Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help infected with a win32:mopack (cryp) !

Started by lilac_sim , Nov 09 2010 11:58 AM

  • Please log in to reply

#1
lilac_sim
Posted 09 November 2010 - 11:58 AM

lilac_sim

    Member

  • Member
  • PipPip
  • 55 posts
I have tryed moving it etc and doing all the obvious stuff, i DON'T really think i can delete as its a system file OR its in the system file folder anyway.
i can't even move it to the chest, as it keeps saying this :
Error: The process cannot access the file because it is being used by another process (32)

I didn't know if it would help to do a scan for you first with OTL, so i added one here anyway.

This was down to my stupidity! as i thought it was a false positive, Obviously i was wrong!
My avast has been doing it job really well and i should of listened to it :D

Thank you for your help, you have helped me before and i was so happy last time to NOT have to re-install my computer again!

If it makes any difference the file Saying it is infected in avast is this file:
C:\WINDOWS\system32\efccyyxw.dll

here is the otl text and i also included the extras text as i wasn't sure if you needed it or not.
Thank you again geeks to go.


OTL logfile created on: 11/9/2010 5:35:59 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = H:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 471.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 47.36 Gb Free Space | 42.38% Space Free | Partition Type: NTFS
Drive D: | 4.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 25.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.92 Gb Total Space | 0.00 Gb Free Space | 0.02% Space Free | Partition Type: FAT
Drive H: | 953.05 Mb Total Space | 422.59 Mb Free Space | 44.34% Space Free | Partition Type: FAT
Drive I: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.93% Space Free | Partition Type: FAT32

Computer Name: CLARE-3EBD4B09F | User Name: clare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 17:30:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2010/09/07 15:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/30 13:44:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 22:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/11/09 17:30:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2006/08/25 15:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files\3\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys -- (ASInsHelp)
DRV - [2010/09/07 14:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 14:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 14:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 14:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 14:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 14:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/11 07:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/28 12:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/28 12:34:32 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/28 11:02:00 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/11/12 13:54:00 | 000,037,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007/12/17 16:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/01/07 16:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/04/15 08:50:00 | 000,068,816 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2002/04/15 08:50:00 | 000,023,328 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002/04/15 08:50:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lkbdflt2.sys -- (LKbdFlt2)
DRV - [2001/08/17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.ez-tracks.com/?fromOMB=1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.ez-tracks.com/?fromOMB=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://us.mg2.mail.y...=euup7qlq2q7pi"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: eastasian@eunheui:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.8
FF - prefs.js..extensions.enabledItems: {25A1388B-6B18-46c3-BEBA-A81915D0DE8F}:1.7
FF - prefs.js..extensions.enabledItems: {0fc85f5d-6207-4515-a490-45a549d285c0}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 23:15:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 21:28:44 | 000,000,000 | ---D | M]

[2009/07/12 17:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clare\Application Data\Mozilla\Extensions
[2010/09/08 21:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions
[2010/01/25 22:54:10 | 000,000,000 | ---D | M] (Radio Bar 1 Toolbar) -- C:\Documents and Settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}
[2009/09/03 15:47:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/22 16:44:04 | 000,000,000 | ---D | M] (Quick Locale Switcher) -- C:\Documents and Settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}
[2010/03/28 23:27:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/03 13:15:32 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/01/22 16:44:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/08/29 20:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\eastasian@eunheui
[2010/01/22 16:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\[email protected]
[2010/09/08 21:29:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/08 21:28:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/08 21:28:30 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/12 13:57:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efccyyxw.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AliceConnect] C:\Program Files\3\3Connect\Wilog.exe (3Connect)
O4 - HKCU..\Run: [Firefox KidZui] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Update Agent.lnk = C:\Program Files\3\3Connect\AutoUpdateSrv.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: three.co.uk ([my3] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} file:///D:/SuperCD/IntraLaunch.CAB (IntraLaunch.MainControl)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\efccyyxw: DllName - efccyyxw.dll - C:\WINDOWS\System32\efccyyxw.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efccyyxw.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/10 21:10:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/12 17:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/12/08 16:24:46 | 000,027,750 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007/10/29 19:25:38 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{182383c5-6d9c-11de-ae58-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{182383c5-6d9c-11de-ae58-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{182383c5-6d9c-11de-ae58-806d6172696f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{18a32dcf-3d60-11df-809a-e4d1bac9acec}\Shell - "" = AutoRun
O33 - MountPoints2\{18a32dcf-3d60-11df-809a-e4d1bac9acec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18a32dcf-3d60-11df-809a-e4d1bac9acec}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/11/12 17:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{45d4337a-95b2-11df-8189-995aff89fc83}\Shell - "" = AutoRun
O33 - MountPoints2\{45d4337a-95b2-11df-8189-995aff89fc83}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45d4337a-95b2-11df-8189-995aff89fc83}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/11/12 17:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6a8603a8-a128-11de-b7d6-bca929512c1f}\Shell - "" = AutoRun
O33 - MountPoints2\{6a8603a8-a128-11de-b7d6-bca929512c1f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a8603a8-a128-11de-b7d6-bca929512c1f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/11/12 17:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{703e1458-6e0f-11de-a1c9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{703e1458-6e0f-11de-a1c9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{703e1458-6e0f-11de-a1c9-806d6172696f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/11/12 17:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c9778572-a537-11de-b7dd-d0864bc11506}\Shell - "" = AutoRun
O33 - MountPoints2\{c9778572-a537-11de-b7dd-d0864bc11506}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9778572-a537-11de-b7dd-d0864bc11506}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/11/12 17:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e62123e0-8089-11de-b79d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e62123e0-8089-11de-b79d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e62123e0-8089-11de-b79d-806d6172696f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/11/12 17:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ffe06f87-f96d-11de-b871-90cad258a97d}\Shell - "" = AutoRun
O33 - MountPoints2\{ffe06f87-f96d-11de-b871-90cad258a97d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ffe06f87-f96d-11de-b871-90cad258a97d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:41042d871b45) - C:\WINDOWS\System32\aswBoot.exe (AVAST Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/08 18:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpongeBob SquarePants Diner Dash
[2010/11/08 18:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/11/08 18:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/11/03 14:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\clare\Application Data\dvdcss
[2010/11/03 14:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\clare\Application Data\vlc
[2010/11/03 14:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/11/02 18:00:22 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/11/02 18:00:21 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/11/02 18:00:21 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/11/02 18:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/11/02 17:54:53 | 015,187,568 | ---- | C] ( ) -- C:\Documents and Settings\clare\Desktop\klcodec630f.exe
[2010/10/18 16:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\clare\My Documents\asian project folder
[2010/09/08 13:32:19 | 000,081,920 | ---- | C] (James A. Sausville) -- C:\Program Files\Sims2HCDU.exe
[1 C:\Documents and Settings\clare\My Documents\*.tmp files -> C:\Documents and Settings\clare\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 16:54:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/09 16:50:30 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\efccyyxw.dll
[2010/11/09 01:54:13 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FF4750CD-C1DD-48A0-AAAC-8894F1F14AEF}.job
[2010/11/08 18:57:23 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play SpongeBob SquarePants Diner Dash.lnk
[2010/11/08 18:57:23 | 000,001,230 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/11/08 18:55:47 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/11/08 15:47:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 14:22:03 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/11/02 18:00:37 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2010/11/02 17:58:05 | 015,187,568 | ---- | M] ( ) -- C:\Documents and Settings\clare\Desktop\klcodec630f.exe
[2010/11/02 15:40:36 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/11/01 00:05:46 | 000,000,060 | ---- | M] () -- C:\WINDOWS\SimPose7.ini
[2010/10/31 11:38:43 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 11:38:43 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/23 22:27:53 | 000,160,945 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\autumn rugs rot 2.jpg
[2010/10/23 22:22:40 | 000,159,974 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\autumn rugs.jpg
[2010/10/20 18:28:45 | 000,225,836 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\ss_Daga.zip
[2010/10/18 15:59:07 | 000,874,916 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\bases for mmarie.rar
[2010/10/18 00:13:57 | 000,057,125 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\b5Bgfafit_24qhat.zip
[2010/10/17 23:43:37 | 000,039,872 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\lilac_wiindowbase.rar
[2010/10/16 14:55:24 | 000,020,262 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\m67593620.jpg
[2010/10/16 14:54:35 | 000,029,537 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\m2213115420.jpg
[2010/10/15 20:08:34 | 000,177,963 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\lilac_windowbase1.iff
[2010/10/12 19:50:33 | 000,122,925 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\Lady_Gaga_pokerface_nails_by_May_Lynn.jpg
[2010/10/12 19:45:55 | 000,229,491 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\Maskmainpageweb2.jpg
[2010/10/12 19:45:18 | 000,169,642 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\103776_01_Lg.jpg
[2010/10/12 19:43:34 | 000,220,816 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\Masquerade-Eyemask-Gold-Silver---Fancy-Dress-Masks-.jpg
[2010/10/12 19:22:23 | 000,023,963 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\hp-mask.jpg
[2010/10/12 16:06:59 | 000,041,534 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\ctoapts1stflr.jpg
[2010/10/12 16:06:53 | 000,038,862 | ---- | M] () -- C:\Documents and Settings\clare\My Documents\hyp_apartmentlot63.jpg
[1 C:\Documents and Settings\clare\My Documents\*.tmp files -> C:\Documents and Settings\clare\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/08 19:33:21 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\efccyyxw.dll
[2010/11/08 18:57:23 | 000,001,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play SpongeBob SquarePants Diner Dash.lnk
[2010/11/08 18:55:47 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/11/08 18:55:47 | 000,001,230 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2010/11/03 14:22:03 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/11/02 18:00:37 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2010/11/02 18:00:34 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/02 18:00:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/11/02 18:00:22 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/11/02 18:00:21 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/02 18:00:20 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/02 18:00:20 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/23 22:27:52 | 000,160,945 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\autumn rugs rot 2.jpg
[2010/10/23 22:22:40 | 000,159,974 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\autumn rugs.jpg
[2010/10/20 18:28:40 | 000,225,836 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\ss_Daga.zip
[2010/10/18 15:58:11 | 000,874,916 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\bases for mmarie.rar
[2010/10/18 00:13:56 | 000,057,125 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\b5Bgfafit_24qhat.zip
[2010/10/17 23:43:15 | 000,039,872 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\lilac_wiindowbase.rar
[2010/10/17 23:40:37 | 000,177,963 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\lilac_windowbase1.iff
[2010/10/16 14:55:23 | 000,020,262 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\m67593620.jpg
[2010/10/16 14:54:34 | 000,029,537 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\m2213115420.jpg
[2010/10/12 19:50:33 | 000,122,925 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\Lady_Gaga_pokerface_nails_by_May_Lynn.jpg
[2010/10/12 19:45:54 | 000,229,491 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\Maskmainpageweb2.jpg
[2010/10/12 19:45:17 | 000,169,642 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\103776_01_Lg.jpg
[2010/10/12 19:43:33 | 000,220,816 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\Masquerade-Eyemask-Gold-Silver---Fancy-Dress-Masks-.jpg
[2010/10/12 19:22:22 | 000,023,963 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\hp-mask.jpg
[2010/10/12 16:06:58 | 000,041,534 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\ctoapts1stflr.jpg
[2010/10/12 16:06:52 | 000,038,862 | ---- | C] () -- C:\Documents and Settings\clare\My Documents\hyp_apartmentlot63.jpg
[2010/09/24 16:07:29 | 000,000,042 | ---- | C] () -- C:\Program Files\SimPoseOptions.xml
[2010/09/24 16:07:29 | 000,000,042 | ---- | C] () -- C:\WINDOWS\GenericSimPoseLike.ini
[2010/09/08 13:32:19 | 000,036,864 | ---- | C] () -- C:\Program Files\SWsupport.dll
[2010/08/30 23:29:37 | 000,000,021 | ---- | C] () -- C:\Program Files\Sims2Pack Clean Installer.ini
[2010/05/13 16:17:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/05/13 16:17:33 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2010/05/13 16:02:51 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/05/13 16:02:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/05/13 16:02:37 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/05/13 16:02:18 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/04/01 13:47:20 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/09/25 00:23:07 | 000,000,016 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\63A2D2A8.ini
[2009/09/25 00:19:44 | 000,000,016 | RH-- | C] () -- C:\Documents and Settings\clare\Local Settings\Application Data\31D16954.ini
[2009/08/26 18:35:14 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SimPose7.ini
[2009/08/21 13:25:47 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/08/21 13:25:47 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/08/21 13:25:47 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/08/04 01:19:02 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/08/04 01:19:02 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/08/03 23:48:33 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2009/07/20 19:40:16 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\clare\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/18 14:51:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Transmogrifier.INI
[2009/07/11 21:06:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/11 20:30:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/07/10 21:55:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/17 14:40:16 | 000,479,232 | ---- | C] () -- C:\Program Files\SimPose2.exe
[2006/04/17 14:34:34 | 000,004,602 | ---- | C] () -- C:\Program Files\Sim2Pose quick start.txt
[2001/03/31 10:53:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lib3ds.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38E2864F

< End of report >


OTL Extras logfile created on: 11/9/2010 5:35:59 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = H:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 471.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 47.36 Gb Free Space | 42.38% Space Free | Partition Type: NTFS
Drive D: | 4.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 25.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.92 Gb Total Space | 0.00 Gb Free Space | 0.02% Space Free | Partition Type: FAT
Drive H: | 953.05 Mb Total Space | 422.59 Mb Free Space | 44.34% Space Free | Partition Type: FAT
Drive I: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.93% Space Free | Partition Type: FAT32

Computer Name: CLARE-3EBD4B09F | User Name: clare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Call of Duty\CoDMP.exe" = C:\Program Files\Call of Duty\CoDMP.exe:*:Disabled:CoDMP -- File not found
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20899876-068F-4670-B173-FF555C750069}" = Wedding Dash
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE1}" = Paint.NET v3.5.2
"{53D79E66-1B07-45E0-9ADE-0700D504417B}" = Wedding Dash 2 - Rings Around the World
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = MouseWare 9.60
"{595A6662-6158-11D4-8F73-0050DA0F6297}" = The Sims Art Studio
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B1899CD8-9584-4DC5-00AE-48F47CF81183}" = The Sims 2 HomeCrafter Plus
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CBB2D5DF-CF27-4C56-B820-64DF62FA2772}" = Burger Rush
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{D6D4828F-A5B2-11D4-8F73-0050DA0F6297}" = The Sims File Cop
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"Art Shop_is1" = Art Shop
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-SpongeBob SquarePants Diner Dash" = SpongeBob SquarePants Diner Dash
"blueprint ObjectEditor_is1" = blueprint ObjectEditor 1.0.0
"blueprint ObjectViewer_is1" = blueprint ObjectViewer 1.0.0
"blueprint SimExplorer_is1" = blueprint SimExplorer 2.1.1
"blueprint_is1" = blueprint 1.0
"Career Creator 3_is1" = Career Creator 3
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"Dairy Dash" = Dairy Dash
"Dark Legions" = Dark Legions
"Diablo II" = Diablo II
"EliSims 2.12_is1" = EliSims 2.12
"ExplorerSee_is1" = ExplorerSee 2.0
"Free Disc Burner_is1" = Free Disc Burner version 1.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"Heroes of Might and Magic IV" = Heroes of Might and Magic® IV
"Huawei Modems" = Huawei modem
"ie8" = Windows Internet Explorer 8
"Jr. Architect Demo_is1" = Jr. Architect Demo 1.0
"Jr. Doctor Demo_is1" = Jr. Doctor Demo 1.0
"Jr. Fashion Designer Demo_is1" = Jr. Fashion Designer Demo 1.0
"Jr. Inventor Demo_is1" = Jr. Inventor Demo 1.0
"Jr. Scientist Demo_is1" = Jr. Scientist Demo 1.0
"Jr. Vet Demo_is1" = Jr. Vet Demo 1.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"McAfee Security Scan" = McAfee Security Scan Plus
"Medieval Floor pack" = Medieval Floor pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MusicManager" = Music Manager
"Self installer" = Self installer
"SimPE PhotoStudio Templates_is1" = SimPE PhotoStudio Templates 3.0
"SimPE_is1" = SimPE 0.68 (alpha)
"Sims2Pack Clean Installer" = Sims2Pack Clean Installer
"ST6UNST #1" = Hero Editor V0.96
"ST6UNST #2" = Sims 2 NPC Replacer
"ST6UNST #3" = Sims 2 Categorizer
"SystemRequirementsLab" = System Requirements Lab
"Test install" = Test install
"The Sims 2 Poster Importer" = The Sims 2 Poster Importer
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"Wandering Willows" = Wandering Willows
"Warcraft III" = Warcraft III
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/9/2009 6:35:30 PM | Computer Name = CLARE-3EBD4B09F | Source = avast! | ID = 33554522
Description =

Error - 11/5/2009 1:08:00 PM | Computer Name = CLARE-3EBD4B09F | Source = avast! | ID = 33554522
Description =

Error - 11/5/2009 1:08:00 PM | Computer Name = CLARE-3EBD4B09F | Source = avast! | ID = 33554522
Description =

Error - 11/6/2009 7:14:14 PM | Computer Name = CLARE-3EBD4B09F | Source = avast! | ID = 33554522
Description =

Error - 11/6/2009 7:14:15 PM | Computer Name = CLARE-3EBD4B09F | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 7:28:19 PM | Computer Name = CLARE-3EBD4B09F | Source = avast! | ID = 33554522
Description =

Error - 2/24/2010 1:43:49 PM | Computer Name = CLARE-3EBD4B09F | Source = avast! | ID = 33554522
Description =

Error - 2/24/2010 3:18:13 PM | Computer Name = CLARE-3EBD4B09F | Source = avast! | ID = 33554522
Description =

Error - 5/1/2010 9:14:11 AM | Computer Name = CLARE-3EBD4B09F | Source = avast! | ID = 33554522
Description =

Error - 5/26/2010 4:45:27 PM | Computer Name = CLARE-3EBD4B09F | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 7/23/2010 8:55:30 PM | Computer Name = CLARE-3EBD4B09F | Source = Application Error | ID = 1000
Description = Faulting application transmogrifier.exe, version 2.0.0.4, faulting
module transmogrifier.exe, version 2.0.0.4, fault address 0x0003ea55.

Error - 7/23/2010 9:12:54 PM | Computer Name = CLARE-3EBD4B09F | Source = Application Hang | ID = 1002
Description = Hanging application Paint Shop Pro.exe, version 8.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2010 10:30:07 PM | Computer Name = CLARE-3EBD4B09F | Source = | ID = 0
Description =

Error - 7/23/2010 10:30:07 PM | Computer Name = CLARE-3EBD4B09F | Source = | ID = 0
Description =

Error - 7/25/2010 6:22:45 PM | Computer Name = CLARE-3EBD4B09F | Source = | ID = 0
Description =

Error - 7/25/2010 6:22:45 PM | Computer Name = CLARE-3EBD4B09F | Source = | ID = 0
Description =

Error - 7/26/2010 6:13:21 PM | Computer Name = CLARE-3EBD4B09F | Source = | ID = 0
Description =

Error - 7/26/2010 6:13:21 PM | Computer Name = CLARE-3EBD4B09F | Source = | ID = 0
Description =

Error - 7/27/2010 6:41:39 PM | Computer Name = CLARE-3EBD4B09F | Source = Application Error | ID = 1000
Description = Faulting application simpose9.exe, version 1.0.0.1, faulting module
simpose9.exe, version 1.0.0.1, fault address 0x000051ec.

Error - 7/27/2010 6:45:22 PM | Computer Name = CLARE-3EBD4B09F | Source = Application Error | ID = 1000
Description = Faulting application simpose9.exe, version 1.0.0.1, faulting module
simpose9.exe, version 1.0.0.1, fault address 0x000051ec.

[ System Events ]
Error - 11/8/2010 7:48:36 PM | Computer Name = CLARE-3EBD4B09F | Source = Service Control Manager | ID = 7000
Description = The ASInsHelp service failed to start due to the following error:
%%2

Error - 11/9/2010 8:59:43 AM | Computer Name = CLARE-3EBD4B09F | Source = Service Control Manager | ID = 7000
Description = The ASInsHelp service failed to start due to the following error:
%%2

Error - 11/9/2010 8:59:43 AM | Computer Name = CLARE-3EBD4B09F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BecHelperService service
to connect.

Error - 11/9/2010 8:59:43 AM | Computer Name = CLARE-3EBD4B09F | Source = Service Control Manager | ID = 7000
Description = The BecHelperService service failed to start due to the following
error: %%1053

Error - 11/9/2010 12:43:44 PM | Computer Name = CLARE-3EBD4B09F | Source = Service Control Manager | ID = 7000
Description = The ASInsHelp service failed to start due to the following error:
%%2

Error - 11/9/2010 12:43:44 PM | Computer Name = CLARE-3EBD4B09F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BecHelperService service
to connect.

Error - 11/9/2010 12:43:44 PM | Computer Name = CLARE-3EBD4B09F | Source = Service Control Manager | ID = 7000
Description = The BecHelperService service failed to start due to the following
error: %%1053

Error - 11/9/2010 12:57:23 PM | Computer Name = CLARE-3EBD4B09F | Source = Service Control Manager | ID = 7000
Description = The ASInsHelp service failed to start due to the following error:
%%2

Error - 11/9/2010 12:57:23 PM | Computer Name = CLARE-3EBD4B09F | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BecHelperService service
to connect.

Error - 11/9/2010 12:57:23 PM | Computer Name = CLARE-3EBD4B09F | Source = Service Control Manager | ID = 7000
Description = The BecHelperService service failed to start due to the following
error: %%1053


< End of report >


Hope these help,
And its the right text file you need!
Thank you again
I hope the settings on the OTL program were right for the log you need too.


i ALMOST FORGOT!!
I want to give you as much information as possible so here is a hijack this log
I can actually see the file infected it says this:

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efccyyxw.dll

and its mentioned here too:

O20 - Winlogon Notify: efccyyxw - C:\WINDOWS\SYSTEM32\efccyyxw.dll

this is the file BUT i didn't want to "fix" it or delete it etc as it could be a system file.
BUT i did try to fix , move to the chest etc on avast to no joy. so i hope the other programs get rid of it!
I have been scanning to make sure nothing else is infected But If you want another updated log let me know, although the one from yesterday was done right before the post.

and here is my hijack log too:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:55 PM, on 11/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
H:\hijackthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.ez-tracks.com/?fromOMB=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.ez-tracks.com/?fromOMB=1
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efccyyxw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AliceConnect] C:\Program Files\3\3Connect\Wilog.exe /autostart
O4 - HKCU\..\Run: [Firefox KidZui] "C:\Program Files\Mozilla Firefox\firefox.exe" -KidZuiAutoStart
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Update Agent.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...tDetection2.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///D:/SuperCD/IntraLaunch.CAB
O20 - Winlogon Notify: efccyyxw - C:\WINDOWS\SYSTEM32\efccyyxw.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3\3Connect\BecHelperService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

--
End of file - 5413 bytes

hope this helps too, didn't know which one you would need so thought i would give you both logs.
Thank you again.

I also think i may not of had the right settings clicked on on the otl log, as when i was looking for help i saw i forgot to click the settings lop check and purity check. so I will add another, I don't want to confuse you BUT i i don't want this to take ages as my computer only got infected 2 days ago and my computer is going downhill VERY FAST! ;)
which is the reason why i'm panicking a bit and probably adding too much information!!

Edited by lilac_sim, 10 November 2010 - 04:02 PM.

  • 0

Advertisements

#2
lilac_sim
Posted 10 November 2010 - 10:31 AM

lilac_sim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
sorry i tryed to delete this and couldn't which is probably why no one has answered me yet :D

Edited by lilac_sim, 10 November 2010 - 04:03 PM.

  • 0

#3
Rorschach112
Posted 16 November 2010 - 03:01 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#4
lilac_sim
Posted 22 November 2010 - 04:18 PM

lilac_sim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
hi, sorry about the lack of activity! I didn't have any internet!
So i sort of have an update here ,
strangely enough i had an update through my computer about a week ago and it updated my windows malicous software program and it got rid of the bad file BUT I'm not totally convinced that my computer is well though, I did a scan with both the windows program again and the malware bytes program and also my avast and got nothing BUT i'm now getting serious error reports ALOT!

I will run this program now anyway, and if you need another log text then let me know, as the original infected file is gone But it has done damage as i wasn't getting errors like this before`.

I will go do the combo fix and get back to you.
Thank you as well BTW! :(



EDIT:
OK HERE IS THE LOG FILE:

ComboFix 10-11-22.02 - clare 11/22/2010 22:38:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.536 [GMT 0:00]
Running from: c:\program files\combo fix\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ST6UNST.000
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-10-22 to 2010-11-22 )))))))))))))))))))))))))))))))
.

2010-11-22 22:20 . 2010-11-22 22:20 -------- d-----w- c:\program files\combo fix
2010-11-13 15:51 . 2010-11-13 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2010-11-13 15:51 . 2006-09-26 12:03 98304 ----a-w- c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
2010-11-13 15:51 . 2010-11-13 15:51 -------- d-----w- c:\program files\Zylom Games
2010-11-11 00:19 . 2010-11-11 00:19 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-10 20:48 . 2010-11-10 20:48 -------- d-----w- c:\documents and settings\clare\Application Data\Malwarebytes
2010-11-10 20:47 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 20:47 . 2010-11-10 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-10 20:47 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 20:47 . 2010-11-10 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 16:53 . 2010-11-10 16:53 -------- d-----w- c:\documents and settings\clare\Application Data\SystemRequirementsLab
2010-11-03 14:23 . 2010-11-04 19:02 -------- d-----w- c:\documents and settings\clare\Application Data\dvdcss
2010-11-03 14:22 . 2010-11-03 14:23 -------- d-----w- c:\documents and settings\clare\Application Data\vlc
2010-11-03 14:21 . 2010-11-03 14:21 -------- d-----w- c:\program files\VideoLAN
2010-11-02 18:00 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-11-02 18:00 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-11-02 18:00 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-11-02 18:00 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-11-02 18:00 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-11-02 18:00 . 2010-08-12 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-11-02 18:00 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-11-02 18:00 . 2010-11-02 18:00 -------- d-----w- c:\program files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 19:02 . 2010-04-01 13:47 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-09-08 21:28 . 2010-09-08 21:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-08 21:28 . 2010-09-08 21:28 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 13:30 . 2010-04-01 12:33 249856 ------w- c:\windows\Setup1.exe
2010-09-08 13:30 . 2010-04-01 12:33 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-09-07 15:12 . 2010-09-11 17:00 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-07-11 11:53 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-07-11 11:53 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-07-11 11:53 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-07-11 11:53 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-07-11 11:53 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2009-07-11 11:53 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2009-07-11 11:53 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2009-07-11 11:53 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-29 18:07 . 2010-01-14 18:25 667978 ----a-w- c:\windows\unins000.exe
2007-03-04 15:20 . 2010-09-08 13:32 81920 ----a-w- c:\program files\Sims2HCDU.exe
2006-04-17 14:40 . 2006-04-17 14:40 479232 ----a-w- c:\program files\SimPose2.exe
2006-02-27 22:42 . 2010-09-08 13:32 36864 ----a-w- c:\program files\SWsupport.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-30 68856]
"AliceConnect"="c:\program files\3\3Connect\Wilog.exe" [2010-01-28 10035448]
"Firefox KidZui"="c:\program files\Mozilla Firefox\firefox.exe" [2010-04-13 908248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-28 137752]
"EM_EXEC"="c:\progra~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-05-01 28672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:41042d871b45

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/11/2009 11:53 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/11/2009 11:53 AM 17744]
R2 BecHelperService;BecHelperService;c:\program files\3\3Connect\BecHelperService.exe [4/1/2010 7:32 AM 1737464]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [11/12/2008 1:54 PM 37376]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 12:49 PM 227232]
.
Contents of the 'Scheduled Tasks' folder

2010-11-22 c:\windows\Tasks\User_Feed_Synchronization-{FF4750CD-C1DD-48A0-AAAC-8894F1F14AEF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.ez-tracks.com/?fromOMB=1
mStart Page = hxxp://home.ez-tracks.com/?fromOMB=1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: three.co.uk\my3
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file:///D:/SuperCD/IntraLaunch.CAB
FF - ProfilePath - c:\documents and settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=euup7qlq2q7pi
FF - component: c:\documents and settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\clare\Application Data\Mozilla\Firefox\Profiles\hvsg87tg.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\clare\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\clare\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

AddRemove-EliSims 2.12_is1 - c:\program files\Maxis\The Sims\unins000.exe
AddRemove-Free Disc Burner_is1 - c:\program files\DVDVideoSoft\Free Disc Burner\unins000.exe
AddRemove-HijackThis - H:\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-22 22:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-22 22:45:40
ComboFix-quarantined-files.txt 2010-11-22 22:45

Pre-Run: 56,465,469,440 bytes free
Post-Run: 56,856,866,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F69F919B92BC3CAACA2B3B041D0F3AA6

Let me know if you need anything else or if i should be going to another thread about the serious errors i keep getting, Thank you!



UPDATE FROM DOING THE COMBO FIX!

hi so i haven't heard from you again yet , BUT since doing the combo fix i now have an different error message every time i start up my computer ,
It keeps referring to a dll file now being used for a different dll!
I have never had this message before and i haven't got a clue what to do to solve any of my other errors either??
My computer is also running very slow after the virus and I seem to be getting more and more error messages as the time goes on, mostly referring to serious errors whilst running programs.
i will come back and edit this to show the exact message i'm getting after restarting the computer!
sorry i keep making this more and more complicated, I'm getting really frustrated as it seems to be taking ages to fix this and my computer is getting worse by the day, I don't want to wake up and it all of a sudden doesn't work at all ;) please HELP!!
Thank you again for all your help :)


ok so this message i keep getting is long lol, so i copied it down for you so you can see exactly what i'm on about!

here goes:

RTHDCPL.EXE-illegal System DLL Relocation
The system DLL User32.dll was relocated in memory.The application will not run properly.
The relocation occurred because the DLL C:\WINDOWS\System32\HHCTRL.OCX occupied an address range reserved for windows system DLL'S.
The vendor supplying the DLL should be contacted for a new DLL.



Like i said this is the first time i have ever had anything of the sort, I hope you can help me fix whatever combo fix did, I'm getting really desperate too. ;) :D ;)
Thank you again :)

Edited by lilac_sim, 24 November 2010 - 03:38 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP