Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have a Virus please help (Sorry multiple post I couldnt post it all

Started by eula101 , Oct 10 2010 01:47 PM

  • Please log in to reply

#1
eula101
Posted 10 October 2010 - 01:47 PM

eula101

    New Member

  • Member
  • Pip
  • 3 posts
Ok yesterday my AVG FREE popped up and notified me that I had an infection, "Trojan Horse Generic 19.ahpv"

Now the pc is opening IE windows by itself and I'm quite worried,
My knowledge of computer is very limited but I followed all the steps you advised and now posting the logs.
If this post is incorrect in anyway please advise me on how to correct it.



=====MBAM LOGS=====

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4786

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/10/2010 20:26:17
mbam-log-2010-10-09 (20-26-17).txt

Scan type: Quick scan
Objects scanned: 156813
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sft (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPIMGR (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aspimgr (Trojan.Asprox) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe bfky.ojo bwapp) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.


=====GMER LOGS=====

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-10 06:03:26
Windows 5.1.2600 Service Pack 3
Running: u0zqdh0e[1].exe; Driver: C:\DOCUME~1\Home\LOCALS~1\Temp\pgxoqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\symc810.sys entry point in ".rsrc" section [0xBA4C79B4]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8A6C360, 0x240F7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DE000A
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E7000A
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006F000C
.text C:\WINDOWS\System32\svchost.exe[1088] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01D8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 01D9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 01D7000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[1800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[1800] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[1800] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B8000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E3000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02C1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02C2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 029F000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2740] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 011A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0296000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0119000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2760] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[3000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FB000A
.text C:\WINDOWS\system32\wuauclt.exe[3000] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FC000A
.text C:\WINDOWS\system32\wuauclt.exe[3000] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FA000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat A798AD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 89D4FEC5

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\[email protected] 7216
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\[email protected] 39
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\[email protected] 8451
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}\[email protected] 5307
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}\[email protected] 29
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}\[email protected] 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}\[email protected] 7288
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3BC75A2-1F87-4686-AA43-5347D756017C}\[email protected] 7287
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\[email protected] 6314

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\symc810.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Edited by eula101, 10 October 2010 - 02:02 PM.

  • 0

Advertisements

#2
eula101
Posted 10 October 2010 - 01:59 PM

eula101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
=====OTL LOGS=====

OTL logfile created on: 10/10/2010 06:24:52 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.41 Gb Total Space | 208.74 Gb Free Space | 91.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-8338425435
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/10 06:17:56 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
PRC - [2010/07/08 17:41:10 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/26 09:09:19 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/26 09:09:19 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/26 09:09:17 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/17 23:36:18 | 000,684,032 | ---- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIAudioi\HDADeck\HDeck.exe
PRC - [2006/04/24 19:23:42 | 000,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/03/28 15:48:54 | 000,622,592 | ---- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2006/03/01 16:06:24 | 000,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2005/09/08 02:18:34 | 000,049,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
PRC - [2005/06/06 17:40:48 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2005/03/17 14:25:54 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2005/03/08 11:33:28 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/10 06:17:56 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009/08/26 09:09:17 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2005/10/07 10:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/09/08 02:18:34 | 000,049,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe -- (ehMonitor)


========== Driver Services (SafeList) ==========

DRV - [2009/08/26 09:09:40 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/08/26 09:09:36 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/26 09:09:35 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/07/18 02:33:18 | 000,137,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService)
DRV - [2006/07/08 06:36:42 | 000,968,192 | ---- | M] (Hauppauge Computer Works inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCW713x.sys -- (Hauppauge WinTV-HVR)
DRV - [2006/06/02 00:22:00 | 003,925,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/02/23 19:39:06 | 000,011,264 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/02/23 19:38:32 | 000,009,728 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005/06/06 17:43:04 | 000,925,192 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/11/09 00:38:00 | 000,169,728 | ---- | M] (Genesis Digital Innovations) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gdi2bda.sys -- (GDI2BDA)
DRV - [2004/11/09 00:38:00 | 000,164,480 | ---- | M] (Genesis Digital Innovations) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\gdi2vid.sys -- (GDI23880)
DRV - [2004/11/09 00:38:00 | 000,013,696 | ---- | M] (Genesis Digital Innovations.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\gdi2bts.sys -- (GDI2BTS)
DRV - [2004/11/09 00:38:00 | 000,010,112 | ---- | M] (Genesis Digital Innovations) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\gdi2xbr.sys -- (GDI2XBAR)
DRV - [2004/11/09 00:38:00 | 000,009,856 | ---- | M] (Genesis Digital Innovations) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\gdi2ir.sys -- (GDI2IR)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2001/10/18 12:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VIAIDEXP.SYS -- (ViaIde)
DRV - [2001/08/18 05:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 05:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 05:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 05:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 05:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 04:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 04:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 04:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 04:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 04:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 04:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 04:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 04:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 04:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 04:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 20:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 20:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80134
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...aspx?tbid=80134

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 169.254.2.169



O1 HOSTS File: ([2009/09/20 05:09:50 | 000,000,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.365online.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Home\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Flash Casino Helper Control)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/04 16:10:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.clmp3enc - c:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
  • 0

#3
eula101
Posted 10 October 2010 - 02:01 PM

eula101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/10 06:17:56 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/10/10 05:27:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/10 05:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/10 05:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/10 05:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/10/09 22:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/09 20:39:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/09 20:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Malwarebytes
[2010/10/09 20:16:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/09 20:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/09 20:16:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/09 20:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/09 18:03:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/10/06 21:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\gtk-2.0
[2010/10/06 21:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\fpdb
[2010/10/06 21:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\.matplotlib
[2010/10/06 21:28:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/10/03 08:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\Promosoft Corporation
[2010/10/03 08:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/27 20:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\B055E963361F473A451074F8724B4734
[2010/09/25 18:33:05 | 000,000,000 | ---D | C] -- C:\Poker
[2010/09/25 03:26:04 | 000,000,000 | ---D | C] -- C:\Betfair
[2010/09/25 01:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Victory Poker
[2010/09/22 16:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\PostgreSQL
[2010/09/21 05:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/09/21 05:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/09/20 19:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2010/09/20 08:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\DivX
[2010/09/20 08:15:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/09/20 06:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\My Documents\My Downloads
[2010/09/20 06:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\FinalTorrent
[2010/09/20 05:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\facemoods.com
[2010/09/20 05:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/20 05:55:46 | 000,835,584 | ---- | C] (Capital Intellect Inc) -- C:\WINDOWS\System32\WINCTL4.OCX
[2010/09/20 05:55:46 | 000,495,616 | ---- | C] (Capital Intellect Inc) -- C:\WINDOWS\System32\WINUTIL5.DLL
[2010/09/20 05:55:46 | 000,393,216 | ---- | C] (Capital Intellect Inc) -- C:\WINDOWS\System32\WINLCTL5.DLL
[2010/09/20 05:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\GameBox
[2010/09/16 13:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\.filestore
[2010/09/15 03:04:47 | 000,000,000 | ---D | C] -- C:\41d574b61bc7a7118b25
[2010/09/12 00:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Brother
[2010/08/17 20:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Local Settings\Application Data\P5
[2010/07/13 21:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/10 06:19:19 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Home\ntuser.dat
[2010/10/10 06:17:56 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/10/10 06:10:55 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/10 06:10:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2010/10/10 06:10:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/10 06:10:44 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/10 06:10:42 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/10 05:55:34 | 004,734,976 | ---- | M] () -- C:\Documents and Settings\Home\ntuser.bak
[2010/10/10 05:55:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Home\ntuser.ini
[2010/10/10 05:27:28 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Home\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/10 05:27:06 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\NTREGOPT.lnk
[2010/10/10 05:27:06 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\NTREGOPT.lnk
[2010/10/10 05:27:06 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2010/10/10 05:27:04 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/10/10 05:09:11 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/09 21:41:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/09 20:57:06 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/09 20:57:06 | 000,000,195 | ---- | M] () -- C:\boot.ini
[2010/10/09 20:16:10 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/09 17:39:37 | 065,803,277 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/09 03:20:04 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/09 03:20:04 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/10/08 14:45:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/07 09:06:28 | 000,043,072 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\GDIPFONTCACHEV1.DAT
[2010/10/06 21:38:14 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Home\.recently-used.xbel
[2010/10/06 08:01:41 | 000,501,342 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/06 08:01:41 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 08:01:41 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 16:25:17 | 000,123,821 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\untitled.JPG
[2010/10/04 16:21:22 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 02:46:15 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Victory Poker.lnk
[2010/09/29 12:25:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/28 19:02:41 | 000,194,048 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\pictures word.doc
[2010/09/25 18:33:07 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\G Casino Poker.lnk
[2010/09/25 03:26:06 | 000,001,377 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Betfair Poker.lnk
[2010/09/25 03:26:06 | 000,001,357 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Betfair Poker.lnk
[2010/09/25 01:51:35 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Victory Poker.lnk
[2010/09/22 16:42:27 | 000,005,077 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bltofzsb.qlf
[2010/09/21 07:14:39 | 003,504,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/15 13:11:58 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\Home\Local Settings\Application Data\machpro.dat
[2010/09/15 02:57:21 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP