Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

NASTY ROOTKIT INFECTION!

Started by VenomRx , Feb 02 2011 06:19 PM

This topic is locked

#1
VenomRx

Posted 02 February 2011 - 06:19 PM

Member

Member
27 posts

I am fixing a computer for a friend, he told me it was slow so I scanned it with malwarebytes and it had over 200 infections. I removed all of infections then scanned again but this time it found nothing. The computer is working fine and not as slow as before, but when I open a programs the graphics are messed up, a symton of a virus or something. Any help would be appreciated, Thank you in advance.

I took a picture of what it looks like.

Attached Files

scan.log 2.78KB 155 downloads

Edited by VenomRx, 03 February 2011 - 04:59 PM.

#2
VenomRx

Posted 03 February 2011 - 12:46 PM

Member

Topic Starter
Member
27 posts

Please help.

#3
ali.B

Posted 03 February 2011 - 01:10 PM

Trusted Helper

Malware Removal
3,086 posts

Hello VenomRx

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
Please do not do anything or perform other steps unless I have asked you to do so.
Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

please do not attach logs post them instead

Step 1

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan bot paste this in

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

#4
VenomRx

Posted 03 February 2011 - 01:42 PM

Member

Topic Starter
Member
27 posts

OTL logfile created on: 2/3/2011 11:31:09 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\skater boy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 113.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 35.15 Gb Free Space | 47.18% Space Free | Partition Type: NTFS
Drive F: | 7.75 Gb Total Space | 7.22 Gb Free Space | 93.15% Space Free | Partition Type: FAT32

Computer Name: NEC-E750A3827B0 | User Name: skater boy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/03 11:29:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\skater boy\Desktop\OTL.exe
PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/23 19:35:23 | 000,020,480 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/11/16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/22 20:58:48 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/01/18 17:37:30 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/01/18 17:08:36 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/10/15 12:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 12:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/10/08 11:52:32 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE

========== Modules (SafeList) ==========

MOD - [2011/02/03 11:29:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\skater boy\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2005/11/22 20:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/15 12:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2009/11/16 09:06:48 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/11/16 09:06:44 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/11/16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/19 08:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/03/20 18:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/10/08 03:59:11 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/10/08 03:57:48 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/09/29 10:45:32 | 000,026,525 | R--- | M] (SMC2208USB/ETH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SMC2208.SYS -- (SMC2208)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 02:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 02:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/01/10 13:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 31 3C 79 D8 C3 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/02/02 18:57:51 | 000,000,000 | ---D | M]

[2011/02/01 17:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\skater boy\Application Data\Mozilla\Extensions
[2010/09/19 07:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\skater boy\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/02/03 10:07:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B80F591E-FE9A-46CF-A13E-180377240586} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CE18769B-C7FA-42D2-860D-17C4662C70AD} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/15 20:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/03 11:28:54 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\skater boy\Desktop\OTL.exe
[2011/02/03 11:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\skater boy\Local Settings\Application Data\ESET
[2011/02/02 18:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\skater boy\Application Data\ESET
[2011/02/02 18:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/02 18:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/02/02 18:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/02/02 15:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/02 14:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/02 14:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/02 14:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/02/02 14:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/02/02 14:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/02/02 14:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/02 14:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/02/02 14:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/02/02 14:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/02/02 14:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/02/02 14:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/02/02 14:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/02/02 14:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/02/02 14:27:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/02/02 14:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\skater boy\Local Settings\Application Data\Microsoft Help
[2011/02/02 14:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/02/02 14:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/02/02 14:26:01 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/02/01 19:41:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\skater boy\IECompatCache
[2011/02/01 19:35:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/02/01 19:33:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/02/01 18:41:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/01 18:24:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/02/01 18:24:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/02/01 18:24:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/02/01 18:24:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/02/01 18:20:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/02/01 18:15:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/02/01 18:15:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/02/01 17:33:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/01 17:29:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/01 17:29:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/01 17:29:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/01 17:29:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/01 17:29:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/01 17:29:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/01 17:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\skater boy\Start Menu\Programs\WinRAR
[2011/02/01 17:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/02/01 17:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\skater boy\Application Data\URSoft
[2011/02/01 17:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/01 17:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller 2010
[2011/02/01 17:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2010
[2011/02/01 10:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2011/02/01 10:25:35 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2011/02/01 10:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2011/02/01 10:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\skater boy\Application Data\MSNInstaller
[2011/02/01 09:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/01/31 20:57:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VIRepair
[2011/01/31 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\skater boy\Application Data\Malwarebytes
[2011/01/31 18:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/31 18:30:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/31 18:30:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/31 18:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/31 18:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/10 21:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\skater boy\Application Data\Styler
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/03 11:29:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\skater boy\Desktop\OTL.exe
[2011/02/03 11:09:07 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/03 10:07:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/03 10:06:55 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/03 10:02:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/02 19:06:36 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\skater boy\Desktop\gmer.zip
[2011/02/02 16:18:31 | 000,260,839 | ---- | M] () -- C:\Documents and Settings\skater boy\Desktop\Doc1.docx
[2011/02/02 15:16:08 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/02 14:59:55 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/02 14:56:39 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/02/02 14:54:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/02 14:25:18 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\skater boy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 19:52:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/01 19:47:22 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/01 19:39:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\skater boy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/01 19:12:27 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/01 19:12:27 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/01 18:20:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/01 17:33:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/01 10:11:53 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/01/31 20:46:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/04 18:57:59 | 000,019,672 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/02 19:07:32 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\skater boy\Desktop\gmer.exe
[2011/02/02 19:06:32 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\skater boy\Desktop\gmer.zip
[2011/02/02 16:18:08 | 000,260,839 | ---- | C] () -- C:\Documents and Settings\skater boy\Desktop\Doc1.docx
[2011/02/02 14:59:55 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/02 14:56:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/02/02 14:54:04 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/02 14:54:01 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/02/01 19:27:14 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/02/01 18:42:21 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\skater boy\Start Menu\Programs\Outlook Express.lnk
[2011/02/01 17:33:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/01 17:33:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/01 17:29:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/01 17:29:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/01 17:29:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/01 17:29:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/01 17:29:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/01 09:59:38 | 000,001,902 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2011/02/01 09:58:58 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2011/02/01 09:58:58 | 000,005,110 | ---- | C] () -- C:\WINDOWS\System32\e100b325.din
[2011/01/29 16:53:14 | 000,039,851 | ---- | C] () -- C:\Documents and Settings\skater boy\Local Settings\Application Data\FASTWiz.log
[2011/01/04 18:57:59 | 000,019,672 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/03 17:57:32 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\skater boy\Local Settings\Application Data\d3d9caps.dat
[2010/12/20 14:23:38 | 000,019,644 | ---- | C] () -- C:\WINDOWS\System32\WMSPerf.ini
[2010/11/29 21:10:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/10/04 13:37:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/02 07:52:02 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\skater boy\Application Data\ReplayConverterLog.log
[2010/09/30 19:59:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pspvc_path.ini
[2010/09/28 18:43:23 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010/09/28 18:32:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/09/28 18:29:00 | 000,004,779 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/27 15:50:07 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\skater boy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 19:39:57 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/23 19:33:47 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log
[2010/01/15 21:10:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/15 12:17:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2011/01/01 11:17:45 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\1e6fcc
[2010/09/09 17:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\391F
[2010/10/13 14:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/09/20 13:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/12/28 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/01/03 18:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2011/02/02 18:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/12/22 14:00:35 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\IAUEVLMMHWV
[2010/11/09 20:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/10/11 15:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2010/09/30 19:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PSPVC
[2010/09/20 13:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/02/01 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/01 20:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/05 14:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/09/19 07:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/15 20:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\AnvSoft
[2010/11/01 20:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\Azureus
[2010/10/01 14:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\Babylon
[2010/12/24 12:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\CBS Interactive
[2011/01/01 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\com.w3i.FlipToast
[2011/01/05 14:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\DriverFinder
[2010/12/16 13:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\Elluminate
[2011/02/02 18:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\ESET
[2011/01/31 20:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\FrostWire
[2010/10/02 07:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\HandBrake
[2011/02/01 10:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\MSNInstaller
[2010/11/01 15:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\Need for Speed World
[2010/11/14 11:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\Nuance
[2010/11/15 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\OpenCandy
[2010/11/12 17:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\Search Settings
[2011/02/01 17:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\Sony
[2011/01/10 21:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\Styler
[2010/11/16 14:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\Uniblue
[2011/02/01 17:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\URSoft
[2010/10/04 16:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\YouTube Downloader
[2010/09/20 13:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\skater boy\Application Data\Zeon

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/01/15 20:30:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/31 15:50:27 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/02/01 17:33:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/02/03 11:22:28 | 000,016,792 | ---- | M] () -- C:\ComboFix.txt
[2010/01/15 20:30:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/21 17:01:06 | 000,000,618 | ---- | M] () -- C:\debug.log
[2010/01/31 19:17:09 | 000,000,055 | ---- | M] () -- C:\DVDPATH.TXT
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/01/15 20:30:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/31 16:42:30 | 000,001,599 | -H-- | M] () -- C:\IPH.PH
[2010/02/23 19:35:29 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2011/02/01 10:23:08 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/01/15 20:30:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 02:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/02/01 18:20:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/03 10:02:37 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2011/02/01 10:32:19 | 000,000,702 | ---- | M] () -- C:\rkill.log
[2011/02/02 18:51:34 | 000,038,248 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_02.02.2011_18.50.49_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/01/15 12:13:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/01/15 12:13:20 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/01/15 12:13:20 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-12 11:04:11

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

< End of report >

#5
VenomRx

Posted 03 February 2011 - 01:42 PM

Member

Topic Starter
Member
27 posts

OTL Extras logfile created on: 2/3/2011 11:31:09 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\skater boy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 113.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 35.15 Gb Free Space | 47.18% Space Free | Partition Type: NTFS
Drive F: | 7.75 Gb Total Space | 7.22 Gb Free Space | 93.15% Space Free | Partition Type: FAT32

Computer Name: NEC-E750A3827B0 | User Name: skater boy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Java\jre6\launch4j-tmp\wowd.exe" = C:\Program Files\Java\jre6\launch4j-tmp\wowd.exe:*:Enabled:Wowd -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\VirtualDJ\virtualdj_home.exe" = C:\Program Files\VirtualDJ\virtualdj_home.exe:*:Enabled:VirtualDJ -- (Atomix Productions)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\Windows Media\Server\WMServer.exe" = C:\WINDOWS\system32\Windows Media\Server\WMServer.exe:*:Enabled:WMServer -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{BE09FBC2-74BF-42A5-8FFF-12E784BAA42C}" = ESET Smart Security
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Adapters and Drivers
"PSPVC" = PSPVC :: PSP Video Converter v3.91
"QcDrv" = Logitech® Camera Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YU2010_is1" = Your Uninstaller! 2010

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2011 9:34:36 PM | Computer Name = NEC-E750A3827B0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x715b9d8b.

Error - 2/2/2011 5:09:11 PM | Computer Name = NEC-E750A3827B0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 2/2/2011 5:09:35 PM | Computer Name = NEC-E750A3827B0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 2/2/2011 5:45:32 PM | Computer Name = NEC-E750A3827B0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 2/2/2011 5:52:03 PM | Computer Name = NEC-E750A3827B0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 2/2/2011 6:11:14 PM | Computer Name = NEC-E750A3827B0 | Source = Application Error | ID = 1001
Description = Fault bucket 1595976195.

Error - 2/2/2011 7:07:29 PM | Computer Name = NEC-E750A3827B0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 2/2/2011 7:08:06 PM | Computer Name = NEC-E750A3827B0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 2/3/2011 1:53:32 PM | Computer Name = NEC-E750A3827B0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 2/3/2011 1:54:08 PM | Computer Name = NEC-E750A3827B0 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

[ System Events ]
Error - 2/2/2011 7:38:55 PM | Computer Name = NEC-E750A3827B0 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/2/2011 7:38:55 PM | Computer Name = NEC-E750A3827B0 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/2/2011 7:38:55 PM | Computer Name = NEC-E750A3827B0 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/2/2011 7:38:55 PM | Computer Name = NEC-E750A3827B0 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/2/2011 8:29:44 PM | Computer Name = NEC-E750A3827B0 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/2/2011 8:29:44 PM | Computer Name = NEC-E750A3827B0 | Source = Service Control Manager | ID = 7031
Description = The AOL TopSpeed Monitor service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 2/2/2011 11:10:13 PM | Computer Name = NEC-E750A3827B0 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/2/2011 11:10:37 PM | Computer Name = NEC-E750A3827B0 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/2/2011 11:10:49 PM | Computer Name = NEC-E750A3827B0 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/2/2011 11:11:06 PM | Computer Name = NEC-E750A3827B0 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

< End of report >

#6
VenomRx

Posted 03 February 2011 - 04:30 PM

Member

Topic Starter
Member
27 posts

windows32 registrybooster
Java/trojanDownloader.OpenStream.NAY Trojan

Scanned with NOD32 AND FOUND THESE

#7
ali.B

Posted 04 February 2011 - 09:02 AM

Trusted Helper

Malware Removal
3,086 posts

hi

please post those two logs:

C:\TDSSKiller.2.4.16.0_02.02.2011_18.50.49_log.txt
C:\ComboFix.txt

#8
VenomRx

Posted 04 February 2011 - 10:00 AM

Member

Topic Starter
Member
27 posts

2011/02/02 18:50:49.0531 3508 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/02 18:50:49.0953 3508 ================================================================================
2011/02/02 18:50:49.0953 3508 SystemInfo:
2011/02/02 18:50:49.0953 3508
2011/02/02 18:50:49.0953 3508 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/02 18:50:49.0953 3508 Product type: Workstation
2011/02/02 18:50:49.0953 3508 ComputerName: NEC-E750A3827B0
2011/02/02 18:50:49.0953 3508 UserName: skater boy
2011/02/02 18:50:49.0953 3508 Windows directory: C:\WINDOWS
2011/02/02 18:50:49.0953 3508 System windows directory: C:\WINDOWS
2011/02/02 18:50:49.0953 3508 Processor architecture: Intel x86
2011/02/02 18:50:49.0953 3508 Number of processors: 1
2011/02/02 18:50:49.0953 3508 Page size: 0x1000
2011/02/02 18:50:49.0953 3508 Boot type: Normal boot
2011/02/02 18:50:49.0953 3508 ================================================================================
2011/02/02 18:50:50.0296 3508 Initialize success
2011/02/02 18:50:52.0937 3552 ================================================================================
2011/02/02 18:50:52.0937 3552 Scan started
2011/02/02 18:50:52.0937 3552 Mode: Manual;
2011/02/02 18:50:52.0937 3552 ================================================================================
2011/02/02 18:50:53.0984 3552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/02 18:50:54.0156 3552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/02 18:50:54.0281 3552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/02 18:50:54.0468 3552 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/02 18:50:54.0812 3552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/02 18:50:54.0984 3552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/02 18:50:55.0406 3552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/02 18:50:55.0562 3552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/02 18:50:55.0796 3552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/02 18:50:55.0906 3552 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
2011/02/02 18:50:56.0250 3552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/02 18:50:56.0312 3552 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/02 18:50:56.0484 3552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/02 18:50:56.0656 3552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/02 18:50:56.0734 3552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/02 18:50:56.0921 3552 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/02/02 18:50:57.0203 3552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/02 18:50:57.0437 3552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/02 18:50:57.0656 3552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/02 18:50:57.0875 3552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/02 18:50:58.0046 3552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/02 18:50:58.0312 3552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/02 18:50:58.0437 3552 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/02 18:50:58.0640 3552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/02 18:50:58.0812 3552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/02 18:50:58.0906 3552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/02 18:50:59.0078 3552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/02 18:50:59.0156 3552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/02 18:50:59.0343 3552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/02 18:50:59.0421 3552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/02 18:50:59.0609 3552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/02 18:50:59.0734 3552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/02 18:50:59.0921 3552 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/02 18:51:00.0031 3552 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/02 18:51:00.0250 3552 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/02 18:51:00.0468 3552 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/02 18:51:00.0640 3552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/02 18:51:00.0953 3552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/02 18:51:01.0203 3552 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/02 18:51:01.0437 3552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/02 18:51:01.0796 3552 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/02 18:51:01.0890 3552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/02 18:51:02.0000 3552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/02 18:51:02.0093 3552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/02 18:51:02.0250 3552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/02 18:51:02.0375 3552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/02 18:51:02.0562 3552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/02 18:51:02.0671 3552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/02 18:51:02.0828 3552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/02 18:51:02.0937 3552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/02 18:51:03.0125 3552 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/02 18:51:03.0203 3552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/02 18:51:03.0390 3552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/02 18:51:03.0656 3552 LVUSBSta (90259f3a20fbaec1a08d74ef5415b9d8) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/02/02 18:51:03.0750 3552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/02 18:51:03.0921 3552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/02 18:51:04.0000 3552 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/02/02 18:51:04.0156 3552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/02 18:51:04.0296 3552 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/02 18:51:04.0484 3552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/02 18:51:04.0703 3552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/02 18:51:04.0906 3552 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/02 18:51:05.0093 3552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/02 18:51:05.0171 3552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/02 18:51:05.0312 3552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/02 18:51:05.0390 3552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/02 18:51:05.0562 3552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/02 18:51:05.0625 3552 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/02 18:51:05.0796 3552 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/02 18:51:05.0968 3552 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/02 18:51:06.0078 3552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/02 18:51:06.0250 3552 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/02 18:51:06.0328 3552 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/02 18:51:06.0500 3552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/02 18:51:06.0578 3552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/02 18:51:06.0750 3552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/02 18:51:06.0828 3552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/02 18:51:07.0000 3552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/02 18:51:07.0125 3552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/02 18:51:07.0312 3552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/02 18:51:07.0515 3552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/02 18:51:07.0593 3552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/02 18:51:07.0718 3552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/02 18:51:07.0812 3552 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/02/02 18:51:07.0953 3552 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/02/02 18:51:08.0015 3552 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/02/02 18:51:08.0140 3552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/02 18:51:08.0312 3552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/02 18:51:08.0484 3552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/02 18:51:08.0687 3552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/02 18:51:09.0046 3552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/02 18:51:09.0296 3552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/02 18:51:10.0656 3552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/02 18:51:10.0906 3552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/02 18:51:11.0109 3552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/02 18:51:12.0062 3552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/02 18:51:12.0250 3552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/02 18:51:12.0437 3552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/02 18:51:12.0812 3552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/02 18:51:13.0125 3552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/02 18:51:13.0312 3552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/02 18:51:13.0593 3552 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/02 18:51:14.0218 3552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/02 18:51:14.0546 3552 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/02 18:51:14.0812 3552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/02 18:51:15.0234 3552 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/02/02 18:51:15.0437 3552 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/02 18:51:15.0531 3552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/02 18:51:15.0796 3552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/02 18:51:16.0187 3552 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/02 18:51:16.0343 3552 SMC2208 (142f1fe694f38dbd4fafcd6f86f325a4) C:\WINDOWS\system32\DRIVERS\SMC2208.SYS
2011/02/02 18:51:16.0453 3552 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2011/02/02 18:51:16.0625 3552 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
2011/02/02 18:51:16.0843 3552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/02 18:51:16.0953 3552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/02 18:51:17.0187 3552 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/02 18:51:17.0437 3552 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/02/02 18:51:17.0671 3552 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/02 18:51:17.0828 3552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/02 18:51:17.0953 3552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/02 18:51:18.0390 3552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/02 18:51:18.0578 3552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/02 18:51:18.0750 3552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/02 18:51:18.0812 3552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/02 18:51:18.0906 3552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/02 18:51:19.0171 3552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/02 18:51:19.0390 3552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/02 18:51:19.0750 3552 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/02 18:51:19.0859 3552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/02 18:51:20.0031 3552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/02 18:51:20.0093 3552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/02 18:51:20.0265 3552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/02 18:51:20.0343 3552 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/02 18:51:20.0515 3552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/02 18:51:20.0593 3552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/02 18:51:20.0750 3552 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/02/02 18:51:20.0843 3552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/02 18:51:21.0046 3552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/02 18:51:21.0156 3552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/02 18:51:21.0328 3552 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/02/02 18:51:21.0578 3552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/02 18:51:21.0859 3552 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/02 18:51:21.0953 3552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/02 18:51:22.0203 3552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/02 18:51:22.0437 3552 ================================================================================
2011/02/02 18:51:22.0437 3552 Scan finished
2011/02/02 18:51:22.0437 3552 ================================================================================
2011/02/02 18:51:34.0531 3504 Deinitialize success

#9
VenomRx

Posted 04 February 2011 - 10:02 AM

Member

Topic Starter
Member
27 posts

2011-02-03 18:07:28 . 2010-02-24 03:35:23 24,576 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\SKATER~1\LOCALS~1\Temp\IadHide4.dll.vir
2011-02-02 21:26:14 . 2011-02-02 21:26:14 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2011-02-02 02:03:36 . 2011-02-02 02:03:36 612 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{D12D3F3B-D79F-4057-B958-F7D954A9D98E}.reg.dat
2011-02-02 02:03:11 . 2011-02-02 02:03:11 151 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-SpeedItUpEX.reg.dat
2011-02-02 02:03:10 . 2011-02-02 02:03:10 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847}.reg.dat
2011-02-02 02:03:10 . 2011-02-02 02:03:10 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2011-02-02 01:37:29 . 2011-02-02 01:37:29 2,404 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2011-02-02 01:37:29 . 2011-02-02 01:37:29 1,312 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2011-02-02 01:37:20 . 2011-02-03 22:47:45 9,337 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-02-02 01:29:38 . 2011-02-03 22:43:47 707 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-02-01 19:25:20 . 2011-02-02 01:09:49 2,664 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\mru.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 23,296 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\1.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 125,672 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\a.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 165,160 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\b.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 172,176 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\c.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 105,704 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\d.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 108,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\e.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 60,048 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\f.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 70,624 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\g.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 52,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\h.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 48,336 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\i.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 28,000 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\J.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 28,080 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\k.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 69,168 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\l.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 104,888 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\m.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 36,808 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\n.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 41,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\o.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 96,480 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\p.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 4,440 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\q.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 36,768 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\r.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 159,760 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\s.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 95,664 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\t.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 20,960 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\u.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 30,528 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\v.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 43,520 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\w.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 2,888 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\x.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 10,744 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\y.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 11,648 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\skater boy\Application Data\PriceGong\Data\z.xml.vir
2007-11-07 16:03:18 . 2007-11-07 16:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
2004-08-04 10:00:00 . 2004-08-04 10:00:00 2,804,224 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000116_.tmp.dll.vir

#10
VenomRx

Posted 04 February 2011 - 10:03 AM

Member

Topic Starter
Member
27 posts

ComboFix 11-01-31.02 - skater boy 02/03/2011 14:43:48.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.228 [GMT -8:00]
Running from: c:\documents and settings\skater boy\Desktop\Apples.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2011-01-03 to 2011-02-03 )))))))))))))))))))))))))))))))
.

2011-02-03 19:08 . 2011-02-03 19:08 -------- d-----w- c:\documents and settings\skater boy\Local Settings\Application Data\ESET
2011-02-03 02:59 . 2011-02-03 02:59 -------- d-----w- c:\documents and settings\skater boy\Application Data\ESET
2011-02-03 02:57 . 2011-02-03 02:57 -------- d-----w- c:\program files\ESET
2011-02-03 02:57 . 2011-02-03 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-02-02 22:58 . 2011-02-02 22:58 -------- d-----w- c:\program files\iPod
2011-02-02 22:56 . 2011-02-02 22:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-02-02 22:56 . 2011-02-02 22:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-02-02 22:56 . 2011-02-02 22:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-02-02 22:56 . 2011-02-02 22:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-02-02 22:56 . 2011-02-02 22:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-02-02 22:56 . 2011-02-02 22:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-02-02 22:56 . 2011-02-02 22:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-02-02 22:55 . 2011-02-02 22:56 -------- d-----w- c:\program files\QuickTime
2011-02-02 22:54 . 2011-02-02 22:54 -------- d-----w- c:\program files\Apple Software Update
2011-02-02 22:53 . 2011-02-02 22:53 -------- d-----w- c:\program files\Bonjour
2011-02-02 22:52 . 2011-02-02 22:58 -------- d-----w- c:\program files\Common Files\Apple
2011-02-02 22:34 . 2006-10-27 03:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-02-02 22:34 . 2006-10-27 03:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-02-02 22:32 . 2011-02-02 22:32 -------- d-----w- c:\program files\Microsoft Works
2011-02-02 22:30 . 2011-02-02 22:30 -------- d-----w- c:\program files\Microsoft.NET
2011-02-02 22:28 . 2011-02-02 22:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-02-02 22:27 . 2011-02-02 22:31 -------- d-----w- c:\windows\SHELLNEW
2011-02-02 22:26 . 2011-02-02 22:26 -------- d-----w- c:\documents and settings\skater boy\Local Settings\Application Data\Microsoft Help
2011-02-02 22:26 . 2011-02-02 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-02-02 22:26 . 2011-02-02 22:26 -------- d-----r- C:\MSOCache
2011-02-02 21:39 . 2011-02-02 21:40 -------- d-----w- c:\documents and settings\Administrator
2011-02-02 03:41 . 2011-02-02 03:41 -------- d-sh--w- c:\documents and settings\skater boy\IECompatCache
2011-02-02 03:36 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-02 03:34 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-02 03:34 . 2010-11-06 00:26 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-02 03:34 . 2010-11-06 00:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-02 03:34 . 2010-11-06 00:26 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-02 03:34 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-02 03:34 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-02 03:34 . 2010-11-06 00:26 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-02 03:33 . 2011-02-02 03:34 -------- dc-h--w- c:\windows\ie8
2011-02-02 02:57 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-02 02:56 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-02-02 02:53 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-02-02 02:53 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-02 02:52 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-02-02 02:46 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-02 02:46 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-02-02 02:24 . 2011-02-02 02:24 -------- d-----w- c:\windows\system32\scripting
2011-02-02 02:24 . 2011-02-02 02:24 -------- d-----w- c:\windows\l2schemas
2011-02-02 02:24 . 2011-02-02 02:24 -------- d-----w- c:\windows\system32\en
2011-02-02 02:24 . 2011-02-02 02:24 -------- d-----w- c:\windows\system32\bits
2011-02-02 02:15 . 2011-02-02 02:15 -------- d-----w- c:\windows\EHome
2011-02-02 01:04 . 2011-02-02 01:04 -------- d-----w- c:\documents and settings\skater boy\Application Data\URSoft
2011-02-02 01:04 . 2011-02-02 01:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-02-02 01:04 . 2011-02-02 01:04 -------- d-----w- c:\program files\Your Uninstaller 2010
2011-02-01 18:17 . 2011-02-01 18:17 -------- d-----w- c:\documents and settings\skater boy\Application Data\MSNInstaller
2011-02-01 18:00 . 2005-04-05 22:18 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-02-01 17:58 . 2004-02-19 01:40 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2011-02-01 17:58 . 2003-11-21 23:26 118784 ----a-w- c:\windows\system32\Prounstl.exe
2011-02-01 17:58 . 2003-07-28 14:55 24064 ----a-w- c:\windows\system32\IntelNic.dll
2011-02-01 17:52 . 2011-02-01 17:52 -------- d-----w- c:\program files\Intel
2011-02-01 04:57 . 2011-02-01 04:57 -------- d-----w- c:\windows\system32\VIRepair
2011-02-01 02:30 . 2011-02-01 02:30 -------- d-----w- c:\documents and settings\skater boy\Application Data\Malwarebytes
2011-02-01 02:30 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-01 02:30 . 2011-02-01 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-01 02:30 . 2011-02-01 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-01 02:30 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-01 02:13 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-11 05:06 . 2011-01-11 05:06 -------- d-----w- c:\documents and settings\skater boy\Application Data\Styler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-29 22:20 . 2010-12-29 22:16 5423 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-12-29 22:20 . 2010-12-25 01:59 68698 ----a-w- c:\windows\BricoPackUninst.cmd
2010-12-19 01:42 . 2004-08-04 10:00 218624 ------w- c:\windows\system32\uxtheme.ubx
2010-12-14 01:10 . 2010-12-14 01:10 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2010-01-16 04:27 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 02:53 . 2010-09-11 17:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-13 00:34 . 2010-09-11 17:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2004-08-04 10:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
.

((((((((((((((((((((((((((((( SnapShot_2011-02-02_23.46.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-03 18:03 . 2011-02-03 18:03 16384 c:\windows\temp\Perflib_Perfdata_340.dat
+ 2009-11-16 17:06 . 2009-11-16 17:06 55768 c:\windows\system32\drivers\epfwtdi.sys
+ 2009-06-19 16:10 . 2009-06-19 16:10 33096 c:\windows\system32\drivers\epfwndis.sys
+ 2011-02-03 02:59 . 2011-02-03 02:59 97360 c:\windows\Installer\{BE09FBC2-74BF-42A5-8FFF-12E784BAA42C}\egui.exe
+ 2011-02-03 02:59 . 2011-02-03 02:59 10134 c:\windows\Installer\{BE09FBC2-74BF-42A5-8FFF-12E784BAA42C}\callmsi.exe
+ 2009-11-16 17:06 . 2009-11-16 17:06 135048 c:\windows\system32\drivers\epfw.sys
+ 2009-11-16 17:03 . 2009-11-16 17:03 108792 c:\windows\system32\drivers\ehdrv.sys
+ 2009-11-16 16:56 . 2009-11-16 16:56 116520 c:\windows\system32\drivers\eamon.sys
+ 2011-02-03 02:59 . 2011-02-03 02:59 1134080 c:\windows\Installer\719d2.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2010-02-24 20480]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-2-23 450560]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-05 22:19 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-05 22:22 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-05 22:23 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 22:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj_home.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\Windows Media\\Server\\WMServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 9:04 AM 735960]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/20/2010 2:58 PM 136176]
S3 SMC2208;SMC Compact USB to Ethernet converter;c:\windows\system32\drivers\SMC2208.SYS [9/10/2010 8:11 PM 26525]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 6:03 PM 32408]
.
Contents of the 'Scheduled Tasks' folder

2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 22:58]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 22:58]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-03 14:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
.
Completion time: 2011-02-03 14:52:10
ComboFix-quarantined-files.txt 2011-02-03 22:52
ComboFix2.txt 2011-02-03 22:11
ComboFix3.txt 2011-02-03 19:22
ComboFix4.txt 2011-02-03 18:12
ComboFix5.txt 2011-02-03 22:42

Pre-Run: 37,736,865,792 bytes free
Post-Run: 37,728,935,936 bytes free

- - End Of File - - 446D33F5E46E88BA85B41B04D6991C9B

#11
VenomRx

Posted 04 February 2011 - 04:23 PM

Member

Topic Starter
Member
27 posts

Scan Log
Version of virus signature database: 5846 (20110204)
Date: 2/4/2011 Time: 11:49:15 AM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\;D:\Boot sector;D:\
C:\pagefile.sys - error opening [4]
C:\DELL\drivers\R104515\Lang\esp\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R104515\Lang\ita\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R104515\Lang\ptb\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R104515\Lang\ptg\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R96614\Lang\ESN\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R96614\Lang\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R96614\Lang\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\DELL\drivers\R96614\Lang\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\skater boy\Local Settings\Application Data\Identities\{07642512-7B42-40E3-9649-2DDB462DF26A}\Microsoft\Outlook Express\Deleted Items.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\skater boy\Local Settings\Application Data\Identities\{07642512-7B42-40E3-9649-2DDB462DF26A}\Microsoft\Outlook Express\Outbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\skater boy\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db - error opening [4]
C:\Documents and Settings\skater boy\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow - error opening [4]
C:\Documents and Settings\skater boy\Local Settings\Application Data\{594C1107-FD6F-4F1E-B848-65C41B98BECC}\BRAND_FILES\15082E99\DF6CE20F\SetupDataMngr_iMesh.exe » NSIS » 8080.exe » WISE » iMeshMediaBar.exe » NSIS » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\skater boy\My Documents\LimeWire\Saved\Need.For.Speed.Undercover.EUR.PSP-GLoBAL\nfs.underground.eur.psp.rar » RAR » nfs.underground.eur.psp.iso » ISO » DATA.BIN - archive damaged
C:\Documents and Settings\skater boy\My Documents\Vuze Downloads\Need.For.Speed.Undercover.EUR.PSP-GLoBAL\nfs.underground.eur.psp.rar » RAR » nfs.underground.eur.psp.iso » ISO » DATA.BIN - archive damaged
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » PROCESS_LIBRARY.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » HIRING_REQUISITION_CUSTOMIZED.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » HIRING_REQUISITION.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » TRACK_ISSUES.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Logitech\QCDRV\BIN\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Logitech\QCDRV\BIN\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe - a variant of Win32/Packed.VMProtect.AAA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.ilg - error opening [4]
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 20205.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 20404.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 20601.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 20810.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 21401.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 21670.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 21910.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 22210.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 22601.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 22801.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 23003.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 23201.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 23403.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 23415.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 23801.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 2380171.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 24008.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 24405.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 24602.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 24705.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 24802.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 26202.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 26801.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 27001.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 27201.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 27402.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 27602.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 27801.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 28001.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 28401.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 28602.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 29340.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40401.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40405.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40411.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40413.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40415.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40420.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40427.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40430.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40443.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40446.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40460.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40484.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40486.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40488.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40566.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 40567.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 41302.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 41902.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 42602.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 44020.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 45406.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 50219.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 50503.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 51011.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 52503.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 53001.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 54201.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » 65501.xml - error - password-protected file
C:\Program Files\Verizon Wireless\VZAccess Manager\System\Operators.zip » ZIP » VZW.xml - error - password-protected file
C:\System Volume Information\_restore{9A7FAEED-CC75-4C1E-941A-3302E61F5A8D}\RP7\A0001264.exe - a variant of Win32/Packed.VMProtect.AAA trojan - cleaned by deleting - quarantined [1]
C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 20205.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 20404.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 20601.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 20810.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 21401.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 21670.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 21910.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 22210.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 22601.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 22801.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 23003.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 23201.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 23403.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 23415.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 23801.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 2380171.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 24008.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 24405.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 24602.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 24705.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 24802.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 26202.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 26801.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 27001.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 27201.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 27402.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 27602.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 27801.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 28001.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 28401.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 28602.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 29340.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40401.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40405.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40411.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40413.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40415.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40420.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40427.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40430.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40443.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40446.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40460.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40484.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40486.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40488.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40566.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 40567.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 41302.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 41902.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 42602.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 44020.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 45406.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 50219.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 50503.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 51011.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 52503.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 53001.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 54201.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » 65501.xml - error - password-protected file
C:\WINDOWS\Installer\vzam\VZAccess Manager.msi » MSI » Data1.cab » CAB » operators.zip » ZIP » VZW.xml - error - password-protected file
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest » MIME - is OK (internal scanning not performed)
D:\ - error opening [4]
Number of scanned objects: 140012
Number of threats found: 3
Number of cleaned objects: 3
Time of completion: 12:24:59 PM Total scanning time: 2144 sec (00:35:44)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

#12
VenomRx

Posted 05 February 2011 - 02:44 PM

Member

Topic Starter
Member
27 posts

What next?

#13
ali.B

Posted 06 February 2011 - 04:58 AM

Trusted Helper

Malware Removal
3,086 posts

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.