Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/Olmarik Trojan Removal Help

Started by SootyWI , Apr 17 2011 07:06 PM

  • Please log in to reply

#1
SootyWI
Posted 17 April 2011 - 07:06 PM

SootyWI

    New Member

  • Member
  • Pip
  • 1 posts
Hey all, Firstly thanks to all that contribute with this....
ESET NOD32 4.2.71.2 (with latest definitions) has picked up "Win32/Olmarik Trojan", I've tried using 'malware bytes Anti malware' and 'superantispyware' to remove, but no luck.. And ESET NOD32 Certainly won't remove.
However, Mbam and superantispyware did remove some of the trojan??/other virsues/trogans but NOD32 still picks up "Win32/Olmarik Trojan". And when the computer is connected to the computer, ESET Nod32 blocks the attacks from such trojan.

Attached is the OTL Log

OTL logfile created on: 4/18/2011 10:57:02 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Toshiba\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.32 Gb Total Space | 17.18 Gb Free Space | 6.00% Space Free | Partition Type: NTFS
Drive F: | 963.70 Mb Total Space | 163.03 Mb Free Space | 16.92% Space Free | Partition Type: FAT

Computer Name: TOSHIBA-PC | User Name: Toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Toshiba\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Users\Toshiba\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (Epfwndis) -- C:\Windows\System32\drivers\epfwndis.sys (ESET)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (RTL2831UUSB) -- C:\Windows\System32\drivers\RTL2831UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2831UBDA) -- C:\Windows\System32\drivers\RTL2831UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tos_sps32) -- C:\windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (LPCFilter) -- C:\windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (HPx9G+) -- C:\Windows\System32\drivers\HPx9G2k.sys (KINPOSH)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.co....php?rvs=google
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMes1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMes1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/04/16 13:54:54 | 000,000,000 | ---D | M]

[2010/04/12 18:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Extensions
[2010/03/20 06:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/04/12 18:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\extensions
[2010/04/12 18:19:29 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]

O1 HOSTS File: ([2011/04/16 22:02:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMes1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Australia Toolbar) - {EA0969B3-6E12-4AC0-B6C9-148E81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMes1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/18 10:55:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2011/04/18 10:53:09 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{4F10E9A1-83A0-4F94-90F5-7B60A8350C33}
[2011/04/17 11:43:18 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/04/17 11:41:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/17 11:23:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/04/17 10:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011/04/17 10:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/04/17 10:37:59 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{D0303F00-79C5-4D7D-98DA-4B71F40A5497}
[2011/04/17 10:11:27 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{214B1FBB-3A8C-4BAB-95D3-A43550CCDBAC}
[2011/04/16 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{38B8862C-4CB7-4F13-84CA-363E6212BC39}
[2011/04/16 22:21:07 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011/04/16 22:20:43 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Sunbelt Software
[2011/04/16 22:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/04/16 22:05:38 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\temp
[2011/04/16 19:05:06 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/16 19:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/16 19:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/16 19:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Apps
[2011/04/16 17:10:22 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Malwarebytes
[2011/04/16 17:10:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/16 17:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/16 17:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/16 17:10:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/16 17:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/16 13:56:15 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\ESET
[2011/04/16 13:56:15 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\ESET
[2011/04/16 13:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/04/16 13:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/04/16 13:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/16 11:20:22 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/04/16 11:18:43 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/04/16 11:18:31 | 000,000,000 | ---D | C] -- C:\63eea4a7df5862e981c292cb
[2011/04/16 11:10:52 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll
[2011/04/16 10:37:17 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{36FECADB-55F1-4913-9C05-97E06D04DD0C}
[2011/04/15 23:17:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\ToggleEN
[2011/04/15 23:17:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\ConduitEngine
[2011/04/15 22:37:06 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{B8C48358-4E13-4769-A405-CB3A3B9677D4}
[2011/04/15 10:36:40 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{ABB7B861-79F3-496E-8C99-6D84BB6352EB}
[2011/04/14 19:30:21 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{F9E701CF-3127-4F6C-B024-B0B901EFDC3E}
[2011/04/14 07:29:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{A309CC34-B38B-44A7-B88F-A4CB0862F8B0}
[2011/04/13 10:55:57 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{932A0323-3E52-48EA-94FE-59D93E4254DD}
[2011/04/12 22:16:41 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{3DE9C516-7ED0-4F8C-878C-5718E8ED0F02}
[2011/04/12 10:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/04/12 10:16:16 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{1AB05C69-3E09-4243-8215-36E5E4A52472}
[2011/04/11 14:15:56 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\The White Wolf of Icicle Creek
[2011/04/11 12:31:58 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{67CEFC8D-EC27-4E88-B179-7D88354BB6CF}
[2011/04/11 12:25:25 | 000,000,000 | ---D | C] -- C:\windows\en
[2011/04/11 12:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/04/11 12:10:00 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2011/04/11 10:55:14 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{4A2ADBCA-97EE-4FDF-83C7-4EC093662A08}
[2011/04/10 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{275B0EDC-09AF-4D14-91CC-354B32D0B857}
[2011/04/10 08:59:49 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{3B2A8FF1-D5D0-4922-82D2-25197B41E197}
[2011/04/10 04:44:44 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{E15B8016-B3BC-4666-84A7-E70656F522BD}
[2011/04/09 16:42:50 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{170C386D-E6F3-4548-AFFB-90FDB0622129}
[2011/04/09 16:37:36 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{64A13EA7-93A4-4DFF-B19C-8324770422A5}
[2011/04/09 16:31:50 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{5019AE5F-F43C-45B3-AEEB-B052B4038428}
[2011/04/08 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{8D0F83BD-32CA-4B5C-ACC4-76522FA1D4C8}
[2011/04/06 16:48:15 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{3E8E4C44-A5CF-4029-A354-DE84D102E5C1}
[2011/04/05 20:12:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{50D133E7-6427-43A2-A0DA-F22D0E86EB68}
[2011/04/05 08:12:14 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{3ACD002D-9243-43F7-892A-ECC7F7755C8B}
[2011/04/04 16:47:59 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{8FBD8347-DDBB-4584-B076-D48FADA51B61}
[2011/04/03 20:05:03 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{AF58581A-C43C-4FCF-8751-17FFA5F93DFC}
[2011/04/02 09:09:52 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Heritage Key VX Viewer
[2011/04/02 08:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit
[2011/04/02 08:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/03/28 19:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011/03/28 19:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/03/26 10:23:03 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\FrostWire
[2011/03/26 10:19:13 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/03/26 09:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/18 10:53:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2011/04/18 10:52:56 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 10:52:50 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 10:52:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/17 16:28:50 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/17 16:28:50 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/17 16:12:41 | 2388,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/17 10:40:37 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/04/16 22:39:04 | 000,301,568 | ---- | M] () -- C:\Users\Toshiba\Desktop\gmer.exe
[2011/04/16 22:38:38 | 000,625,664 | ---- | M] () -- C:\Users\Toshiba\Desktop\dds.scr
[2011/04/16 22:21:07 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011/04/16 22:02:16 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/04/16 19:05:17 | 000,675,168 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/16 19:05:17 | 000,128,254 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/16 19:05:02 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 18:58:42 | 004,322,269 | R--- | M] () -- C:\Users\Toshiba\Desktop\ComboFix.exe
[2011/04/16 17:24:12 | 000,013,492 | -HS- | M] () -- C:\Users\Toshiba\AppData\Local\2901571632
[2011/04/16 17:24:12 | 000,013,492 | -HS- | M] () -- C:\ProgramData\2901571632
[2011/04/16 17:10:18 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/16 11:51:20 | 000,000,120 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\Kcejonevozujit.dat
[2011/04/16 11:51:12 | 000,000,000 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\Idorap.bin
[2011/04/16 11:50:25 | 000,001,382 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/16 11:43:10 | 000,441,568 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/16 11:30:54 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2011/04/11 17:19:27 | 000,000,026 | ---- | M] () -- C:\windows\TLCAPPS.INI
[2011/04/04 20:58:01 | 000,005,027 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\elahemofivu.dll
[2011/04/03 17:10:48 | 000,001,886 | ---- | M] () -- C:\Users\Toshiba\Desktop\Paint.lnk
[2011/04/02 08:13:57 | 000,001,294 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit.lnk
[2011/04/02 08:13:57 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit.lnk
[2011/03/26 10:19:13 | 000,001,216 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/03/26 10:19:13 | 000,001,192 | ---- | M] () -- C:\Users\Toshiba\Desktop\FrostWire 4.21.5.lnk
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/17 10:40:37 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/04/16 22:42:02 | 000,301,568 | ---- | C] () -- C:\Users\Toshiba\Desktop\gmer.exe
[2011/04/16 22:41:56 | 000,625,664 | ---- | C] () -- C:\Users\Toshiba\Desktop\dds.scr
[2011/04/16 19:05:02 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 19:03:58 | 004,322,269 | R--- | C] () -- C:\Users\Toshiba\Desktop\ComboFix.exe
[2011/04/16 17:10:18 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/16 11:30:54 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2011/04/16 11:12:19 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd
[2011/04/16 11:10:16 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml
[2011/04/16 11:09:59 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml
[2011/04/15 13:22:00 | 000,013,492 | -HS- | C] () -- C:\Users\Toshiba\AppData\Local\2901571632
[2011/04/15 13:22:00 | 000,013,492 | -HS- | C] () -- C:\ProgramData\2901571632
[2011/04/12 10:19:03 | 000,001,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2011/04/12 10:19:03 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2011/04/04 20:58:01 | 000,005,027 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\elahemofivu.dll
[2011/04/02 10:58:49 | 000,000,120 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\Kcejonevozujit.dat
[2011/04/02 10:58:49 | 000,000,000 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\Idorap.bin
[2011/04/02 08:13:57 | 000,001,294 | ---- | C] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit.lnk
[2011/04/02 08:13:57 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\HP 40gs, 39gs, 39G+, 39G Calculator Connectivity Kit.lnk
[2011/03/26 10:19:13 | 000,001,216 | ---- | C] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/03/26 10:19:13 | 000,001,192 | ---- | C] () -- C:\Users\Toshiba\Desktop\FrostWire 4.21.5.lnk
[2011/01/08 16:48:40 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/12/19 16:33:27 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/12/05 11:11:44 | 000,000,000 | ---- | C] () -- C:\windows\Game.INI
[2010/12/03 10:17:45 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2010/11/04 19:16:33 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/11/04 19:16:33 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/11/04 19:16:33 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2010/11/04 19:16:33 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/11/04 19:16:33 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/11/04 18:48:33 | 000,000,006 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\start
[2010/11/02 15:12:07 | 000,212,616 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2010/09/04 14:49:51 | 000,000,291 | ---- | C] () -- C:\windows\EReg077.dat
[2010/09/04 14:47:19 | 000,000,026 | ---- | C] () -- C:\windows\TLCAPPS.INI
[2010/07/29 19:59:16 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2010/04/28 16:25:19 | 000,022,328 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2010/04/28 16:25:19 | 000,022,328 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\PnkBstrK.sys
[2010/04/28 16:24:53 | 000,103,736 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2010/04/28 16:24:47 | 000,066,872 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2010/04/03 17:54:12 | 000,056,832 | ---- | C] () -- C:\windows\System32\iyvu9_32.dll
[2010/01/18 12:42:11 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/01/18 12:27:34 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/01/18 12:23:17 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010/01/18 12:23:17 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010/01/18 12:19:13 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/01/18 12:16:21 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2010/01/18 12:16:21 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2010/01/18 12:16:21 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2010/01/18 12:09:46 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 14:33:53 | 000,441,568 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,675,168 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,128,254 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 08:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 08:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 08:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 08:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/04/28 22:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2007/09/06 10:01:22 | 000,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
[2007/08/24 02:55:34 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll

========== LOP Check ==========

[2010/12/05 08:53:23 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/11/30 14:18:41 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Big Fish Games
[2010/11/30 13:02:29 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\blg
[2011/02/05 14:37:23 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Boomzap
[2011/02/22 18:12:23 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DAEMON Tools Lite
[2011/01/08 16:04:04 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ERS Game Studios
[2011/04/16 13:56:15 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ESET
[2011/01/08 11:38:17 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\FlyWheelGames
[2010/12/03 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\ForgottenRiddles
[2011/04/16 10:23:52 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\FrostWire
[2011/01/08 16:48:39 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Ghost Ship Studios
[2011/04/11 17:32:31 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Heritage Key VX Viewer
[2010/11/24 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\LimeWire
[2010/12/03 12:47:42 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Magnet's Story
[2010/03/20 07:31:26 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\MessengerGadget
[2011/01/10 14:01:24 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Mystery of Mortlake Mansion
[2011/01/15 12:02:49 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Namco
[2010/12/30 12:02:15 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\OpenCandy
[2010/11/30 12:49:06 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Scholastic
[2010/04/02 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Tific
[2010/04/11 13:32:32 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Toshiba
[2010/10/24 13:39:01 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Windows Live Writer
[2011/03/31 15:41:36 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:A88BE334
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:B73EC53A
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:88981452
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:9732698E
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:938EB9FC
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2495D97A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A5584049
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:9D86EE01
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D47B19A6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C0893153
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A1460B2A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:7ADB695A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3313A48D

< End of report >

Thanks again to all those who contribute, your help is greatly appreciated.
I will be donating :D

Attached Files

  • Attached File  OTL.Txt   72.73KB   78 downloads

  • 0

Advertisements

#2
RKinner
Posted 18 April 2011 - 01:19 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Uninstall:
Frostfire (nothing but a virus delivery mechanism)
Ask Toolbar (Limewire Toolbar) (Foistware)
Limewire (only marginally better than Frostfire)
ToggleEN (never trust anything from Conduit)
ConduitEngine (never trust anything from Conduit)
Messenger_Plus_Live_Australia (never trust anything from Conduit)

Copy the text between the lines of stars by highlighting and Ctrl + c
********************************************************************
:OTL
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMes1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMes1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\prxtbTog0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Australia Toolbar) - {EA0969B3-6E12-4AC0-B6C9-148E81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMes1.dll (Conduit Ltd.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/04/18 10:53:09 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{4F10E9A1-83A0-4F94-90F5-7B60A8350C33}
[2011/04/17 10:37:59 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{D0303F00-79C5-4D7D-98DA-4B71F40A5497}
[2011/04/17 10:11:27 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{214B1FBB-3A8C-4BAB-95D3-A43550CCDBAC}
[2011/04/16 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{38B8862C-4CB7-4F13-84CA-363E6212BC39}
[2011/04/16 10:37:17 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{36FECADB-55F1-4913-9C05-97E06D04DD0C}
[2011/04/15 22:37:06 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{B8C48358-4E13-4769-A405-CB3A3B9677D4}
[2011/04/15 10:36:40 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{ABB7B861-79F3-496E-8C99-6D84BB6352EB}
[2011/04/14 19:30:21 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{F9E701CF-3127-4F6C-B024-B0B901EFDC3E}
[2011/04/14 07:29:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{A309CC34-B38B-44A7-B88F-A4CB0862F8B0}
[2011/04/13 10:55:57 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{932A0323-3E52-48EA-94FE-59D93E4254DD}
[2011/04/12 22:16:41 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{3DE9C516-7ED0-4F8C-878C-5718E8ED0F02}
[2011/04/12 10:16:16 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{1AB05C69-3E09-4243-8215-36E5E4A52472}
[2011/04/11 12:31:58 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{67CEFC8D-EC27-4E88-B179-7D88354BB6CF}
[2011/04/11 10:55:14 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{4A2ADBCA-97EE-4FDF-83C7-4EC093662A08}
[2011/04/10 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{275B0EDC-09AF-4D14-91CC-354B32D0B857}
[2011/04/10 08:59:49 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{3B2A8FF1-D5D0-4922-82D2-25197B41E197}
[2011/04/10 04:44:44 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{E15B8016-B3BC-4666-84A7-E70656F522BD}
[2011/04/09 16:42:50 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{170C386D-E6F3-4548-AFFB-90FDB0622129}
[2011/04/09 16:37:36 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{64A13EA7-93A4-4DFF-B19C-8324770422A5}
[2011/04/09 16:31:50 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{5019AE5F-F43C-45B3-AEEB-B052B4038428}
[2011/04/08 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{8D0F83BD-32CA-4B5C-ACC4-76522FA1D4C8}
[2011/04/06 16:48:15 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{3E8E4C44-A5CF-4029-A354-DE84D102E5C1}
[2011/04/05 20:12:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{50D133E7-6427-43A2-A0DA-F22D0E86EB68}
[2011/04/05 08:12:14 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{3ACD002D-9243-43F7-892A-ECC7F7755C8B}
[2011/04/04 16:47:59 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{8FBD8347-DDBB-4584-B076-D48FADA51B61}
[2011/04/03 20:05:03 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\{AF58581A-C43C-4FCF-8751-17FFA5F93DFC}
[2011/04/15 13:22:00 | 000,013,492 | -HS- | C] () -- C:\Users\Toshiba\AppData\Local\2901571632
[2011/04/15 13:22:00 | 000,013,492 | -HS- | C] () -- C:\ProgramData\2901571632
[2011/04/04 20:58:01 | 000,005,027 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\elahemofivu.dll
[2011/04/02 10:58:49 | 000,000,120 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\Kcejonevozujit.dat
[2011/04/02 10:58:49 | 000,000,000 | ---- | C] () -- C:\Users\Toshiba\AppData\Local\Idorap.bin

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator to start.

* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on george and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus program at this time :!:

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP