AM

dragonskin29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hey. Once again thanks a lot for all the help! It's great to know that it's clean, peace of mind finally! :)
Thanks for the Cleanup stuff!
  • 0

#12
Essexboy
Posted 20 January 2010 - 02:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#13
Essexboy
Posted 20 January 2010 - 02:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP