Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spyware.onlinegames, rogue multiple, trojan.dropper, trojan.bho, malwa


  • Please log in to reply

#1
bubblleboi

bubblleboi

    Member

  • Member
  • PipPip
  • 83 posts
Hi and thanks ahead of time to whomever it is that will be helping me with my computer infection.

Here's some background:

I followed the "malware and spyware cleaning guide"
I also did a kaspersky online scan by following the link from another topic.

Upon following the step to do the OTL scan, i cannot find an extras.txt that was supposed to be created after doing the OTL scan.

Here is the OTL.txt

OTL logfile created on: 1/29/2010 06:16:08 PM - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Christian\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 120.01 Gb Total Space | 41.97 Gb Free Space | 34.97% Space Free | Partition Type: NTFS
Drive D: | 23.03 Gb Total Space | 22.97 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-A5207684
Current User Name: Christian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/29 13:50:50 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian\Desktop\OTL.exe
PRC - [2009/11/24 15:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 15:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 15:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/10 23:08:18 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/08/05 10:34:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/18 13:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/12/18 12:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 16:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 18:04:00 | 01,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 18:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007/06/27 18:03:40 | 00,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2003/09/12 17:27:46 | 00,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2003/08/22 08:22:28 | 00,045,056 | ---- | M] (Chicony) -- C:\Program Files\Sony\sHotKey\SHOTKEY.exe
PRC - [2003/08/13 11:23:00 | 00,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 11:07:22 | 00,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
PRC - [2003/05/23 09:43:00 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2002/11/22 11:49:24 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
PRC - [2002/11/22 11:49:22 | 00,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\hphipm11.exe
PRC - [2002/11/22 11:48:32 | 00,348,160 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon04.exe
PRC - [2002/08/20 09:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (SafeList) ==========

MOD - [2010/01/29 13:50:50 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian\Desktop\OTL.exe
MOD - [2003/06/23 13:20:14 | 00,028,672 | ---- | M] (Chicony) -- C:\Program Files\Sony\sHotKey\SHOTKEY.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 15:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 15:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 15:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 15:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/05 10:34:37 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/15 20:20:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/06/29 18:16:56 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/06/27 18:04:00 | 00,279,848 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/08/02 13:18:49 | 00,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/11/02 16:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2003/09/12 17:27:46 | 00,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2003/09/09 10:50:44 | 01,277,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/08/28 11:37:14 | 00,925,696 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/08/28 11:34:08 | 00,503,897 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/08/28 10:37:06 | 00,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2003/08/28 10:37:06 | 00,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/08/28 10:37:06 | 00,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2003/08/13 11:23:00 | 00,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 11:10:04 | 00,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 11:07:22 | 00,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)
SRV - [2003/07/15 11:05:26 | 00,724,992 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2003/07/15 11:05:26 | 00,724,992 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/07/15 11:05:26 | 00,724,992 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2002/12/24 10:01:22 | 00,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2002/11/22 11:49:22 | 00,077,824 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://hypebeast.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.9.15079
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..google.toolbar.linkdoctor.backup.keyword.enabled: true
FF - prefs.js..keyword.URL: "about:neterror?e=query&u="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 23:04:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 21:07:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/11/28 11:48:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/11/28 11:48:01 | 00,000,000 | ---D | M]

[2008/09/21 18:06:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Mozilla\Extensions
[2010/01/28 21:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\qpo1c292.default\extensions
[2010/01/10 21:30:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\qpo1c292.default\extensions\[email protected]
[2010/01/22 21:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\qpo1c292.default\extensions\[email protected](2).tp
[2009/12/19 09:34:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\qpo1c292.default\extensions\[email protected]
[2009/04/25 22:34:21 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\qpo1c292.default\searchplugins\mozilla-add-ons.xml
[2009/01/07 08:43:39 | 00,002,192 | ---- | M] () -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\qpo1c292.default\searchplugins\qtl.xml
[2009/11/14 15:36:32 | 00,002,013 | ---- | M] () -- C:\Documents and Settings\Christian\Application Data\Mozilla\Firefox\Profiles\qpo1c292.default\searchplugins\urban-dictionary.xml
[2010/01/29 18:14:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/09/04 18:58:14 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [sHotKey] C:\Program Files\SONY\sHotKey\sHotKey.exe (Chicony)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/16 09:40:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/09/16 09:40:23 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/29 13:51:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christian\Desktop\gmer
[2010/01/29 13:50:50 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christian\Desktop\OTL.exe
[2010/01/24 14:03:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christian\My Documents\Command and Conquer Generals Data
[2010/01/22 21:55:50 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/22 21:54:12 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Christian\Desktop\erunt_setup.exe
[2010/01/22 21:46:25 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christian\Desktop\TFC.exe
[2010/01/16 14:14:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christian\Desktop\ntldrr
[2009/01/13 21:57:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/01/13 21:55:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/01/13 21:55:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/01/13 21:55:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/24 20:08:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2003/09/16 09:30:26 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 14 Days ==========

[2010/01/29 18:08:45 | 00,000,420 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/01/29 14:06:27 | 00,171,088 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/01/29 14:05:27 | 00,000,278 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Login.job
[2010/01/29 14:00:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/29 14:00:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/29 13:50:50 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian\Desktop\OTL.exe
[2010/01/29 13:50:36 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Christian\Desktop\gmer.zip
[2010/01/29 13:46:09 | 00,003,034 | ---- | M] () -- C:\Documents and Settings\Christian\Desktop\kaspersky report.html
[2010/01/28 21:04:32 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/24 16:06:31 | 08,794,112 | ---- | M] () -- C:\Documents and Settings\Christian\ntuser.dat
[2010/01/24 16:06:30 | 00,028,740 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-0000000B-00001102-00000004-00541102}.rfx
[2010/01/24 16:06:30 | 00,028,740 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-0000000B-00001102-00000004-00541102}.rfx
[2010/01/24 16:06:30 | 00,026,640 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-0000000B-00001102-00000004-00541102}.rfx
[2010/01/24 16:06:30 | 00,026,640 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-0000000B-00001102-00000004-00541102}.rfx
[2010/01/24 16:06:30 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/01/24 16:06:30 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/01/24 16:06:30 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-0000000B-00001102-00000004-00541102}.dat
[2010/01/24 16:06:30 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-0000000B-00001102-00000004-00541102}.dat
[2010/01/24 16:06:22 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Christian\ntuser.ini
[2010/01/24 16:06:09 | 07,555,002 | -H-- | M] () -- C:\Documents and Settings\Christian\Local Settings\Application Data\IconCache.db
[2010/01/24 14:03:15 | 00,002,108 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Generals.lnk
[2010/01/22 23:19:19 | 00,001,901 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Generals Zero.lnk
[2010/01/22 21:55:51 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Christian\Desktop\NTREGOPT.lnk
[2010/01/22 21:55:51 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Christian\Desktop\ERUNT.lnk
[2010/01/22 21:54:13 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Christian\Desktop\erunt_setup.exe
[2010/01/22 21:46:26 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian\Desktop\TFC.exe
[2010/01/20 21:08:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/20 16:20:49 | 00,235,372 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2010/01/16 14:16:18 | 00,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk

========== Files Created - No Company Name ==========

[2010/01/29 13:50:35 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Christian\Desktop\gmer.zip
[2010/01/29 13:46:09 | 00,003,034 | ---- | C] () -- C:\Documents and Settings\Christian\Desktop\kaspersky report.html
[2010/01/22 23:19:19 | 00,002,108 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Generals.lnk
[2010/01/22 23:19:19 | 00,001,901 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Generals Zero.lnk
[2010/01/22 21:55:51 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Christian\Desktop\NTREGOPT.lnk
[2010/01/22 21:55:51 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Christian\Desktop\ERUNT.lnk
[2010/01/22 21:28:13 | 00,000,278 | ---- | C] () -- C:\WINDOWS\tasks\HP Usg Login.job
[2010/01/21 18:43:09 | 08,794,112 | ---- | C] () -- C:\Documents and Settings\Christian\ntuser.dat
[2009/09/12 14:51:28 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/28 11:38:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/07 13:10:11 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Christian\Application Data\PnkBstrK.sys
[2009/04/17 05:42:14 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/09 15:15:52 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/19 22:19:12 | 00,003,274 | ---- | C] () -- C:\Documents and Settings\Christian\Application Data\com.kennettnet.MusicRescue.plist
[2009/03/19 22:19:11 | 00,000,647 | ---- | C] () -- C:\Documents and Settings\Christian\Application Data\com.kennettnet.MusicRescueProfiles.plist
[2008/10/12 13:07:33 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2008/09/21 17:27:01 | 00,000,791 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2008/09/21 17:24:38 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\Christian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/21 17:24:38 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Christian\Local Settings\Application Data\fusioncache.dat
[2008/05/16 13:01:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 13:01:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 13:01:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/02/11 08:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 08:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 12:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/07/27 13:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 13:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/04/12 07:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2005/12/05 18:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 11:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/08/02 13:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/12/07 19:21:10 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\xfire_lsp_10650.dll
[2003/11/12 02:54:00 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/16 13:10:05 | 00,000,911 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/09/16 13:05:05 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/09/16 13:03:25 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/09/16 13:02:51 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/09/16 11:15:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/16 09:31:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/09/16 09:30:56 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/09/16 09:30:43 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/09/16 09:30:26 | 00,052,992 | ---- | C] () -- C:\WINDOWS\System32\UPDDRV9X.DLL
[2003/09/16 09:30:22 | 00,005,503 | ---- | C] () -- C:\WINDOWS\System32\ctucom.ini
[2003/09/16 09:30:22 | 00,000,028 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/09/16 09:30:19 | 00,000,192 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2003/09/16 09:30:19 | 00,000,092 | ---- | C] () -- C:\WINDOWS\System32\editinf.ini
[2003/09/16 09:30:04 | 00,000,732 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/11/22 11:50:06 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/06/12 11:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== LOP Check ==========

[2010/01/07 17:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/07/24 18:07:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2009/08/05 10:35:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/04/16 20:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/11 20:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/11 21:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 14:54:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/09/24 14:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\.BitTornado
[2008/09/25 21:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Aim
[2008/09/24 16:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Audacity
[2009/08/22 12:03:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\CopyTrans
[2008/11/25 22:21:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\GetRightToGo
[2009/06/30 21:27:36 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Christian\Application Data\ijjigame
[2009/09/25 17:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\ImgBurn
[2008/10/16 18:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\InterVideo
[2009/07/07 14:16:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\IObit
[2009/04/11 21:40:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Moyea
[2009/10/31 10:21:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\SystemRequirementsLab
[2009/07/24 18:07:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Systweak
[2008/09/24 13:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/09/21 20:35:44 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/27 20:10:29 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/21 20:35:44 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/27 20:10:29 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/30 04:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/09/21 20:35:44 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/27 20:10:29 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/07/30 04:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2008/09/21 20:35:44 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/27 20:10:29 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/07/30 04:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\cache\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/15 18:24:02 | 00,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >

Here is the ark.txt from doing the gmer rootkit step in the malware and spyware cleaning guide.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-29 18:13:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\kgxyqaog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xACE1B6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xACE1B574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xACE1BA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xACE1B14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xACE1B64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xACE1B08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xACE1B0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xACE1B76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xACE1B72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xACE1B8AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


I can also include the kaspersky scan if you'd like. i just wasn't sure whether or not i should post it in here.

Here is a picture of what is in the quarantine section of MBAM to help provide more info: http://i265.photobuc...leboi/maaaa.jpg

And here is what is inside of my avast! chest: http://i265.photobuc...akjdflkjsdf.jpg

Thanks again!

Edited by bubblleboi, 30 January 2010 - 10:29 PM.

  • 0

Advertisements


#2
bubblleboi

bubblleboi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
and this just turned up when i ran an MBAM scan today: http://i265.photobuc...lleboi/worm.jpg
  • 0

#3
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello bubblleboi

Welcome to G2Go. :)
=====================
Hi do you still have this problem?
If so please update mbam and run another scan remove what it finds and post that log.
  • 0

#4
bubblleboi

bubblleboi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Here's the log:

Malwarebytes' Anti-Malware 1.44
Database version: 3703
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/7/2010 03:40:41 PM
mbam-log-2010-02-07 (15-40-41).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 250987
Time elapsed: 1 hour(s), 50 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
K:\autorun.inf (Worm.Agent.H) -> Delete on reboot.
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please plug in whatever drive is H: before doing the following.

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.
=============
After that Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#6
bubblleboi

bubblleboi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
hi, sorry for such a late reply. I am not sure what was in drive H, because i normally do not have any external drives plugged into my computer. However, i do have a portable drive so i plugged that one in and then ran the flash disinfector. Then i ran combofix and here is the log that combofix made after it finished,

ComboFix 10-03-04.02 - Christian 03/04/2010 18:55:59.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1364 [GMT -8:00]
Running from: c:\documents and settings\Christian\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100304-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Windows Media Player\pidgen.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-02-14 04:54 . 2010-02-14 04:54 -------- d-----w- c:\program files\iPod
2010-02-14 04:53 . 2010-02-14 04:54 -------- d-----w- c:\program files\iTunes
2010-02-14 04:48 . 2010-02-14 04:48 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 02:40 . 2008-09-25 00:29 -------- d-----w- c:\program files\Warcraft III
2010-03-05 01:05 . 2010-01-09 22:23 -------- d-----w- c:\documents and settings\Christian\Application Data\Skype
2010-03-05 01:03 . 2009-07-07 21:54 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000003-00000000-0000000B-00001102-00000004-00541102}.dat
2010-03-05 01:03 . 2009-07-07 21:54 288 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-0000000B-00001102-00000004-00541102}.dat
2010-02-14 05:55 . 2009-07-30 18:19 -------- d-----w- c:\documents and settings\Christian\Application Data\vlc
2010-02-14 04:54 . 2008-09-24 03:25 -------- d-----w- c:\program files\Common Files\Apple
2010-02-06 00:05 . 2009-12-27 04:32 -------- d-----w- c:\program files\Steam
2010-01-30 22:19 . 2008-09-22 01:33 -------- d-----w- c:\program files\Microsoft Works
2010-01-24 21:42 . 2008-09-24 23:13 -------- d-----w- c:\program files\BITTORNADO STUFF
2010-01-23 05:55 . 2010-01-23 05:55 -------- d-----w- c:\program files\ERUNT
2010-01-21 00:20 . 2009-08-24 18:22 235372 ----a-w- c:\windows\War3Unin.dat
2010-01-12 20:12 . 2009-07-25 02:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 20:12 . 2009-08-03 20:05 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-11 00:06 . 2010-01-09 22:28 -------- d-----w- c:\documents and settings\Christian\Application Data\skypePM
2010-01-09 22:28 . 2010-01-09 22:28 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-09 22:23 . 2010-01-09 22:23 -------- d-----r- c:\program files\Skype
2010-01-09 22:23 . 2010-01-09 22:23 -------- d-----w- c:\program files\Common Files\Skype
2010-01-09 22:23 . 2010-01-09 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-08 01:26 . 2010-01-08 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2010-01-08 01:24 . 2010-01-08 01:24 -------- d-----w- c:\program files\RealArcade
2010-01-08 00:07 . 2009-07-25 02:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2009-07-25 02:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2003-09-16 17:29 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:21 . 2006-06-23 18:33 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-16 18:43 . 2003-09-16 17:37 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2003-09-16 17:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-16 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2003-07-03 49152]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton Internet Security.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton Internet Security.lnk
backup=c:\windows\pss\Norton Internet Security.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Christian^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Christian\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2005-08-03 18:28 67160 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-12-27 04:33 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Steam\\steamapps\\bubblleboi\\team fortress classic\\hl.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\bubblleboi\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [9/16/2003 09:30 AM 4736]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/24/2009 09:53 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/24/2009 09:53 PM 20560]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 01:10 PM 32512]
S2 mrtRate;mrtRate; [x]
S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?]
S3 cpuz129;cpuz129;c:\program files\PC Wizard 2008\pcwiz32.sys [6/30/2009 10:36 PM 9600]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7/7/2009 01:08 PM 12672]
.
Contents of the 'Scheduled Tasks' folder

2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-03-05 c:\windows\Tasks\HP Usg Login.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 19:50]

2010-03-05 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-09-22 16:04]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: xfire_lsp_10650.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Christian\Application Data\Mozilla\Firefox\Profiles\qpo1c292.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://hypebeast.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Christian\Application Data\Mozilla\Firefox\Profiles\qpo1c292.default\extensions\[email protected]\plugins\npWildPocketsLoader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Command & Conquer - c:\program\EA GAMES\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 19:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\xfire_lsp_10650.dll
.
Completion time: 2010-03-04 19:04:36
ComboFix-quarantined-files.txt 2010-03-05 03:04

Pre-Run: 44,500,893,696 bytes free
Post-Run: 44,709,928,960 bytes free

- - End Of File - - 41E4F28F637FBEA72792187B523B08A5

Edited by bubblleboi, 04 March 2010 - 09:07 PM.

  • 0

#7
bubblleboi

bubblleboi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
when i ran another MBAM scan, this infection was found: http://i265.photobuc...leboi/still.jpg

What action should i take?
  • 0

#8
bubblleboi

bubblleboi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
so yea, i ended up clicking remove selected because i needed to turn off my computer
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Sorry didn't know you had replied.

PLease plug in your flash drive

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.
===============
After that reboot then plug back in the flash drive and rescan it with mbam if it detects it once more then remove it.
Repeat those steps once more then rescan the drive.

Let me know how it goes.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP