Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dr. Watson/ hello4 / office2000 virus

Started by sddwest , Feb 05 2011 08:29 PM

  • This topic is locked This topic is locked

#1
sddwest
Posted 05 February 2011 - 08:29 PM

sddwest

    New Member

  • Member
  • Pip
  • 1 posts
hi! thanks in advance for any help, ive got a million processes running under one user, unless i run safe mode as an admin. mostly unrecognized processes, though office 2000 constantly tries to open itself as well. any ideas? thanks for your time

steven

OTL logfile created on: 2/5/2011 6:17:13 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 417.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.72 Gb Total Space | 38.59 Gb Free Space | 53.80% Space Free | Partition Type: NTFS
Drive D: | 385.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PINKISFAMILYCOM | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/05 18:17:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.com
PRC - [2011/02/05 18:09:53 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe
PRC - [2010/12/10 14:28:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2008/04/13 16:12:31 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\osk.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 03:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MSSWCHX.EXE


========== Modules (SafeList) ==========

MOD - [2011/02/05 18:17:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.com
MOD - [2010/08/29 09:40:42 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/05 17:38:39 | 000,184,832 | ---- | M] (ComponentOne LLC) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\sshnas21.dll -- (SSHNAS)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/02/24 12:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/05 18:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2010/08/24 13:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/07/15 14:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2010/02/17 15:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 15:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 15:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/05/01 07:11:45 | 000,049,536 | R--- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tiehdusb.sys -- (TIEHDUSB)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/05 18:21:48 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/05 18:21:37 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/02/05 18:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/05 18:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2008/02/05 18:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 18:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (LVcKap)
DRV - [2006/09/25 15:40:23 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/09/25 15:38:40 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2004/08/13 00:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/12 23:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/12 23:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/12 23:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/12 23:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/12 23:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/12 23:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/12 23:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/12 23:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/12 23:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 01:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 09:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 09:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {3CC50790-CD5E-4CEC-B421-284869267D44}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/11 16:06:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/29 09:40:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3CC50790-CD5E-4CEC-B421-284869267D44}: C:\Documents and Settings\Pat\Local Settings\Application Data\{3CC50790-CD5E-4CEC-B421-284869267D44} [2011/02/04 23:33:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 07:42:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/17 14:46:54 | 000,000,000 | ---D | M]

[2011/02/05 17:58:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/05 18:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xli38k6u.default\extensions
[2011/02/05 18:08:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xli38k6u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/05 16:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/29 09:40:43 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/04 23:33:29 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\PAT\LOCAL SETTINGS\APPLICATION DATA\{3CC50790-CD5E-4CEC-B421-284869267D44}
[2009/03/02 23:39:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/11 16:06:26 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2004/11/12 19:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2006/06/21 18:42:44 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/07/24 08:56:49 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2011/02/05 17:00:30 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2portalmon .exe ()
O4 - HKLM..\Run: [cftmon] C:\WINDOWS\SYSTEM32\bsdy.exe (MetaQuotes Software Corp.)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Pat\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mruzokexaquve] C:\WINDOWS\osodasodefak.dll ()
O4 - HKLM..\Run: [oponlksys] C:\WINDOWS\System32\efdbxx.dll (foobar2000.org)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe ()
O4 - HKLM..\Run: [SmartIndex] C:\WINDOWS\temp\_ex-08.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe ()
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (efdbxx.dll) - C:\WINDOWS\System32\efdbxx.dll (foobar2000.org)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/18 12:22:14 | 000,000,000 | ---D | M] - C:\Auto -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/01 07:11:45 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/05 18:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/02/05 18:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/02/05 18:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/02/05 17:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/02/05 17:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/02/05 17:41:42 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\bsdy.exe
[2011/02/05 17:40:47 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\fjaph.exe
[2011/02/05 17:35:30 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\qflmx.exe
[2011/02/05 17:22:28 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\tcdu.exe
[2011/02/05 17:18:02 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\glon.exe
[2011/02/05 17:10:20 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\wtdm.exe
[2011/02/05 17:10:04 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\vbrr.exe
[2011/02/05 17:09:32 | 000,135,680 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Drosae .exe
[2011/02/05 17:09:22 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pfxp.exe
[2011/02/05 17:08:55 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pbsz.exe
[2011/02/05 17:06:27 | 000,184,832 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\System32\sshnas21.dll
[2011/02/05 17:06:23 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\sigl.exe
[2011/02/05 17:06:23 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\jejm.exe
[2011/02/05 17:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2011/02/05 17:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/02/05 17:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/02/05 00:32:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/02/05 00:32:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/02/05 00:32:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/02/05 00:32:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/02/05 00:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/02/05 00:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sonic
[2011/02/05 00:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/02/05 00:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/02/05 00:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/02/05 00:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
[2011/02/05 00:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2011/02/05 00:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2011/02/05 00:32:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/02/05 00:32:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/02/05 00:32:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/02/05 00:32:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/02/05 00:32:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/02/05 00:32:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/02/05 00:32:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/02/05 00:32:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/02/05 00:32:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/02/05 00:32:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/02/05 00:32:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/02/05 00:32:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/02/05 00:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dell Accessories
[2011/02/05 00:19:37 | 000,136,704 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Drosad .exe
[2011/02/05 00:17:21 | 000,136,704 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Drosac .exe
[2011/02/05 00:16:13 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\wdrq.exe
[2011/02/05 00:14:01 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pnnp.exe
[2011/02/05 00:07:57 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\vldm.exe
[2011/02/05 00:04:56 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\yfxt.exe
[2011/02/04 23:55:19 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\orzcl.exe
[2011/02/04 23:37:55 | 000,136,704 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Drosab .exe
[2011/02/04 23:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/02/04 23:32:41 | 000,136,704 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Drosaa.exe
[2011/02/04 23:32:25 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\enda.exe
[2011/02/04 23:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/02/04 23:31:05 | 000,116,224 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\efdbxx.dll
[2011/02/04 23:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mAgHgNp15400
[2011/02/04 21:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/02/04 21:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/01/27 17:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/27 17:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/18 16:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/01/13 18:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/09 21:37:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/01/09 21:37:02 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2011/01/09 21:36:52 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[24 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/05 18:17:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1561388835-3151568017-1682837001-500.job
[2011/02/05 18:17:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1561388835-3151568017-1682837001-500.job
[2011/02/05 17:57:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/02/05 17:57:30 | 000,035,339 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/02/05 17:56:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/02/05 17:54:26 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/05 17:47:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/05 17:41:42 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\bsdy.exe
[2011/02/05 17:41:42 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\winset.ini
[2011/02/05 17:41:13 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/05 17:40:48 | 000,092,692 | ---- | M] () -- C:\WINDOWS\Drosae.exe
[2011/02/05 17:40:47 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\fjaph.exe
[2011/02/05 17:40:15 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/05 17:38:39 | 000,184,832 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\System32\sshnas21.dll
[2011/02/05 17:35:34 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\delme.bat
[2011/02/05 17:35:30 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\qflmx.exe
[2011/02/05 17:22:28 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\tcdu.exe
[2011/02/05 17:18:02 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\glon.exe
[2011/02/05 17:10:20 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\wtdm.exe
[2011/02/05 17:10:04 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\vbrr.exe
[2011/02/05 17:09:22 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pfxp.exe
[2011/02/05 17:08:55 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pbsz.exe
[2011/02/05 17:06:31 | 000,135,680 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\Drosae .exe
[2011/02/05 17:06:23 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\sigl.exe
[2011/02/05 17:06:23 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\jejm.exe
[2011/02/05 17:01:38 | 000,092,684 | ---- | M] () -- C:\WINDOWS\Drosad .exe
[2011/02/05 16:50:51 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1561388835-3151568017-1682837001-1006.job
[2011/02/05 16:50:45 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Nsore.dat
[2011/02/05 16:50:44 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1561388835-3151568017-1682837001-1006.job
[2011/02/05 16:47:17 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/05 16:46:44 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\tasks\Rlcehegl.job
[2011/02/05 15:11:01 | 000,092,680 | ---- | M] () -- C:\WINDOWS\Drosad.exe
[2011/02/05 00:17:49 | 000,092,704 | ---- | M] () -- C:\WINDOWS\Drosac.exe
[2011/02/05 00:17:36 | 000,136,704 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\Drosad .exe
[2011/02/05 00:16:13 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\wdrq.exe
[2011/02/05 00:15:43 | 000,136,704 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\Drosac .exe
[2011/02/05 00:14:01 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pnnp.exe
[2011/02/05 00:13:03 | 000,092,696 | ---- | M] () -- C:\WINDOWS\Drosab .exe
[2011/02/05 00:12:15 | 000,092,688 | ---- | M] () -- C:\WINDOWS\Drosab.exe
[2011/02/05 00:07:57 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\vldm.exe
[2011/02/05 00:04:56 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\yfxt.exe
[2011/02/05 00:00:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Clipilucipi.bin
[2011/02/04 23:55:19 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\orzcl.exe
[2011/02/04 23:35:41 | 000,136,704 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\Drosab .exe
[2011/02/04 23:32:44 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\mfc71X.dll
[2011/02/04 23:32:25 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\enda.exe
[2011/02/04 23:32:23 | 000,136,704 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\Drosaa.exe
[2011/02/04 23:31:05 | 000,116,224 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\efdbxx.dll
[2011/02/04 21:23:03 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/04 18:30:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D9GM2F61-Pat).job
[2011/02/03 17:51:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/01 01:00:06 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2011/01/30 14:45:19 | 000,000,031 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011/01/27 17:43:28 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/15 01:23:36 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2011/01/13 06:48:30 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/13 06:48:29 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[24 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/05 18:05:31 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1561388835-3151568017-1682837001-500.job
[2011/02/05 18:05:31 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1561388835-3151568017-1682837001-500.job
[2011/02/05 17:09:32 | 000,092,692 | ---- | C] () -- C:\WINDOWS\Drosae.exe
[2011/02/05 08:23:55 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/05 00:32:28 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/05 00:32:28 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/02/05 00:32:28 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/05 00:32:28 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/02/05 00:32:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/02/05 00:32:26 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/02/05 00:32:26 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/02/05 00:32:26 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/02/05 00:19:37 | 000,092,684 | ---- | C] () -- C:\WINDOWS\Drosad .exe
[2011/02/05 00:19:37 | 000,092,680 | ---- | C] () -- C:\WINDOWS\Drosad.exe
[2011/02/05 00:17:21 | 000,092,704 | ---- | C] () -- C:\WINDOWS\Drosac.exe
[2011/02/04 23:55:51 | 000,000,280 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/04 23:55:23 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\delme.bat
[2011/02/04 23:37:55 | 000,092,696 | ---- | C] () -- C:\WINDOWS\Drosab .exe
[2011/02/04 23:37:55 | 000,092,688 | ---- | C] () -- C:\WINDOWS\Drosab.exe
[2011/02/04 23:33:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Nsore.dat
[2011/02/04 23:33:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Clipilucipi.bin
[2011/02/04 23:32:53 | 000,000,280 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/04 23:32:47 | 000,000,302 | -HS- | C] () -- C:\WINDOWS\tasks\Rlcehegl.job
[2011/02/04 23:32:44 | 000,135,168 | RHS- | C] () -- C:\WINDOWS\System32\mfc71X.dll
[2011/02/04 23:32:23 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\winset.ini
[2011/01/27 17:43:28 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/26 14:43:40 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2010/01/26 14:43:17 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/01/26 14:43:08 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2010/01/26 14:43:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2010/01/26 14:42:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2010/01/26 14:42:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2010/01/26 14:42:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2010/01/26 14:42:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2010/01/26 14:42:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2010/01/26 14:42:50 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2010/01/26 14:42:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010/01/26 14:41:26 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2010/01/26 14:41:26 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2010/01/26 14:41:26 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2010/01/26 14:41:26 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2010/01/26 14:41:23 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2010/01/26 14:41:22 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2010/01/26 14:40:01 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2009/06/04 23:01:06 | 009,214,464 | ---- | C] () -- C:\WINDOWS\avcodec-52.dll
[2009/06/04 23:01:06 | 000,745,984 | ---- | C] () -- C:\WINDOWS\avformat-52.dll
[2009/06/04 23:01:06 | 000,218,624 | ---- | C] () -- C:\WINDOWS\swscale-0.dll
[2009/06/04 23:01:06 | 000,070,144 | ---- | C] () -- C:\WINDOWS\avutil-50.dll
[2009/05/10 22:06:35 | 000,000,063 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2009/05/10 08:18:42 | 000,060,416 | ---- | C] () -- C:\WINDOWS\zlib1.dll
[2009/05/10 08:17:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\libpng13.dll
[2009/05/09 11:57:14 | 000,122,368 | ---- | C] () -- C:\WINDOWS\lua5.1.dll
[2009/02/14 21:49:05 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/02/05 18:20:08 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/07/29 12:59:21 | 000,000,635 | ---- | C] () -- C:\WINDOWS\ef.INI
[2006/09/25 15:40:22 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/09/25 15:38:40 | 000,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/09/25 15:38:40 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0749.sys
[2006/06/21 18:06:37 | 000,000,495 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/13 18:05:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/02/26 19:12:22 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/03/31 18:52:49 | 000,000,117 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2005/02/27 15:04:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/24 20:05:23 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/02/18 15:00:04 | 000,007,243 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2005/02/18 14:59:23 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/02/18 13:04:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/30 14:57:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/30 14:52:04 | 000,000,289 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/30 14:24:36 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 20:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 11:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 03:00:00 | 000,253,952 | ---- | C] () -- C:\WINDOWS\osodasodefak.dll
[2004/08/04 03:00:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\tseqer.dll
[2004/08/04 03:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/02/20 12:36:34 | 000,416,256 | ---- | C] () -- C:\WINDOWS\exchndl.dll
[1999/01/22 10:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1979/12/31 22:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

< End of report >
  • 0

Advertisements

#2
ali.B
Posted 06 February 2011 - 05:19 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O4 - HKLM..\Run: [cftmon] C:\WINDOWS\SYSTEM32\bsdy.exe (MetaQuotes Software Corp.)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Pat\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [Mruzokexaquve] C:\WINDOWS\osodasodefak.dll ()
O4 - HKLM..\Run: [oponlksys] C:\WINDOWS\System32\efdbxx.dll (foobar2000.org)
O4 - HKLM..\Run: [SmartIndex] C:\WINDOWS\temp\_ex-08.exe ()
O30 - LSA: Authentication Packages - (efdbxx.dll) - C:\WINDOWS\System32\efdbxx.dll (foobar2000.org)
[2011/02/05 17:41:42 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\bsdy.exe
[2011/02/05 17:40:47 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\fjaph.exe
[2011/02/05 17:35:30 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\qflmx.exe
[2011/02/05 17:22:28 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\tcdu.exe
[2011/02/05 17:18:02 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\glon.exe
[2011/02/05 17:10:20 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\wtdm.exe
[2011/02/05 17:10:04 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\vbrr.exe
[2011/02/05 17:09:32 | 000,135,680 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Drosae .exe
[2011/02/05 17:09:22 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pfxp.exe
[2011/02/05 17:08:55 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pbsz.exe
[2011/02/05 17:06:27 | 000,184,832 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\System32\sshnas21.dll
[2011/02/05 17:06:23 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\sigl.exe
[2011/02/05 17:06:23 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\jejm.exe
[2011/02/05 17:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/02/05 17:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2011/02/05 00:19:37 | 000,136,704 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Drosad .exe
[2011/02/05 00:17:21 | 000,136,704 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Drosac .exe
[2011/02/05 00:16:13 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\wdrq.exe
[2011/02/05 00:14:01 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pnnp.exe
[2011/02/05 00:07:57 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\vldm.exe
[2011/02/05 00:04:56 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\yfxt.exe
[2011/02/04 23:55:19 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\orzcl.exe
[2011/02/04 23:37:55 | 000,136,704 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Drosab .exe
[2011/02/04 23:32:41 | 000,136,704 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\Drosaa.exe
[2011/02/04 23:32:25 | 000,326,656 | ---- | C] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\enda.exe
[2011/02/04 23:31:05 | 000,116,224 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\efdbxx.dll
[2011/02/05 17:54:26 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/02/05 17:41:13 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/02/05 17:40:48 | 000,092,692 | ---- | M] () -- C:\WINDOWS\Drosae.exe
[2011/02/05 17:40:47 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\fjaph.exe
[2011/02/05 17:40:15 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/02/05 17:38:39 | 000,184,832 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\System32\sshnas21.dll
[2011/02/05 17:35:34 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\delme.bat
[2011/02/05 17:35:30 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\qflmx.exe
[2011/02/05 17:22:28 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\tcdu.exe
[2011/02/05 17:18:02 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\glon.exe
[2011/02/05 17:10:20 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\wtdm.exe
[2011/02/05 17:10:04 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\vbrr.exe
[2011/02/05 17:09:22 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pfxp.exe
[2011/02/05 17:08:55 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pbsz.exe
[2011/02/05 17:06:31 | 000,135,680 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\Drosae .exe
[2011/02/05 17:06:23 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\sigl.exe
[2011/02/05 17:06:23 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\jejm.exe
[2011/02/05 17:01:38 | 000,092,684 | ---- | M] () -- C:\WINDOWS\Drosad .exe
[2011/02/05 15:11:01 | 000,092,680 | ---- | M] () -- C:\WINDOWS\Drosad.exe
[2011/02/05 00:17:49 | 000,092,704 | ---- | M] () -- C:\WINDOWS\Drosac.exe
[2011/02/05 00:17:36 | 000,136,704 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\Drosad .exe
[2011/02/05 00:16:13 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\wdrq.exe
[2011/02/05 00:15:43 | 000,136,704 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\Drosac .exe
[2011/02/05 00:14:01 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\pnnp.exe
[2011/02/05 00:13:03 | 000,092,696 | ---- | M] () -- C:\WINDOWS\Drosab .exe
[2011/02/05 00:12:15 | 000,092,688 | ---- | M] () -- C:\WINDOWS\Drosab.exe
[2011/02/05 00:07:57 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\vldm.exe
[2011/02/05 00:04:56 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\yfxt.exe
[2011/02/04 23:32:44 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\mfc71X.dll
[2011/02/04 23:32:25 | 000,326,656 | ---- | M] (MetaQuotes Software Corp.) -- C:\WINDOWS\System32\enda.exe
[2011/02/04 23:32:23 | 000,136,704 | ---- | M] (ComponentOne LLC) -- C:\WINDOWS\Drosaa.exe
[2011/02/04 23:31:05 | 000,116,224 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\efdbxx.dll

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Things I would like to see in your reply:
  • OTL log
  • Combofix.txt

  • 0

#3
ali.B
Posted 09 February 2011 - 01:18 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP