Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware removal, Google redirect, system slowdown


  • This topic is locked This topic is locked

#1
Brosef Stalin

Brosef Stalin

    New Member

  • Member
  • Pip
  • 6 posts
Having issues with fake Windows Security Center pop-ups related to gia.exe, firewall being disabled without permission, google redirects, system slowdown.

Edited by Brosef Stalin, 25 May 2011 - 09:17 AM.

  • 0

Advertisements


#2
Brosef Stalin

Brosef Stalin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
How come every time I try posting the OTL file the site crashes and says "The connection was reset" in my browser?
  • 0

#3
Brosef Stalin

Brosef Stalin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
https://docs.google....ZjZmVk&hl=en_GB
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay - I am unable to access the log - could you attach it here ?


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#5
Brosef Stalin

Brosef Stalin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you very much for helping me!

Here is the OTL file:

OTL logfile created on: 26/05/2011 12:09:25 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.50 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 79.97% Memory free
7.34 Gb Paging File | 6.78 Gb Available in Paging File | 92.46% Paging File free
Paging file location(s): c:\pagefile.sys 4095 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.66 Gb Total Space | 7.98 Gb Free Space | 10.28% Space Free | Partition Type: FAT32
Drive D: | 110.18 Gb Total Space | 21.30 Gb Free Space | 19.33% Space Free | Partition Type: FAT32
Drive E: | 110.20 Gb Total Space | 0.39 Gb Free Space | 0.36% Space Free | Partition Type: NTFS

Computer Name: PENTIUM4 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 23:53:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/05/18 20:43:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/11 19:58:26 | 004,770,672 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2011/03/15 08:06:26 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/24 16:02:38 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 12:11:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 23:53:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 21:30:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NNServ)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/17 12:11:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/21 04:49:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/10 14:54:02 | 000,269,648 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/06/24 19:56:36 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/05/07 00:29:04 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 12:11:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:11:54 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/10 03:30:32 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/21 04:49:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/09/10 14:53:50 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/03/27 13:24:40 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/12/22 11:06:02 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/22 11:06:00 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/22 11:05:58 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/10/31 11:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/07 21:44:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/14 12:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/11/02 14:51:28 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/11/02 14:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/10/10 16:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/22 18:33:00 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2005/02/22 16:17:44 | 000,039,040 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys -- (RushTopDevice)
DRV - [2004/11/01 18:42:36 | 000,023,424 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS -- (SlowDownCPU)
DRV - [2004/10/11 13:54:52 | 000,045,056 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/09/14 14:25:44 | 000,088,960 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/04/26 10:19:56 | 000,381,056 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {f274730f-db76-4942-97ba-7984ab94f854}:2.1c
FF - prefs.js..extensions.enabledItems: {970173E2-4134-46B8-ACA9-476D36BC83E7}:1.9.1
FF - prefs.js..keyword.URL: "http://search.avg.co...u&lng=en-GB&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/19 14:56:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/05/18 09:45:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{970173E2-4134-46B8-ACA9-476D36BC83E7}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{970173E2-4134-46B8-ACA9-476D36BC83E7} [2011/03/21 22:29:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/08/06 20:35:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/08/06 20:35:46 | 000,000,000 | ---D | M]

[2008/09/09 20:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008/09/09 20:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2cpvmft2.default\extensions
[2010/03/30 21:58:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2cpvmft2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/29 23:51:30 | 000,000,000 | ---D | M] (STOP! Hammertime!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2cpvmft2.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854}
[2006/08/06 20:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/29 12:53:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/21 22:29:38 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{970173E2-4134-46B8-ACA9-476D36BC83E7}
[2010/02/19 14:56:16 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2011/05/18 09:45:34 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\[email protected]
[2010/10/29 01:52:14 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/29 01:52:14 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/29 01:52:14 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/29 01:52:14 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5627ED51-BC42-4601-8405-A54E98830D92} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {67AEE411-6403-4D8B-950D-A6A55E0ABD0F} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {9B09A8D2-7F9F-4524-89A5-F2321FE4B339} - Reg Error: Value error. File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {AD6D0F92-B595-4BB1-9243-D052050477EC} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [A9YA3MI1CF] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Xronegixivaz] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: fpact = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zitui1.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: erkjjozzbl = rundll32 "C:\WINDOWS\system32\wshbthg.dll",Suuawojul
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwe...er/dbplugin.cab (dnlplayer Class)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.c...es/MsnInstC.cab (InstallerBehaviorFactory Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.co...ad/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1128928402796 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1130210411390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://foodnet2.view...p/view22rte.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (Reg Error: Key error.)
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westp...iomanagerwt.cab (PortfolioManagerWT ProfileManager Class)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...wn.cab31267.cab (Solitaire Showdown Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\byXOfFXq) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/10 15:52:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{10adfc88-3ca8-11e0-b9dd-0002447b10f7}\Shell\AutoRun\command - "" = H:\APPInst.exe
O33 - MountPoints2\{12193ab4-50bf-11de-b6ab-001fd08fa06d}\Shell - "" = AutoRun
O33 - MountPoints2\{12193ab4-50bf-11de-b6ab-001fd08fa06d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{543421c8-1cf0-11de-b62a-001fd08fa06d}\Shell - "" = AutoRun
O33 - MountPoints2\{543421c8-1cf0-11de-b62a-001fd08fa06d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{84f5a00e-a95c-11de-b708-901229e070b9}\Shell\AutoRun\command - "" = H:\BUD\KNOW\DRG.exe
O33 - MountPoints2\{84f5a00e-a95c-11de-b708-901229e070b9}\Shell\open\command - "" = H:\BUD\KNOW\DRG.exe
O33 - MountPoints2\{8c76aee2-508e-11e0-ba0a-0002447b10f7}\Shell\AutoRun\command - "" = I:\urDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\gia.exe" -a "%1" %* ()
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\gia.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 23:53:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/25 19:04:16 | 000,000,000 | ---D | C] -- C:\Adobe
[2011/05/24 20:46:39 | 000,000,000 | ---D | C] -- C:\movies
[2011/05/20 17:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\slide show photos
[2011/05/08 16:03:00 | 000,000,000 | -HSD | C] -- C:\FOUND.018
[2011/05/05 15:30:48 | 000,000,000 | -HSD | C] -- C:\FOUND.017
[2011/05/02 01:13:08 | 000,059,392 | ---- | C] (KelSat Presents) -- C:\Documents and Settings\Administrator\Desktop\Burnout_Paradise_V1.001_Plus_15_Trainer_By_KelSat.exe
[2011/04/30 10:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\PhilipsSamsungSoft
[2011/04/29 21:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\project64 1.6
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 00:02:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2011/05/25 23:54:16 | 000,012,382 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3le4g083du0shn3n3ng26idqp75y8sc8ksm783am4a27p
[2011/05/25 23:53:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/25 23:38:54 | 000,195,459 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/25 23:38:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc052752ae91dc.job
[2011/05/25 23:36:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 19:04:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/24 21:39:02 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-764733703-725345543-500Core1cc04d350dea6a2.job
[2011/05/24 10:41:28 | 000,000,139 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2011/05/24 00:33:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/05/22 02:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2011/05/20 17:18:12 | 000,001,452 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Project64 1.6 (2).lnk
[2011/05/20 16:52:16 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 18:15:06 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/05/18 18:15:06 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/18 09:39:36 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 00:29:04 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/05/06 17:22:18 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\StarCraft II.lnk
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/25 23:36:37 | 000,012,382 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\3le4g083du0shn3n3ng26idqp75y8sc8ksm783am4a27p
[2011/05/25 19:04:34 | 000,012,382 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3le4g083du0shn3n3ng26idqp75y8sc8ksm783am4a27p
[2011/05/20 17:18:11 | 000,001,452 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Project64 1.6 (2).lnk
[2011/05/06 17:22:17 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\StarCraft II.lnk
[2011/04/28 07:36:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc052752ae91dc.job
[2011/04/27 21:34:52 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-764733703-725345543-500Core1cc04d350dea6a2.job
[2011/04/24 01:33:20 | 000,003,007 | ---- | C] () -- C:\Program Files\Common Files\unins000.dat
[2011/04/15 10:34:09 | 000,006,466 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2901571632
[2011/04/15 10:34:09 | 000,006,466 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2901571632
[2011/03/21 20:28:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivezewah.dll
[2011/03/18 14:44:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011/03/18 14:13:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ddipud.dat
[2011/03/18 14:13:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sqexoj.bin
[2011/01/05 00:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/08/06 11:36:33 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/08/06 11:36:33 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/08/06 11:36:33 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/08/06 11:36:33 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/26 19:00:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/03/10 15:27:10 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2010/03/10 15:26:51 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/01/15 14:58:58 | 000,001,685 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010/01/06 19:58:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/02 09:59:38 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/10/21 04:49:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/15 15:52:46 | 000,115,232 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/16 16:35:02 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/16 16:33:55 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\swk.ini
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/07/06 11:49:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDETX200ASIA.ini
[2009/06/22 16:46:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/30 22:02:00 | 001,579,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/04/15 12:43:47 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/04/15 12:43:46 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/15 12:43:40 | 000,183,112 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/03/31 18:37:46 | 000,000,268 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/12/19 22:43:42 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/12/04 20:08:34 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 13:33:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/07 13:33:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/10/07 13:33:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/07 13:33:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/10/07 13:33:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/10/07 13:33:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 13:33:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/10/07 13:33:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/10/07 13:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/07 14:24:06 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\xrxscnui.dll
[2008/07/13 16:25:50 | 000,088,576 | ---- | C] () -- C:\WINDOWS\UNINSTCC.EXE
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/30 08:11:19 | 000,465,549 | -HS- | C] () -- C:\WINDOWS\System32\xwELknmp.ini
[2008/05/27 19:49:33 | 000,473,025 | -HS- | C] () -- C:\WINDOWS\System32\kSDLonnn.ini
[2008/05/26 20:00:10 | 000,016,141 | -HS- | C] () -- C:\WINDOWS\System32\xaJmlnpo.ini
[2008/04/14 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/01/28 16:42:14 | 000,000,189 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/25 19:22:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/12/25 19:22:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/12/07 17:46:24 | 000,000,023 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2007/10/28 21:56:23 | 000,000,138 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2007/06/30 10:44:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/04/03 19:42:06 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2007/04/03 19:27:26 | 000,000,604 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2007/04/03 19:27:26 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2007/03/21 21:15:53 | 000,000,073 | ---- | C] () -- C:\WINDOWS\promp3recorder.ini
[2007/03/21 21:04:01 | 000,000,096 | ---- | C] () -- C:\WINDOWS\asr.INI
[2006/12/05 17:46:36 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/12/05 17:46:36 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2006/12/05 17:46:36 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2006/12/05 17:46:36 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/12/05 17:46:36 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/12/05 17:46:36 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/12/05 17:46:36 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/12/05 17:46:36 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/12/05 17:46:36 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/12/05 17:46:36 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/12/05 17:46:36 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/12/05 17:46:36 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/12/05 17:46:36 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/12/05 17:46:36 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/12/05 17:46:36 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/12/05 17:46:36 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/12/05 17:46:36 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/12/05 17:46:36 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/12/05 17:46:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/05 17:42:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX5900Asia.ini
[2006/11/03 00:40:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/10/16 11:32:07 | 000,856,064 | ---- | C] () -- C:\WINDOWS\dtaplugin.exe
[2006/10/16 11:32:07 | 000,808,448 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2006/10/16 11:32:07 | 000,183,296 | ---- | C] () -- C:\WINDOWS\dbxesellerate.exe
[2006/10/16 11:32:07 | 000,139,344 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2006/08/06 20:36:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/06 20:35:45 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/04 15:58:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/07/25 17:45:31 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2006/01/19 19:32:34 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2005/12/09 17:39:30 | 000,002,920 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/26 14:27:03 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/12 23:47:43 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/10/12 23:47:43 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/10/12 23:47:43 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/10/11 23:47:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC63THEMN.ini
[2005/10/11 14:29:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/11 14:29:10 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/10/11 14:29:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2005/10/11 01:47:03 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2005/10/11 00:05:34 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2005/10/11 00:04:55 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2005/10/10 20:18:56 | 000,000,444 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/10/10 17:41:08 | 000,001,636 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2005/10/10 16:34:53 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2005/10/10 16:30:25 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2005/10/10 16:30:25 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\msiuins.exe
[2005/10/10 16:30:23 | 000,039,372 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2005/10/10 16:30:23 | 000,039,372 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2005/10/10 15:56:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/10/10 15:49:02 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/10/10 15:22:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/10/10 15:21:05 | 000,172,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/10 07:43:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/10 07:43:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/10 07:42:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/03/11 11:22:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2004/08/07 00:17:40 | 000,441,898 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 00:17:39 | 000,071,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 00:17:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/09/19 13:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2001/09/04 11:34:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1997/06/14 13:26:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2005/10/10 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/07/25 17:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/08/04 15:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2006/12/05 17:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/09/11 18:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/01/30 18:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/03/07 20:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/04/02 11:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2009/05/19 16:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2009/05/28 21:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/05/28 21:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/06/15 22:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009/07/09 14:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/15 23:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/02/19 14:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/19 14:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/05/18 02:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2011/03/15 08:06:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/10/18 01:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2007/03/22 15:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2007/05/01 14:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2007/12/14 10:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2008/01/11 13:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bioshock
[2008/04/02 12:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Grisoft
[2008/08/07 14:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xerox
[2008/08/09 18:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2009/03/17 13:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2009/03/22 17:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/03/27 22:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2009/05/28 21:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2009/08/26 17:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SharePod
[2009/11/19 22:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2009/11/19 22:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2010/01/10 03:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
[2010/02/09 16:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Command and Conquer 3 Tiberium Wars
[2010/05/18 02:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft
[2010/08/06 11:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilisoft
[2010/09/03 07:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2011/02/18 06:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macrobject
[2008/05/14 13:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ixgiy
[2011/04/11 19:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2011/05/24 00:33:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2009/05/28 21:36:02 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/05/22 02:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



< End of report >

Edited by Brosef Stalin, 01 June 2011 - 09:54 AM.

  • 0

#6
Brosef Stalin

Brosef Stalin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the aswMBR.txt

aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-06-02 01:22:48
-----------------------------
01:22:48.539 OS Version: Windows 5.1.2600 Service Pack 3
01:22:48.539 Number of processors: 2 586 0x170A
01:22:48.539 ComputerName: PENTIUM4 UserName:
01:22:49.070 Initialize success
01:22:50.320 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort3
01:22:50.320 Disk 0 Vendor: WDC_WD3200AAKS-00L9A0 01.03E01 Size: 305244MB BusType: 3
01:22:50.320 Device \Device\Ide\IdeDeviceP3T0L0-16 -> \??\IDE#DiskWDC_WD3200AAKS-00L9A0___________________01.03E01#5&1714ff57&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
01:22:50.320 Device \Driver\atapi -> DriverStartIo 8b20727f
01:22:50.320 Disk 0 MBR read error 0
01:22:50.320 Disk 0 MBR scan
01:22:50.320 Disk 0 unknown MBR code
01:22:50.320 MBR BIOS signature not found 0
01:22:50.320 Disk 0 scanning sectors +625137345
01:22:50.320 Disk 0 scanning C:\WINDOWS\system32\drivers
01:22:51.679 File C:\WINDOWS\system32\drivers\serial.sys TDL3 **ROOTKIT**
01:22:51.679 Disk 0 trace - called modules:
01:22:51.679 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb1b808b0]<<
01:22:51.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2d0ab8]
01:22:51.695 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> [0x8b01e920]
01:22:51.695 \Driver\Disk[0x8af0d3f0] -> IRP_MJ_CREATE -> 0xb1b808b0
01:23:01.680 Unsigned kernel modules:
01:23:01.680 0xb7ea6000 spai.sys
01:23:03.712 0xb8338000 C:\WINDOWS\system32\drivers\PxHelp20.sys
01:23:14.290 0xb8298000 C:\WINDOWS\system32\DRIVERS\serial.sys
01:23:14.369 0xb8248000 ACPI#PNP0303#2&da1a3ff&0\U\@800000cf
01:23:40.933 0xab16c000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
01:23:40.948 0xb35b5000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
01:23:49.043 Scan finished successfully
01:23:56.871 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
01:23:56.871 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can see the activity - so lets kill

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/03/21 22:29:38 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{970173E2-4134-46B8-ACA9-476D36BC83E7}
    O2 - BHO: (no name) - {5627ED51-BC42-4601-8405-A54E98830D92} - Reg Error: Value error. File not found
    O2 - BHO: (no name) - {67AEE411-6403-4D8B-950D-A6A55E0ABD0F} - Reg Error: Value error. File not found
    O2 - BHO: (no name) - {9B09A8D2-7F9F-4524-89A5-F2321FE4B339} - Reg Error: Value error. File not found
    O2 - BHO: (no name) - {AD6D0F92-B595-4BB1-9243-D052050477EC} - Reg Error: Value error. File not found
    O4 - HKCU..\Run: [A9YA3MI1CF] File not found
    O4 - HKCU..\Run: [Xronegixivaz] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: fpact = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zitui1.exe
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: erkjjozzbl = rundll32 "C:\WINDOWS\system32\wshbthg.dll",Suuawojul
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
    O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\byXOfFXq) - File not found
    O35 - HKLM\..exefile [open] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\gia.exe" -a "%1" %* ()
    O37 - HKLM\...exe [@ = exefile] -- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\gia.exe" -a "%1" %* ()
    [2011/05/25 23:54:16 | 000,012,382 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3le4g083du0shn3n3ng26idqp75y8sc8ksm783am4a27p
    [2011/05/25 23:38:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc052752ae91dc.job
    [2011/04/15 10:34:09 | 000,006,466 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2901571632
    [2011/04/15 10:34:09 | 000,006,466 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2901571632
    [2011/03/21 20:28:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivezewah.dll
    [2011/03/18 14:44:12 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
    [2011/03/18 14:13:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ddipud.dat
    [2011/03/18 14:13:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sqexoj.bin

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\All Users\Application Data\3le4g083du0shn3n3ng26idqp75y8sc8ksm783am4a27p

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP