Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PSW.onlinegames3


  • Please log in to reply

#1
nihilzero

nihilzero

    New Member

  • Member
  • Pip
  • 2 posts
My World of Warcraft account has been hacked over a dozen times, pretty much every time I log in the account is compromised. None of my other financial data has been compromised to my knowledge, but I know it is in danger. AVG has detected this trojan when I run it while logging into WoW, but no virus scanner has been able to detect it or eliminate it otherwise. Here are the logs that I ran as instructed:

MBAB:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4172

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2010 10:57:50 AM
mbam-log-2010-06-06 (10-57-50).txt

Scan type: Quick scan
Objects scanned: 120273
Time elapsed: 8 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-06 11:15:35
Windows 5.1.2600 Service Pack 3
Running: 5x9s02e1.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgrcypog.sys


---- System - GMER 1.0.15 ----

SSDT spje.sys ZwEnumerateKey [0xF7768DA4]
SSDT spje.sys ZwEnumerateValueKey [0xF7769132]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8676C1F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

OTL:

OTL logfile created on: 6/6/2010 11:19:13 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 507.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 10.84 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 258.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 13.99 Gb Total Space | 13.91 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
Drive G: | 372.61 Gb Total Space | 300.40 Gb Free Space | 80.62% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/06 10:52:06 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/06/06 00:36:54 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/06 00:36:54 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/06 00:36:50 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/06 00:36:45 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/06 00:36:15 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/06 00:35:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/20 14:56:44 | 000,943,600 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/16 18:56:52 | 001,682,944 | ---- | M] (Curse) -- C:\Documents and Settings\Owner\Local Settings\Apps\2.0\NGGA6TC8.Z9K\4TCC48GQ.ZLT\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
PRC - [2009/04/20 14:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/04/27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/02/09 18:54:14 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/03/19 19:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2010/06/06 10:52:06 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2009/04/20 14:16:40 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/06 00:35:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2005/04/27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2010/06/06 00:38:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/06 00:38:23 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/06 00:38:22 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/01 23:27:13 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/20 22:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/04/20 14:32:09 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/12/16 16:48:40 | 000,021,144 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/03/29 13:36:00 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007/03/26 17:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007/03/26 17:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2005/11/24 21:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/02/23 23:21:22 | 000,611,441 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/12 01:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2009/12/09 15:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/12/09 15:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: adam4adam.com ([www] https in Trusted sites)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...b?1271050188515 (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\DOCUME~1\Owner\LOCALS~1\Temp\501994453.dll) - C:\DOCUME~1\Owner\LOCALS~1\Temp\501994453.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper3.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper3.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/17 14:37:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/10 13:00:00 | 000,000,030 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4af30f43-d36e-11de-998b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4af30f43-d36e-11de-998b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4af30f43-d36e-11de-998b-806d6172696f}\Shell\AutoRun\command - "" = E:\Start.exe -- [2007/08/10 13:00:00 | 000,923,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/11/17 14:36:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/06 11:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Logs
[2010/06/06 10:40:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/06 10:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/06 10:27:14 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/06/06 09:58:35 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/06/06 09:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/06/06 01:15:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/06 00:38:42 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/06 00:38:37 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/06 00:38:22 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/06 00:38:19 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/06 00:38:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/06 00:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/06 00:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/06 00:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/05 21:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2010/06/05 21:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/05/25 14:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MorarChat
[2010/05/25 14:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\MorarChat
[2010/05/18 20:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2010/05/13 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\KodakGallery
[2010/05/13 16:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2010/05/13 16:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/13 16:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/13 16:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
[2010/05/13 16:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Print Creations
[2010/05/13 16:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ArcSoft
[2010/05/13 16:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2010/05/13 16:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/05/13 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/05/13 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/05/13 16:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/05/13 16:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2010/05/13 16:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/05/13 16:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/05/12 23:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Draup
[2010/05/12 23:03:17 | 000,000,000 | ---D | C] -- C:\TitanHealBot
[2010/05/12 23:03:17 | 000,000,000 | ---D | C] -- C:\SharedMediaAdditionalFonts
[2010/05/12 23:03:17 | 000,000,000 | ---D | C] -- C:\SharedMedia
[2010/04/14 00:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Archive
[2010/04/12 01:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/04/08 17:25:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/08 11:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/04/06 06:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder
[2010/04/06 06:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2010/04/06 06:37:03 | 016,205,198 | ---- | C] (Mooii) -- C:\Documents and Settings\Owner\My Documents\PhotoScapeSetup_V3.4.exe
[2010/03/17 08:45:54 | 012,754,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MP10Setup.exe
[2010/03/17 08:43:00 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/03/10 04:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\dvdcss

========== Files - Modified Within 90 Days ==========

[2010/06/06 11:17:51 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/06/06 10:53:33 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OTL.exe.lnk
[2010/06/06 10:32:59 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/06 10:32:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/06 10:32:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 10:32:16 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/06 10:31:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/06 10:31:10 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/06/06 10:26:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/06 10:25:57 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/06/06 10:22:29 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/06 10:17:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/06 10:09:53 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/06 10:09:53 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/06 10:09:53 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/06 10:02:14 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\5x9s02e1.exe
[2010/06/06 09:58:19 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/06/06 09:49:02 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2010/06/06 09:23:55 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1364589140-1644491937-1003UA.job
[2010/06/06 00:38:46 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/06 00:38:45 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/06 00:38:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/06 00:38:23 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/06 00:38:22 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/06 00:38:19 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/06 00:38:18 | 060,732,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/05 21:33:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/05 21:24:40 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/05 21:24:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/05 21:24:40 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/05 21:23:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1364589140-1644491937-1003Core.job
[2010/06/05 21:22:32 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/05/27 18:28:07 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/05/25 13:11:14 | 000,029,696 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/18 23:02:04 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\John.html.doc
[2010/05/16 12:39:45 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/05/13 17:03:14 | 000,005,120 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/05/13 16:40:28 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2010/05/13 00:52:42 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AddOns.lnk
[2010/05/10 10:30:21 | 000,010,553 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Good Morning Sunshine.docx
[2010/05/02 20:05:17 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/06 06:44:47 | 000,092,160 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\photothumb.db
[2010/04/06 06:38:29 | 000,065,368 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/06 06:38:18 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PhotoScape.lnk
[2010/04/06 06:37:02 | 016,205,198 | ---- | M] (Mooii) -- C:\Documents and Settings\Owner\My Documents\PhotoScapeSetup_V3.4.exe

========== Files Created - No Company Name ==========

[2010/06/06 10:53:33 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OTL.exe.lnk
[2010/06/06 10:32:16 | 1072,156,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/06 10:17:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/06 10:02:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\5x9s02e1.exe
[2010/06/06 09:49:02 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2010/06/06 00:38:46 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/06 00:38:18 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/06 00:38:09 | 060,732,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/05 21:22:32 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/06/05 21:18:18 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1364589140-1644491937-1003UA.job
[2010/06/05 21:18:18 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1364589140-1644491937-1003Core.job
[2010/06/05 16:02:01 | 000,011,863 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\john email.docx
[2010/05/18 22:39:39 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\John.html.doc
[2010/05/16 12:39:45 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/05/13 16:59:50 | 000,029,696 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/13 16:59:50 | 000,005,120 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/05/13 16:40:28 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2010/05/13 16:37:35 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/05/13 00:52:42 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AddOns.lnk
[2010/05/10 10:30:21 | 000,010,553 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Good Morning Sunshine.docx
[2010/04/06 06:38:46 | 000,092,160 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\photothumb.db
[2010/04/06 06:38:18 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PhotoScape.lnk
[2010/02/28 13:02:17 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/12/06 00:26:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/12/06 00:26:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/12/01 23:27:13 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/17 07:42:55 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009/04/20 14:25:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

========== LOP Check ==========

[2010/02/27 21:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/06 09:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/06 01:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/01 23:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/12/06 00:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/02/28 03:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/01 23:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/04/12 01:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2009/11/17 14:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/05/25 14:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MorarChat
[2009/12/17 23:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Alert 3 Uprising
[2010/05/13 16:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2009/12/06 00:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/05/22 17:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/05/27 18:28:07 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/17 14:37:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/05 21:24:40 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/11/17 14:37:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/06 10:32:16 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/17 14:37:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/17 14:37:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/06 10:32:14 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/11/17 07:41:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/11/17 07:41:50 | 001,073,152 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/11/17 07:41:50 | 000,835,584 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2009/04/20 14:19:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3DE22354C3609B3C3E5DC2C19C5E0693 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 08:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >

Don't know if this is relevant, but I got the Blue Screen of Death RIGHT after I posted this topic. Here is the error code when I restarted:

BCCode : f4 BCP1 : 00000003 BCP2 : 86163DA0 BCP3 : 86163F14
BCP4 : 805FB186 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

Edited by ldtate, 06 June 2010 - 09:41 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP