Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan or worm setup50045.fon

Started by geordy22 , Apr 13 2011 01:26 AM

  • Please log in to reply

#1
geordy22
Posted 13 April 2011 - 01:26 AM

geordy22

    New Member

  • Member
  • Pip
  • 1 posts
Hello guys, my dad brought home a mem stick with some infections on it, and it seems it continuously creates all over the drives the following: "pornmovs.lnk","setup50045", "myporno.avi.lnk", "setup50045.fon" (actually only here: "C:\Documents and Settings\All Users\Documents" and on the memory sticks I connect to the PC). My antivirus (Avira free edition) doesn't see it as a threat unless i try to delete these files or access them. Avira deletes these files but they still pop up.

Please, need some help :D


I scanned my system with aswMBR and with OTL and i get the following logs:

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-03 18:50:12
-----------------------------
18:50:12.171 OS Version: Windows 5.1.2600 Service Pack 3
18:50:12.171 Number of processors: 1 586 0xC00
18:50:12.171 ComputerName: HOME UserName:
18:50:12.531 Initialize success
18:50:15.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
18:50:15.484 Disk 0 Vendor: WDC_WD1600AAJS-00B4A0 01.03A01 Size: 152626MB BusType: 3
18:50:15.484 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000066
18:50:15.500 Disk 1 Vendor: Maxtor_6Y160M0 YAR51HW0 Size: 156333MB BusType: 3
18:50:15.500 Device \Driver\nvatabus -> MajorFunction 86da3718
18:50:15.515 Disk 0 MBR read successfully
18:50:15.515 Disk 0 MBR scan
18:50:15.515 Disk 0 scanning sectors +308225232
18:50:15.546 Disk 0 scanning C:\WINDOWS\system32\drivers
18:50:18.656 Service scanning
18:50:19.468 Disk 0 trace - called modules:
18:50:19.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86da3718]<<
18:50:19.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87183030]
18:50:19.484 3 CLASSPNP.SYS[f753cfd7] -> nt!IofCallDriver -> \Device\00000067[0x87188360]
18:50:19.484 5 ACPI.sys[f73cd620] -> nt!IofCallDriver -> \Device\00000065[0x87167030]
18:50:19.484 \Driver\nvatabus[0x8708ff38] -> IRP_MJ_CREATE -> 0x86da3718
18:50:19.484 Scan finished successfully
aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-03 19:15:54
-----------------------------
19:15:54.703 OS Version: Windows 5.1.2600 Service Pack 3
19:15:54.703 Number of processors: 1 586 0xC00
19:15:54.703 ComputerName: HOME UserName:
19:15:54.890 Initialize success
19:15:57.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
19:15:57.937 Disk 0 Vendor: WDC_WD1600AAJS-00B4A0 01.03A01 Size: 152626MB BusType: 3
19:15:57.937 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000066
19:15:57.937 Disk 1 Vendor: Maxtor_6Y160M0 YAR51HW0 Size: 156333MB BusType: 3
19:15:57.937 Device \Driver\nvatabus -> MajorFunction 86dabdc0
19:15:57.953 Disk 0 MBR read successfully
19:15:57.953 Disk 0 MBR scan
19:15:57.968 Disk 0 scanning sectors +308225232
19:15:58.000 Disk 0 scanning C:\WINDOWS\system32\drivers
19:16:03.593 Service scanning
19:16:06.781 Disk 0 trace - called modules:
19:16:06.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86dabdc0]<<
19:16:06.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87183030]
19:16:06.796 3 CLASSPNP.SYS[f753cfd7] -> nt!IofCallDriver -> \Device\00000067[0x87188360]
19:16:06.796 5 ACPI.sys[f73cd620] -> nt!IofCallDriver -> \Device\00000065[0x87167030]
19:16:06.796 \Driver\nvatabus[0x8708ff38] -> IRP_MJ_CREATE -> 0x86dabdc0
19:16:06.796 Scan finished successfully
aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-13 10:18:10
-----------------------------
10:18:10.640 OS Version: Windows 5.1.2600 Service Pack 3
10:18:10.640 Number of processors: 1 586 0xC00
10:18:10.640 ComputerName: HOME UserName:
10:18:10.765 Initialize success
10:18:13.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
10:18:13.328 Disk 0 Vendor: WDC_WD1600AAJS-00B4A0 01.03A01 Size: 152626MB BusType: 3
10:18:13.328 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000066
10:18:13.328 Disk 1 Vendor: Maxtor_6Y160M0 YAR51HW0 Size: 156333MB BusType: 3
10:18:13.328 Device \Driver\nvatabus -> MajorFunction 86daa5b0
10:18:13.343 Disk 0 MBR read successfully
10:18:13.343 Disk 0 MBR scan
10:18:13.359 Disk 0 scanning sectors +308225232
10:18:13.390 Disk 0 scanning C:\WINDOWS\system32\drivers
10:18:18.265 Service scanning
10:18:19.203 Disk 0 trace - called modules:
10:18:19.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86daa5b0]<<
10:18:19.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87165030]
10:18:19.234 3 CLASSPNP.SYS[f753cfd7] -> nt!IofCallDriver -> \Device\00000067[0x87188360]
10:18:19.234 5 ACPI.sys[f73cd620] -> nt!IofCallDriver -> \Device\00000065[0x87167030]
10:18:19.234 \Driver\nvatabus[0x8708ff38] -> IRP_MJ_CREATE -> 0x86daa5b0
10:18:19.234 Scan finished successfully


OTL LOG:

OTL logfile created on: 13.04.2011 10:19:57 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\George\Desktop\AntiMalware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 546,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 9,88 Gb Free Space | 50,60% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 19,70 Gb Free Space | 67,25% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 10,31 Gb Free Space | 26,38% Space Free | Partition Type: NTFS
Drive F: | 39,06 Gb Total Space | 4,66 Gb Free Space | 11,94% Space Free | Partition Type: NTFS
Drive G: | 49,32 Gb Total Space | 3,95 Gb Free Space | 8,00% Space Free | Partition Type: NTFS
Drive H: | 29,29 Gb Total Space | 2,73 Gb Free Space | 9,31% Space Free | Partition Type: NTFS
Drive I: | 29,28 Gb Total Space | 0,33 Gb Free Space | 1,14% Space Free | Partition Type: FAT32
Drive J: | 29,29 Gb Total Space | 7,77 Gb Free Space | 26,54% Space Free | Partition Type: NTFS
Drive K: | 35,48 Gb Total Space | 33,01 Gb Free Space | 93,03% Space Free | Partition Type: NTFS
Drive N: | 666,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: HOME | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\George\Desktop\AntiMalware\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP)
PRC - C:\WINDOWS\Domino.EXE (Vimicro)
PRC - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\Program Files\Wincmd\wincmd32.exe (C. Ghisler & Co.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\George\Desktop\AntiMalware\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (srvCE8) -- \\?\globalroot\Device\HarddiskVolume1\DOCUME~1\George\LOCALS~1\Temp\srvCE8.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume1\DOCUME~1\George\LOCALS~1\Temp\srvCE8.tmp] ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ZSMC303) -- C:\WINDOWS\system32\drivers\usbVM303.sys (Vimicro Corporation)
DRV - (vmfilter303) -- C:\WINDOWS\system32\drivers\vmfilter303.sys (Vimicro Corporation)
DRV - (w800obex) -- C:\WINDOWS\system32\drivers\w800obex.sys (MCCI)
DRV - (w800mgmt) -- C:\WINDOWS\system32\drivers\w800mgmt.sys (MCCI)
DRV - (w800mdm) -- C:\WINDOWS\system32\drivers\w800mdm.sys (MCCI)
DRV - (w800mdfl) -- C:\WINDOWS\system32\drivers\w800mdfl.sys (MCCI)
DRV - (w800bus) Sony Ericsson W800 driver (WDM) -- C:\WINDOWS\system32\drivers\w800bus.sys (MCCI)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.25 08:52:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.25 08:52:56 | 000,000,000 | ---D | M]

[2010.05.18 15:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Extensions
[2011.04.13 10:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\rk8sm2ji.default\extensions
[2010.12.22 23:54:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\rk8sm2ji.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.03.27 12:01:08 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\rk8sm2ji.default\extensions\[email protected]
[2011.04.13 10:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.12.12 23:09:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.18 16:35:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.28 12:18:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.04.04 23:27:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.06 08:28:46 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011.04.06 08:28:46 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
[2010.05.18 16:35:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.24 00:46:37 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.05.14 16:57:04 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011.03.28 22:53:55 | 000,431,392 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14851 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BigDog303] File not found
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.EXE (Vimicro)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.154.124.1 192.168.123.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O29 - HKLM SecurityProviders - (mycfyuso.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.18 14:48:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.09.16 22:12:09 | 000,000,000 | ---D | M] - H:\Autocad 2007 -- [ NTFS ]
O32 - AutoRun File - [2003.09.14 05:27:21 | 000,000,000 | R--D | M] - N:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [2003.09.14 15:52:36 | 000,001,680 | R--- | M] () - N:\AUTORUN.APM -- [ CDFS ]
O32 - AutoRun File - [2003.08.15 05:13:50 | 000,000,184 | R--- | M] () - N:\AUTORUN.BAK -- [ CDFS ]
O32 - AutoRun File - [2003.04.01 12:00:40 | 001,101,824 | R--- | M] (Indigo Rose Corporation) - N:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2003.08.07 17:03:53 | 000,000,766 | R--- | M] () - N:\AUTORUN.ICO -- [ CDFS ]
O32 - AutoRun File - [2003.09.14 15:52:36 | 000,000,047 | R--- | M] () - N:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4bb83c27-6288-11df-b4d4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4bb83c27-6288-11df-b4d4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4bb83c27-6288-11df-b4d4-806d6172696f}\Shell\AutoRun\command - "" = L:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.04.06 08:35:29 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.04.06 08:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\Search Settings
[2011.04.06 08:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011.04.06 08:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011.04.06 08:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.04.04 23:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.04.04 23:18:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
[2011.04.04 23:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011.04.04 23:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011.04.04 23:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011.04.03 18:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Desktop\AntiMalware
[2011.04.03 18:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\Malwarebytes
[2011.04.03 18:31:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.03 18:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.03 18:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.04.03 18:31:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.03 18:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.03.31 20:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011.03.31 20:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011.03.31 20:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2011.03.19 22:51:48 | 000,000,000 | ---D | C] -- C:\unzipped
[2010.05.18 16:17:09 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2010.05.18 16:17:09 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.04.13 10:20:04 | 000,001,186 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1229272821-682003330-1003UA.job
[2011.04.13 10:13:20 | 000,001,413 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2011.04.13 10:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.04.13 09:52:36 | 000,166,719 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Vedere de ansamblu Model.JPG
[2011.04.13 09:51:04 | 000,032,582 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Vedere de ansamblu Model.TIF
[2011.04.13 09:44:28 | 000,047,201 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Vedere din fata - decupari.JPG
[2011.04.13 09:32:35 | 000,070,502 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Vedere din spate - decupari.JPG
[2011.04.13 08:52:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.13 08:52:07 | 000,017,555 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.04.13 08:52:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.11 23:22:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.04.10 21:09:19 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\autorun.inf
[2011.04.10 21:09:18 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pornmovs.lnk
[2011.04.10 21:09:17 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\myporno.avi.lnk
[2011.04.10 21:08:43 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.04.09 17:20:00 | 000,001,134 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1229272821-682003330-1003Core.job
[2011.04.07 10:59:03 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011.04.06 08:35:29 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.04.04 23:18:01 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011.04.04 23:18:01 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011.04.03 19:14:42 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.03.28 22:53:55 | 000,431,392 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.03.28 22:12:37 | 000,013,046 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\35oas16da8ca103yy71j60
[2011.03.27 09:52:08 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.27 09:52:08 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.26 15:20:51 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Google Chrome.lnk
[2011.03.26 15:20:51 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.03.22 23:32:54 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\George\My Documents\spider.sav
[2011.03.18 22:20:23 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Microsoft Office Word 2003.lnk
[2011.03.17 23:12:01 | 000,468,950 | ---- | M] () -- C:\Documents and Settings\George\Desktop\220-ART 1.pdf
[2011.03.16 21:07:44 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.04.13 09:51:11 | 000,166,719 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Vedere de ansamblu Model.JPG
[2011.04.13 09:50:09 | 000,032,582 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Vedere de ansamblu Model.TIF
[2011.04.13 09:44:28 | 000,047,201 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Vedere din fata - decupari.JPG
[2011.04.13 09:16:51 | 000,070,502 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Vedere din spate - decupari.JPG
[2011.04.10 21:09:14 | 000,065,544 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\setup50045.fon
[2011.04.06 17:27:28 | 000,000,455 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pornmovs.lnk
[2011.04.06 17:27:28 | 000,000,455 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\myporno.avi.lnk
[2011.04.06 17:27:28 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\autorun.inf
[2011.04.06 14:54:49 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011.04.04 23:23:10 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.04.04 23:18:01 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011.04.04 23:18:01 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011.03.28 21:58:48 | 000,013,046 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\35oas16da8ca103yy71j60
[2011.03.17 23:12:00 | 000,468,950 | ---- | C] () -- C:\Documents and Settings\George\Desktop\220-ART 1.pdf
[2011.03.10 22:55:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.01.21 17:23:48 | 000,028,496 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011.01.21 17:23:48 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010.09.08 09:02:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SONYMAP.INI
[2010.08.24 00:05:56 | 000,000,217 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2010.05.21 21:53:53 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\setupfilter.exe
[2010.05.21 21:53:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\VMInstNT.exe
[2010.05.21 21:53:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\VM303UninstNT.exe
[2010.05.21 21:53:52 | 000,024,576 | R--- | C] () -- C:\WINDOWS\VMPipe.dll
[2010.05.19 07:53:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.05.18 17:38:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.05.18 17:37:41 | 000,345,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.05.18 16:22:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.05.18 16:15:23 | 000,001,413 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2010.05.18 15:56:56 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.18 15:19:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.18 15:06:56 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATKCheckDispIDs.dll
[2010.05.18 15:06:56 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2010.05.18 15:06:56 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2010.05.18 15:03:08 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010.05.18 15:03:05 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010.05.18 15:03:04 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.05.18 14:51:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.05.18 14:45:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.14 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 15:00:00 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 15:00:00 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 15:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.08.22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010.05.20 20:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011.03.31 20:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011.04.04 23:18:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
[2010.07.17 08:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Autodesk
[2010.08.24 00:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Foxit Software
[2011.04.06 17:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\IObit
[2010.05.28 13:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\MSNInstaller
[2010.05.18 15:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\OpenOffice.org
[2011.04.06 08:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Search Settings
[2011.03.23 02:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\uTorrent
[2011.04.11 23:22:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011.04.13 10:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >

AND EXTRAS

OTL Extras logfile created on: 13.04.2011 10:19:57 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\George\Desktop\AntiMalware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

1.023,00 Mb Total Physical Memory | 546,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 9,88 Gb Free Space | 50,60% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 19,70 Gb Free Space | 67,25% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 10,31 Gb Free Space | 26,38% Space Free | Partition Type: NTFS
Drive F: | 39,06 Gb Total Space | 4,66 Gb Free Space | 11,94% Space Free | Partition Type: NTFS
Drive G: | 49,32 Gb Total Space | 3,95 Gb Free Space | 8,00% Space Free | Partition Type: NTFS
Drive H: | 29,29 Gb Total Space | 2,73 Gb Free Space | 9,31% Space Free | Partition Type: NTFS
Drive I: | 29,28 Gb Total Space | 0,33 Gb Free Space | 1,14% Space Free | Partition Type: FAT32
Drive J: | 29,29 Gb Total Space | 7,77 Gb Free Space | 26,54% Space Free | Partition Type: NTFS
Drive K: | 35,48 Gb Total Space | 33,01 Gb Free Space | 93,03% Space Free | Partition Type: NTFS
Drive N: | 666,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: HOME | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3392:UDP" = 3392:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)
"3393:UDP" = 3393:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)
"3406:UDP" = 3406:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\George\Desktop\utorrent.exe" = C:\Documents and Settings\George\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{362483B1-91EB-4CB4-B9BB-3B4B4C644404}" = A4TECH PC Camera
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{62B9E29A-BC60-4829-8724-100ACFF7E63D}" = IObit Toolbar v4.3
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ELBALux42" = ELBALux42
"Enable S3 for USB Device" = Enable S3 for USB Device
"Foxit Reader" = Foxit Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Smart Defrag 2_is1" = Smart Defrag 2
"Sony Ericsson W800" = Sony Ericsson W800 Software
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10.04.2011 13:55:52 | Computer Name = HOME | Source = nview_info | ID = 11141121
Description =

Error - 10.04.2011 13:55:56 | Computer Name = HOME | Source = nview_info | ID = 11141121
Description =

Error - 10.04.2011 13:55:56 | Computer Name = HOME | Source = nview_info | ID = 11141121
Description =

Error - 10.04.2011 13:55:56 | Computer Name = HOME | Source = nview_info | ID = 11141121
Description =

Error - 10.04.2011 13:55:57 | Computer Name = HOME | Source = nview_info | ID = 11141121
Description =

Error - 10.04.2011 13:55:57 | Computer Name = HOME | Source = nview_info | ID = 11141121
Description =

Error - 10.04.2011 13:55:57 | Computer Name = HOME | Source = nview_info | ID = 11141121
Description =

Error - 10.04.2011 13:55:57 | Computer Name = HOME | Source = nview_info | ID = 11141121
Description =

Error - 10.04.2011 13:55:57 | Computer Name = HOME | Source = nview_info | ID = 11141121
Description =

Error - 10.04.2011 14:09:02 | Computer Name = HOME | Source = ESENT | ID = 490
Description = svchost (1080) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 10.04.2011 14:08:57 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The srvCE8 service terminated with the following error: %%3221225612

Error - 11.04.2011 13:07:01 | Computer Name = HOME | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume G:.

Error - 11.04.2011 13:07:01 | Computer Name = HOME | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume G:.

Error - 11.04.2011 13:07:30 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The srvCE8 service terminated with the following error: %%3221225612

Error - 12.04.2011 13:29:33 | Computer Name = HOME | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume G:.

Error - 12.04.2011 13:29:33 | Computer Name = HOME | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume G:.

Error - 12.04.2011 13:30:02 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The srvCE8 service terminated with the following error: %%3221225612

Error - 13.04.2011 01:52:03 | Computer Name = HOME | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume G:.

Error - 13.04.2011 01:52:03 | Computer Name = HOME | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume G:.

Error - 13.04.2011 01:52:45 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The srvCE8 service terminated with the following error: %%3221225612


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 13 April 2011 - 09:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

[code=auto:0]

:Services
srvCE8

:OTL
SRV - (srvCE8) -- \\?\globalroot\Device\HarddiskVolume1\DOCUME~1\George\LOCALS~1\Temp\srvCE8.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume1\DOCUME~1\George\LOCALS~1\Temp\srvCE8.tmp] ()
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
[2010.05.18 16:35:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.28 12:18:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
O4 - HKLM..\Run: [BigDog303] File not found
O29 - HKLM SecurityProviders - (mycfyuso.dll) - File not found
O32 - AutoRun File - [2008.09.16 22:12:09 | 000,000,000 | ---D | M] - H:\Autocad 2007 -- [ NTFS ]
O32 - AutoRun File - [2003.09.14 05:27:21 | 000,000,000 | R--D | M] - N:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [2003.09.14 15:52:36 | 000,001,680 | R--- | M] () - N:\AUTORUN.APM -- [ CDFS ]
O32 - AutoRun File - [2003.08.15 05:13:50 | 000,000,184 | R--- | M] () - N:\AUTORUN.BAK -- [ CDFS ]
O32 - AutoRun File - [2003.04.01 12:00:40 | 001,101,824 | R--- | M] (Indigo Rose Corporation) - N:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2003.08.07 17:03:53 | 000,000,766 | R--- | M] () - N:\AUTORUN.ICO -- [ CDFS ]
O32 - AutoRun File - [2003.09.14 15:52:36 | 000,000,047 | R--- | M] () - N:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4bb83c27-6288-11df-b4d4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4bb83c27-6288-11df-b4d4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4bb83c27-6288-11df-b4d4-806d6172696f}\Shell\AutoRun\command - "" = L:\setup.exe
[2011.04.10 21:09:19 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\autorun.inf
[2011.04.10 21:09:18 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pornmovs.lnk
[2011.04.10 21:09:17 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\myporno.avi.lnk
[2011.04.10 21:08:43 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.04.13 10:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.03.28 22:12:37 | 000,013,046 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\35oas16da8ca103yy71j60
[2011.04.10 21:09:14 | 000,065,544 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\setup50045.fon

:Files
C:\DOCUME~1\George\LOCALS~1\Temp\srvCE8.tmp

:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

You probably also want to install AutoRun Eater v2.5
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC.

Uninstall:
IObit Toolbar v4.3
Ask Toolbar
Advanced SystemCare 3
Yahoo! Toolbar
Yahoo! Software Update

1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.


1. Double-click My Computer, and then right-click the hard disk that you want to check. G:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You may receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Download MBRCheck
http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP