Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Experiencing SYN and UDP-flood, and system crashes.

Started by teteu86 , Jun 30 2011 02:07 AM

  • This topic is locked This topic is locked

#1
teteu86
Posted 30 June 2011 - 02:07 AM

teteu86

    New Member

  • Member
  • Pip
  • 1 posts
Using Windows 7 Ultimate, installed up to 2 months ago. I've used Malwarebytes', Spybot and Avira.


OTL logfile created on: 30/06/2011 08:57:34 - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\Carlos\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.53% Memory free
3.98 Gb Paging File | 2.45 Gb Available in Paging File | 61.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 79.90 Gb Total Space | 56.39 Gb Free Space | 70.57% Space Free | Partition Type: NTFS
Drive D: | 385.76 Gb Total Space | 290.71 Gb Free Space | 75.36% Space Free | Partition Type: NTFS

Computer Name: CARLOS-PC | User Name: Carlos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Carlos\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Users\Carlos\Desktop\gmer.exe ()
PRC - C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe (Driver-Soft Inc.)
PRC - C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
PRC - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
PRC - C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Carlos\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found
SRV - (AMService) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BTMCOM) -- C:\Windows\System32\drivers\btmcom.sys (Motorola, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.babylo...affID=17979&q="

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 20:08:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/27 12:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Extensions
[2011/06/18 00:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\hnl4dpoo.default\extensions
[2011/06/18 08:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/10 17:08:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\CARLOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HNL4DPOO.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/06/22 20:08:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [combofix] File not found
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe (Driver-Soft Inc.)
O4 - HKCU..\Run: [BackgroundSwitcher] C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/30 08:56:21 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe
[2011/06/30 08:07:06 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Carlos\Desktop\dds.scr
[2011/06/30 07:58:30 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{233C7F3E-2077-4254-B197-FEF731BB93FF}
[2011/06/30 07:35:58 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/30 01:13:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/30 01:13:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/30 01:13:00 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\temp
[2011/06/29 14:09:06 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{EE56A711-5FF5-4FFA-AA8B-8C3CD2C5732F}
[2011/06/28 07:04:29 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{ADF1B2D9-EBE5-49F1-A6B6-81A78D403A26}
[2011/06/28 00:00:57 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{3A23A1DE-9BAE-4205-B376-8D9671B40173}
[2011/06/26 00:49:35 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{833A8621-E15B-438D-BF08-6AB46C285B7F}
[2011/06/26 00:01:47 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{B9A46979-58D6-4B93-9B9C-E95B3404479C}
[2011/06/25 23:55:03 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{0BDC782E-4E8C-425A-BB4E-AB71C69328DE}
[2011/06/25 23:38:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/25 23:38:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/25 23:38:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/25 23:38:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/25 23:35:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/24 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Virtualdub
[2011/06/24 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{5A8EFCD8-291D-4B49-B72F-865CA76F601B}
[2011/06/23 17:48:45 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{69FC23F3-6C55-4854-A81A-347BBDD994A6}
[2011/06/23 02:22:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\oodag
[2011/06/23 01:31:22 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\O&O
[2011/06/23 01:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2011/06/23 01:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2011/06/23 01:30:09 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\Downloaded Installations
[2011/06/23 01:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\[bleep] NFO Viewer
[2011/06/22 19:21:28 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{1DD5B7C6-BBDA-4575-8F4E-CEEE139EDA0F}
[2011/06/21 14:07:53 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{2C5831BC-C330-4A6A-8DD5-2E612CF75EC1}
[2011/06/20 23:29:25 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{07B9631F-BD58-470F-BD4C-0E8189971CC7}
[2011/06/20 10:20:44 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{A0BBA495-8B42-4F58-AA40-35F90FE7F693}
[2011/06/20 10:15:50 | 004,129,550 | R--- | C] (Swearware) -- C:\Users\Carlos\Desktop\ComboFix.exe
[2011/06/19 21:58:41 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{FE24DAF7-64EC-4849-A8B6-99CB334DAF18}
[2011/06/19 09:32:36 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{0DD8E1BC-312F-4639-B24D-C81C1AF8D975}
[2011/06/18 20:50:40 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{1A950920-5098-4294-9AFB-127ED7A9F967}
[2011/06/18 08:50:03 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{2D1D94F9-67CC-4044-AB7A-29CB6D28F9D1}
[2011/06/18 08:49:13 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/06/18 00:24:24 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/06/18 00:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/17 21:34:23 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{A290599E-9FDC-43B1-AD90-D04F9FFA40AB}
[2011/06/17 02:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/06/17 02:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/06/16 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{1D58F6C8-D702-4C31-BC7A-C5631DDF063A}
[2011/06/15 13:56:57 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{1C38A9E9-1325-4399-B29F-304FD06C78BD}
[2011/06/15 00:18:13 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{DCDE3F98-AA53-4E82-A872-27C7C2E2F122}
[2011/06/14 16:02:46 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Desktop\audio
[2011/06/13 21:55:58 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{7C558032-7796-4C6E-8F54-065110B1430A}
[2011/06/12 22:58:56 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\EDesksoft
[2011/06/12 03:28:18 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{DCE3937C-62C9-4F7D-8C86-71EE1F43731B}
[2011/06/11 11:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
[2011/06/11 11:44:35 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Intelli-studio
[2011/06/11 11:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/06/11 10:37:43 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{4C3D9FD9-4ACC-4C62-842D-DCA92839D5E3}
[2011/06/10 19:12:04 | 000,000,000 | ---D | C] -- C:\Users\Carlos\advfn
[2011/06/10 17:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/10 17:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/10 17:05:59 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{B77B426E-C307-4BF1-86D0-11031A7A9463}
[2011/06/09 22:54:58 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{1E001F5E-75DF-458E-A027-6E7F73B91165}
[2011/06/08 21:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/06/08 21:20:40 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent
[2011/06/08 21:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µTorrent
[2011/06/06 12:02:43 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Foxit Software
[2011/06/05 11:18:25 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\Adobe
[2011/06/05 11:16:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011/06/05 09:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/04 10:40:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/06/04 10:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/06/04 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{21BD57ED-BFF1-4D88-B06C-A6AF1B874329}
[2011/06/04 09:29:00 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{32117E80-8F94-4387-A62B-ACB18C42AC08}
[2011/06/03 18:46:24 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{AE8ECB5C-EB18-4FB4-947A-3F5FB6B2A141}
[2011/06/03 18:46:23 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{8D0DE560-07BF-4D0C-A024-FC196A001EAD}
[2011/06/03 10:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alarm Clock
[2011/06/03 10:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alarm Clock
[2011/06/03 05:55:34 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Vso
[2011/06/03 05:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2011/06/03 05:55:09 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011/06/03 05:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2011/06/03 05:02:02 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Documents\Downloads
[2011/06/03 01:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/06/03 01:16:28 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/06/03 00:44:17 | 000,344,064 | ---- | C] (Sonix) -- C:\Windows\vsnp2std.exe
[2011/06/03 00:44:16 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2011/06/03 00:44:16 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2011/06/03 00:44:16 | 000,073,728 | ---- | C] (Sonix) -- C:\Windows\System32\vsnp2std.dll
[2011/06/03 00:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 PC Camera
[2011/06/03 00:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\snp2std
[2011/06/03 00:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Manager
[2011/06/03 00:15:25 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{FDF5746E-E051-4F60-81F0-E4D7274A3CF7}
[2011/06/01 22:59:49 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{0949DF1E-6011-45A0-A861-D0634FDF3EBB}
[2011/06/01 19:25:09 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\PDF Writer
[2011/06/01 19:25:09 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\PDF Writer
[2011/06/01 19:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer
[2011/06/01 19:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip
[2011/06/01 19:22:23 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\System32\bzFlRdr.dll
[2011/06/01 19:22:23 | 000,135,168 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdfc.dll
[2011/06/01 19:22:23 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\System32\bzDCT.dll
[2011/06/01 19:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2011/06/01 19:22:20 | 000,196,096 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdf.dll
[2011/06/01 19:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2011/06/01 18:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyPDF 2.0
[2011/06/01 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\TinyPDF
[2011/06/01 12:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Mender
[2011/06/01 10:59:14 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{2B34A638-8F23-4CCA-8D27-C6E62B156E9E}
[2011/05/31 23:23:48 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\skypePM
[2011/05/31 23:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/31 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Skype
[2011/05/31 23:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/05/31 22:58:49 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\{DA208841-0565-45C1-B42D-1EBE02B94865}
[2011/05/31 22:58:33 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Tracing
[2011/05/31 22:52:37 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\Windows Live
[2011/05/31 22:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/05/31 16:03:47 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\ElevatedDiagnostics

========== Files - Modified Within 30 Days ==========

[2011/06/30 08:56:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe
[2011/06/30 08:07:09 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Carlos\Desktop\dds.scr
[2011/06/30 08:06:42 | 000,000,000 | ---- | M] () -- C:\Users\Carlos\defogger_reenable
[2011/06/30 08:05:14 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/30 08:05:14 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/30 08:03:36 | 000,663,804 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2011/06/30 08:03:36 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/30 08:03:36 | 000,128,094 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2011/06/30 08:03:36 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/30 07:57:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/30 07:57:41 | 1602,723,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/30 07:57:40 | 000,026,796 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2011/06/30 01:03:49 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/30 01:03:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 00:55:20 | 004,129,550 | R--- | M] (Swearware) -- C:\Users\Carlos\Desktop\ComboFix.exe
[2011/06/29 00:08:13 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/06/29 00:08:13 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/06/28 01:33:24 | 000,434,542 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110629-173637.backup
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/24 11:13:52 | 001,836,964 | ---- | M] () -- C:\Users\Carlos\Desktop\Element TD 4.3b.w3x
[2011/06/23 01:01:15 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2011/06/23 00:49:06 | 000,007,168 | ---- | M] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 19:03:02 | 000,326,175 | ---- | M] () -- C:\Users\Carlos\Desktop\youraccountonline.esb.ie - bills.pdf
[2011/06/18 21:14:55 | 186,315,911 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/17 02:46:28 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011/06/16 15:21:35 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/06/16 13:24:57 | 000,435,270 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110622-190432.backup
[2011/06/11 01:05:50 | 000,435,088 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110616-132457.backup
[2011/06/06 13:02:11 | 000,070,027 | ---- | M] () -- C:\Windows\wininit.ini
[2011/06/03 08:31:54 | 000,001,057 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\vso_ts_preview.xml
[2011/06/02 07:43:44 | 000,434,932 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110611-010550.backup
[2011/05/31 23:23:55 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011/05/31 16:45:58 | 000,000,666 | ---- | M] () -- C:\Users\Carlos\Desktop\Matheus.lnk

========== Files Created - No Company Name ==========

[2011/06/30 08:12:07 | 000,302,592 | ---- | C] () -- C:\Users\Carlos\Desktop\gmer.exe
[2011/06/30 08:06:42 | 000,000,000 | ---- | C] () -- C:\Users\Carlos\defogger_reenable
[2011/06/25 23:38:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/25 23:38:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/25 23:38:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/25 23:38:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/25 23:38:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/24 11:13:56 | 001,836,964 | ---- | C] () -- C:\Users\Carlos\Desktop\Element TD 4.3b.w3x
[2011/06/23 17:46:24 | 000,026,796 | ---- | C] () -- C:\Windows\System32\oodbs.lor
[2011/06/23 01:02:38 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/06/22 19:03:02 | 000,326,175 | ---- | C] () -- C:\Users\Carlos\Desktop\youraccountonline.esb.ie - bills.pdf
[2011/06/18 21:14:55 | 186,315,911 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/18 08:48:56 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/06/18 08:48:19 | 000,001,331 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/06/17 02:46:26 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011/06/16 15:21:35 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/06/09 22:51:06 | 000,002,443 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/06/05 09:11:06 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 09:11:05 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/03 05:55:34 | 000,001,057 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\vso_ts_preview.xml
[2011/06/03 00:44:17 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp2std.exe
[2011/06/03 00:44:17 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011/06/03 00:44:17 | 000,013,022 | ---- | C] () -- C:\Windows\snp2std.src
[2011/06/03 00:44:16 | 012,212,864 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2011/06/03 00:44:16 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2011/06/02 12:35:19 | 000,070,027 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/01 14:09:56 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2011/05/31 23:23:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/05/30 21:48:16 | 000,007,168 | ---- | C] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 23:36:48 | 000,000,017 | ---- | C] () -- C:\Users\Carlos\AppData\Local\resmon.resmoncfg
[2011/05/29 03:44:02 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/05/27 12:01:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/23 11:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/08/05 03:58:37 | 000,663,804 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2009/08/05 03:58:37 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2009/08/05 03:58:37 | 000,128,094 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2009/08/05 03:58:37 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,337,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/06/12 22:58:56 | 000,000,000 | ---D | M] -- C:\Users\Carlos\AppData\Roaming\EDesksoft
[2011/06/29 23:27:20 | 000,000,000 | ---D | M] -- C:\Users\Carlos\AppData\Roaming\FileZilla
[2011/06/06 12:02:43 | 000,000,000 | ---D | M] -- C:\Users\Carlos\AppData\Roaming\Foxit Software
[2011/05/28 13:11:48 | 000,000,000 | ---D | M] -- C:\Users\Carlos\AppData\Roaming\johnsadventures.com
[2011/05/28 22:37:15 | 000,000,000 | ---D | M] -- C:\Users\Carlos\AppData\Roaming\JustVoip
[2011/06/03 00:26:13 | 000,000,000 | ---D | M] -- C:\Users\Carlos\AppData\Roaming\PDF Writer
[2011/06/30 00:54:24 | 000,000,000 | ---D | M] -- C:\Users\Carlos\AppData\Roaming\uTorrent
[2011/06/03 08:31:54 | 000,000,000 | ---D | M] -- C:\Users\Carlos\AppData\Roaming\Vso
[2011/06/22 15:44:28 | 000,018,464 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 04 July 2011 - 09:48 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

It has come to my attention that you have posted for help with your computer at other forums.

http://www.bleepingc...pic406897.html/

Please note the following:
  • You should only seek help at one forum.
  • If you have multi-posted, we ask that you select one forum from those where you sought help and ask the others to close your topics.

    Although we understand you wish your problems to be addressed as soon as possible, there are reasons why multi-posting causes problems.
  • By Multi-Posting you are utilizing the time of two (or more) trained helpers.

    Helpers take a long time to train. They need a great deal of expertise and knowledge to be able to safely remove Malware from your computer and because of this
    are in short supply. We wish to use them to help the maximum number of people, and if they are researching the log of someone who is already being helped, then their time and effort is going to waste.

    Understandably this causes a certain amount of bad feeling.
    • From the helper who has needlessly spent time researching your log and compiling and posting instructions.
    • From others who have to wait longer for their problems to be addressed.
  • Advice from two separate helpers can cause problems.

Different helpers may use different methods to combat your infection. Whilst each in isolation is safe, that may not be so if you follow the advice of both together. Some of the tools we use are very powerful and have to be used in a specific way and in some cases do not combine well with others. By using advice from two different sources it is possible that tools may be used that do not combine well and you may severely damage your computer, even rendering it inoperable in some circumstances.


==============

As you have already received a reply to your thread at BleepingComputer, I am closing this thread.

This thread is now closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP