Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need to ensure if PC is truly cleared of viruses and malware


  • Please log in to reply

#1
jones24

jones24

    Member

  • Member
  • PipPip
  • 25 posts
Firstly i activated a virus and some malware that my ESET security managed to block but the malware got through. It played a voice recording. I managed to disable it by deleting it from processes window. It also created new files that appeared in the tmp folder.

I have created a rar file of these exe files and uploaded them. I will post the link if you want to check them out.

I scanned the files with ESET and it didn't identify them as viruses or malware.

The virus that was discovered by ESET is a variant of Win32 Kryptik.LLT trojan. The file called itself Tt2.exe and Ttz.exe.


I have saved and put these files into a rar file cos ESET does not detect them as viruses

Here's my OTL file:




OTL logfile created on: 6/11/2011 2:34:29 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = D:\idm downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 81.77% Memory free
8.00 Gb Paging File | 6.40 Gb Available in Paging File | 80.05% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 47.33 Gb Total Space | 17.69 Gb Free Space | 37.38% Space Free | Partition Type: NTFS
Drive D: | 64.45 Gb Total Space | 43.98 Gb Free Space | 68.23% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 122.31 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 75.23 Gb Free Space | 32.30% Space Free | Partition Type: NTFS

Computer Name: VIRGILEVEGA-PC | User Name: Virgile Vega | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/10 20:33:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\idm downloads\OTL.exe
PRC - [2011/05/01 05:27:56 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Extra program files x86\Mozilla Firefox\firefox.exe
PRC - [2011/04/29 13:45:46 | 001,006,080 | ---- | M] (IVT Corporation) -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2011/04/25 10:30:52 | 003,298,712 | ---- | M] (Tonec Inc.) -- D:\Extra program files x86\Internet Download Manager\IDMan.exe
PRC - [2011/04/13 12:06:02 | 000,319,574 | ---- | M] (IVT Corporation) -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2011/04/13 12:00:54 | 000,147,563 | ---- | M] (IVT Corporation) -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2011/03/23 02:38:10 | 001,596,032 | ---- | M] (Nullsoft, Inc.) -- D:\Extra program files x86\Winamp\winamp.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/05/25 22:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- D:\Extra program files x86\Internet Download Manager\IEMonitor.exe
PRC - [2010/05/05 16:56:06 | 000,251,392 | ---- | M] () -- D:\Extra program files x86\Razer\DeathAdder\razerhid.exe
PRC - [2010/04/27 14:41:26 | 000,218,112 | ---- | M] () -- D:\Extra program files x86\Razer\DeathAdder\razertra.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- D:\Extra program files x86\Razer\DeathAdder\razerofa.exe


========== Modules (SafeList) ==========

MOD - [2011/06/10 20:33:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\idm downloads\OTL.exe
MOD - [2010/11/20 19:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/07/28 23:36:30 | 000,010,960 | ---- | M] (O&K Software) -- D:\Extra program files x86\Prio\prio32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/05 13:26:26 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/29 13:45:46 | 001,006,080 | ---- | M] (IVT Corporation) [Auto | Running] -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2011/04/13 12:09:18 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand | Running] -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2011/04/13 12:00:54 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/08/12 14:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Extra program files x86\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2010/07/28 23:37:16 | 000,009,936 | ---- | M] () [On_Demand | Stopped] -- D:\Extra program files x86\Prio\prio_svc.exe -- (prio_svc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/19 12:11:50 | 000,828,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/09/28 09:27:56 | 000,057,096 | ---- | M] (Greatis Software, LLC) [Disabled | Stopped] -- C:\Program Files (x86)\BootRacer\BootRacerServ.exe -- (BootRacerServ)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/05 14:09:06 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/05 12:44:22 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/31 02:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/29 01:46:40 | 000,146,568 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/24 18:13:39 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/12/24 17:47:23 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/12/24 17:47:23 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/12/15 19:03:09 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/12/15 00:10:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/08 11:16:54 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs64.sys -- (CbFs)
DRV:64bit: - [2010/08/26 21:29:30 | 000,025,352 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (BTCOMBUS)
DRV:64bit: - [2010/08/26 21:29:28 | 000,029,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM)
DRV:64bit: - [2010/08/18 22:19:46 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2010/07/29 13:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/07/29 13:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 13:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/07/29 13:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/07/15 08:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 08:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/06/24 13:46:14 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2010/06/24 13:46:14 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
DRV:64bit: - [2010/06/24 11:35:04 | 000,042,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2010/04/27 22:01:44 | 000,062,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2010/04/19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/04/19 17:04:44 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2010/04/06 18:32:46 | 000,023,944 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/21 21:50:00 | 000,007,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009/12/16 08:19:56 | 000,044,800 | ---- | M] (Advanced Card Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acr122.sys -- (ACR122U)
DRV:64bit: - [2009/10/21 17:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/10/12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 14:02:20 | 000,036,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2009/06/17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/10/28 20:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x)
DRV:64bit: - [2007/04/20 21:29:52 | 001,037,312 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2010/08/31 11:04:20 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Extra program files x86\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/06/17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/09/11 03:23:46 | 000,018,944 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xin.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 94 3D 46 C6 DA CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-GB.start3....en-GB:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.1.400
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: "212.117.166.26"
FF - prefs.js..network.proxy.backup.ftp_port: 18231
FF - prefs.js..network.proxy.backup.gopher: "212.117.166.26"
FF - prefs.js..network.proxy.backup.gopher_port: 18231
FF - prefs.js..network.proxy.backup.socks: "212.117.166.26"
FF - prefs.js..network.proxy.backup.socks_port: 18231
FF - prefs.js..network.proxy.backup.ssl: "212.117.166.26"
FF - prefs.js..network.proxy.backup.ssl_port: 18231
FF - prefs.js..network.proxy.ftp: "201.75.14.179"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "201.75.14.179"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "201.75.14.179"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "201.75.14.179"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "201.75.14.179"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: D:\Extra program files x86\Mozilla Firefox\components [2011/05/01 05:27:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: D:\Extra program files x86\Mozilla Firefox\plugins [2011/05/01 05:27:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\Extra program files x86\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/23 20:59:11 | 000,000,000 | ---D | M]

[2010/12/14 01:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Extensions
[2011/06/10 03:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions
[2011/06/03 11:20:25 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/05/25 00:03:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/27 04:31:32 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/03/12 19:30:24 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions\[email protected]
[2011/06/01 23:53:11 | 000,000,000 | ---D | M] (Save Images) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions\[email protected]
[2010/12/14 01:07:08 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions\[email protected]
[2010/12/14 01:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15_original.default\extensions
[2010/12/14 01:07:08 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15_original.default\extensions\[email protected]
[2010/12/14 01:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\yuks5tp7.default\extensions
[2011/04/16 09:53:29 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\IDM\IDMMZCC3
[2010/12/14 01:02:37 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- D:\EXTRA PROGRAM FILES X86\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011/03/18 17:38:37 | 000,000,000 | ---D | M] (Java Console) -- D:\EXTRA PROGRAM FILES X86\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/12/14 01:02:37 | 000,000,000 | ---D | M] (Anti-Banner) -- D:\EXTRA PROGRAM FILES X86\MOZILLA FIREFOX\EXTENSIONS\[email protected]

O1 HOSTS File: ([2010/12/14 13:54:40 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Extra program files x86\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Extra program files x86\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Extra program files x86\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [egui] D:\Extra program files x86\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DeathAdder] D:\extra program files x86\Razer\DeathAdder\razerhid.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\AutorunsDisabled: BootRacer = "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2 (Greatis Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - D:\Extra program files x86\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - D:\Extra program files x86\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - D:\Extra program files x86\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - D:\Extra program files x86\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - D:\Extra program files x86\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - D:\Extra program files x86\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (prio.dll) - D:\Extra program files x86\Prio\prio.dll (O&K Software)
O20 - AppInit_DLLs: (prio32.dll) - D:\Extra program files x86\Prio\prio32.dll (O&K Software)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (攀爀猀) - File not found
O30:64bit: - LSA: Security Packages - (᐀戀㄀) - File not found
O30 - LSA: Security Packages - (攀爀猀) - File not found
O30 - LSA: Security Packages - (᐀戀㄀) - File not found
O30 - LSA: Security Packages - (က嘀物楧敬嘠来a䘀ࠀЀ¾) - File not found
O30 - LSA: Security Packages - (⨀) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07e0241e-3521-11e0-88af-96f27ead2401}\Shell - "" = AutoRun
O33 - MountPoints2\{07e0241e-3521-11e0-88af-96f27ead2401}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3b6d8227-3b2a-11e0-8d22-9ef99ef2930f}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6d8227-3b2a-11e0-8d22-9ef99ef2930f}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3b6d8233-3b2a-11e0-8d22-9ef99ef2930f}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6d8233-3b2a-11e0-8d22-9ef99ef2930f}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3b6d824d-3b2a-11e0-8d22-9ef99ef2930f}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6d824d-3b2a-11e0-8d22-9ef99ef2930f}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b6cfc132-3a97-11e0-9ace-cfb145682303}\Shell - "" = AutoRun
O33 - MountPoints2\{b6cfc132-3a97-11e0-9ace-cfb145682303}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b6cfc15a-3a97-11e0-9ace-cfb145682303}\Shell - "" = AutoRun
O33 - MountPoints2\{b6cfc15a-3a97-11e0-9ace-cfb145682303}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c575a3e4-3d08-11e0-bfed-f7402b499608}\Shell - "" = AutoRun
O33 - MountPoints2\{c575a3e4-3d08-11e0-bfed-f7402b499608}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c93004b1-18b8-11e0-b0f2-c83b10d36808}\Shell - "" = AutoRun
O33 - MountPoints2\{c93004b1-18b8-11e0-b0f2-c83b10d36808}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c93004c8-18b8-11e0-b0f2-c83b10d36808}\Shell - "" = AutoRun
O33 - MountPoints2\{c93004c8-18b8-11e0-b0f2-c83b10d36808}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{f029144b-755b-11e0-ae54-daf207748e64}\Shell - "" = AutoRun
O33 - MountPoints2\{f029144b-755b-11e0-ae54-daf207748e64}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/10 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\Log file by pchelp virus forum 10 june 2011
[2011/06/10 19:22:03 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/10 03:51:05 | 000,000,000 | ---D | C] -- C:\temp
[2011/06/07 20:46:13 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Desktop\Jdownloader files
[2011/06/06 14:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/06/06 12:36:09 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\Replay Media Catcher 4
[2011/06/06 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
[2011/06/06 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Applian
[2011/06/05 23:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2011/06/05 23:11:24 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\DeadMage
[2011/06/05 22:42:13 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\3DMGAME
[2011/06/05 22:23:06 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\Duke Nukem Forever Demo
[2011/06/05 13:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/06/05 13:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/06/05 13:00:12 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/06/05 13:00:11 | 000,480,256 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011/06/05 13:00:11 | 000,203,776 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011/06/05 13:00:11 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/06/05 13:00:11 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/06/04 15:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011/05/31 20:04:41 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Desktop\password recovery tools
[2011/05/31 19:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AccentSoft Utilities
[2011/05/31 19:22:41 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
[2011/05/31 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
[2011/05/31 19:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Unlocker
[2011/05/31 18:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2011/05/31 11:47:18 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\Contacts found on OLD windows installation
[2011/05/29 19:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
[2011/05/28 19:31:05 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\go
[2011/05/28 19:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/27 09:52:03 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\IrfanView
[2011/05/27 09:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2011/05/25 08:49:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011/05/20 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Desktop\pelly
[2011/05/17 06:06:57 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\The Witcher 2
[2011/05/14 03:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/14 03:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/14 03:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/11 00:18:52 | 000,001,205 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2011/06/11 00:18:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/10 19:28:07 | 000,076,115 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\virus file keygen.rar
[2011/06/10 19:25:57 | 000,019,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/10 19:25:57 | 000,019,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/10 19:22:03 | 000,003,037 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\HiJackThis.lnk
[2011/06/06 17:30:16 | 000,006,512 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2011/06/06 12:36:09 | 000,002,657 | ---- | M] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
[2011/06/06 11:17:59 | 000,032,494 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\11131982af27e67c49abc95b1d6d13463359a808.jpg
[2011/06/03 22:38:09 | 000,001,231 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\JDownloader.exe - Shortcut.lnk
[2011/06/03 19:03:40 | 000,079,861 | ---- | M] () -- C:\Users\Virgile Vega\Documents\Julia-49991586 jung's lost dog.pdf
[2011/05/31 19:19:19 | 000,000,201 | ---- | M] () -- C:\Users\Virgile Vega\AppData\Roaming\prio.ini
[2011/05/27 09:52:03 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2011/05/27 09:52:03 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2011/05/25 08:43:39 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Rapture3D - Speaker Layout.lnk
[2011/05/24 19:40:21 | 004,299,130 | ---- | M] () -- C:\Users\Virgile Vega\Documents\UOBKH_UserGuide(links).pdf
[2011/05/23 21:06:16 | 000,000,138 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2011/05/23 21:05:51 | 000,001,264 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2011/05/23 21:02:45 | 000,000,106 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2011/05/16 12:59:38 | 059,592,646 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\jay,zier,fin bf,thip vs pelly (very power and long) 16 may 2011.mp3
[2011/05/15 18:27:34 | 000,001,307 | ---- | M] () -- C:\Windows\SysNative\safe_image_php_d_2a41dd0e9e844f42f98c2a8ca0395448&w_50&h_50&url_http_3A_2F_2Fupload_wikimedia_org_2Fwikipedia_2Fcommons_2Fthumb_2F8_2F8f_2FCampion-Hornbook_jpg_2F720px-Campion-Hornbook_001.jpg.lnk
[2011/05/14 18:19:32 | 000,000,471 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\Funny thai arguments 1.m3u
[2011/05/14 05:06:59 | 000,301,963 | RHS- | M] () -- C:\NIETR
[2011/05/14 05:06:59 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2011/05/14 03:08:12 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/10 19:28:07 | 000,076,115 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\virus file keygen.rar
[2011/06/10 19:22:03 | 000,003,037 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\HiJackThis.lnk
[2011/06/07 21:13:24 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011/06/07 21:13:24 | 000,000,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2011/06/07 21:13:24 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011/06/06 11:17:59 | 000,032,494 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\11131982af27e67c49abc95b1d6d13463359a808.jpg
[2011/06/05 13:00:12 | 000,989,600 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/06/05 13:00:11 | 000,989,600 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/06/05 13:00:11 | 000,233,012 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2011/06/05 13:00:11 | 000,033,224 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/06/05 13:00:11 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/05 13:00:11 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2011/06/05 13:00:10 | 000,165,304 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011/06/03 22:38:09 | 000,001,231 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\JDownloader.exe - Shortcut.lnk
[2011/06/03 19:03:40 | 000,079,861 | ---- | C] () -- C:\Users\Virgile Vega\Documents\Julia-49991586 jung's lost dog.pdf
[2011/05/31 19:27:18 | 033,338,885 | ---- | C] () -- C:\Users\Virgile Vega\Documents\english.dic
[2011/05/27 09:52:03 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2011/05/27 09:52:03 | 000,000,713 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2011/05/24 19:40:10 | 004,299,130 | ---- | C] () -- C:\Users\Virgile Vega\Documents\UOBKH_UserGuide(links).pdf
[2011/05/23 21:05:50 | 000,001,264 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2011/05/23 21:04:57 | 000,000,138 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2011/05/23 21:02:45 | 000,006,512 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2011/05/23 21:02:14 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2011/05/20 23:14:32 | 059,592,646 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\jay,zier,fin bf,thip vs pelly (very power and long) 16 may 2011.mp3
[2011/05/15 18:27:34 | 000,001,307 | ---- | C] () -- C:\Windows\SysNative\safe_image_php_d_2a41dd0e9e844f42f98c2a8ca0395448&w_50&h_50&url_http_3A_2F_2Fupload_wikimedia_org_2Fwikipedia_2Fcommons_2Fthumb_2F8_2F8f_2FCampion-Hornbook_jpg_2F720px-Campion-Hornbook_001.jpg.lnk
[2011/05/14 05:06:59 | 000,301,963 | RHS- | C] () -- C:\NIETR
[2011/05/14 05:06:59 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2011/05/14 03:08:12 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/04/29 13:45:56 | 000,001,205 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2011/04/21 18:19:33 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/04/13 12:00:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/18 12:38:19 | 002,336,384 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/03/18 12:38:19 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/03/18 12:38:19 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/03/18 12:38:19 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/03/18 12:38:18 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/03/09 07:54:05 | 000,000,036 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Local\housecall.guid.cache
[2010/12/27 18:45:41 | 000,087,676 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/12/17 15:22:40 | 000,000,201 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Roaming\prio.ini
[2010/12/14 21:21:06 | 000,000,079 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Local\CrystalDiskMark30.ini
[2010/12/14 21:01:53 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2010/12/14 17:56:51 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/14 17:56:51 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/14 17:56:51 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/12/14 17:56:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/12/14 17:50:28 | 000,007,613 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Local\resmon.resmoncfg
[2010/12/14 15:13:13 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/14 13:48:16 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/12/14 04:12:26 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/12/14 01:18:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/14 01:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini

========== LOP Check ==========

[2010/12/24 17:42:40 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Acronis
[2011/05/25 16:13:05 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Camfrog
[2010/12/16 17:32:30 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DAEMON Tools Lite
[2010/12/15 00:02:21 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DAEMON Tools Pro
[2011/06/05 23:11:24 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DeadMage
[2011/06/11 02:10:31 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DMCache
[2011/05/27 16:49:49 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Dropbox
[2010/12/23 20:59:25 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\ESET
[2011/05/02 03:05:20 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\FreeArc
[2011/06/11 00:32:54 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\go
[2011/01/03 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\HD Tune Pro
[2011/06/03 12:52:28 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\IDM
[2010/12/16 02:09:07 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\ImgBurn
[2011/05/27 09:52:03 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\IrfanView
[2010/12/13 22:50:25 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Razer
[2011/06/06 12:37:27 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Replay Media Catcher 4
[2010/12/14 21:54:45 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Thinstall
[2011/02/24 20:33:07 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\WindSolutions
[2011/06/09 22:24:28 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\ZumoDrive
[2011/05/29 19:18:55 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/01/28 08:35:28 | 016,159,984 | ---- | M] ()(C:\Users\Virgile Vega\Documents\Videos Posted by ??????- ??????????.mp4) -- C:\Users\Virgile Vega\Documents\Videos Posted by 真可爱俱乐部- 浙江大学三行情书作品.mp4
[2011/01/28 08:35:28 | 016,159,984 | ---- | C] ()(C:\Users\Virgile Vega\Documents\Videos Posted by ??????- ??????????.mp4) -- C:\Users\Virgile Vega\Documents\Videos Posted by 真可爱俱乐部- 浙江大学三行情书作品.mp4

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4FC01C57

< End of report >
  • 0

Advertisements


#2
jones24

jones24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Is anyone out there?
  • 0

#3
jones24

jones24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
PLEASE HELP GUYS
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP