Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse Sheur3 found by AVG

Started by aigloscelt , Jul 28 2011 02:56 AM

  • Please log in to reply

#1
aigloscelt
Posted 28 July 2011 - 02:56 AM

aigloscelt

    New Member

  • Member
  • Pip
  • 4 posts
I was installing a free mmo called 12tails, and when I started the game after install AVG detected several instances of Trojan Horse Sheur3 or something along those lines. I don't know if these were caused by the game or not, as others I know have installed it without any problems.

OTL logfile created on: 7/28/2011 1:41:03 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Miyavi\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.86 Mb Total Physical Memory | 560.79 Mb Available Physical Memory | 54.88% Memory free
2.40 Gb Paging File | 1.32 Gb Available in Paging File | 55.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 11.50 Gb Free Space | 7.97% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: EVA-DT | User Name: Miyavi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/28 01:39:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miyavi\My Documents\Downloads\OTL.exe
PRC - [2011/07/26 18:23:37 | 000,833,024 | ---- | M] () -- C:\WINDOWS\system32\wups32.exe
PRC - [2011/07/26 18:23:37 | 000,833,024 | ---- | M] () -- C:\WINDOWS\system32\ati2cqag32.exe
PRC - [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Miyavi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/06/02 23:29:48 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Miyavi\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/03/14 09:13:43 | 004,109,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgui.exe
PRC - [2011/03/14 09:13:37 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/08 14:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/11/24 10:23:57 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/24 10:23:54 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 09:30:31 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/05 11:31:13 | 003,196,176 | ---- | M] ( Dragon's Eye Productions, Inc.) -- C:\Program Files\Furcadia\Furcadia.exe
PRC - [2010/08/05 11:31:13 | 001,010,960 | ---- | M] (Dragon's Eye Productions, Inc.) -- C:\Program Files\Furcadia\furc_on.exe
PRC - [2010/07/15 12:06:51 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 12:06:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 12:04:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/20 16:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/07/28 01:39:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miyavi\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AOL ACS)
SRV - [2011/07/26 18:23:37 | 000,833,024 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\wups32.exe -- (MDM32)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/05/19 16:29:00 | 004,096,504 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/11/24 10:23:57 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/07/15 12:06:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/15 12:06:14 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/03/13 23:16:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 10:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/28 01:19:56 | 000,483,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\12TailsOnline\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2011/05/18 21:42:16 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 12:06:21 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/07/15 12:06:21 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/07/15 12:06:20 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/07/15 12:06:20 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/07/15 12:04:32 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/16 13:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/06/02 08:08:05 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/28 16:02:52 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/04/28 15:59:23 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/04/28 15:59:23 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/04/26 22:23:52 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/03 17:32:24 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/12/01 16:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/09/29 21:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/05/14 23:03:24 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/10 10:09:56 | 000,096,256 | ---- | M] (The Linksys Group, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LSIPNDS.sys -- (IPN2120)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6E 0A 6C 04 B2 15 CA 45 A4 16 45 A5 60 DF 6D F7 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {077a24e9-0db5-435f-9010-5261c53e5925}:2008.1.9
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Miyavi\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Miyavi\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Miyavi\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/06/24 15:43:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/20 22:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/20 22:33:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 18:05:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 02:32:15 | 000,000,000 | ---D | M]

[2010/05/09 22:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Miyavi\Application Data\Mozilla\Extensions
[2010/05/09 22:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Miyavi\Application Data\Mozilla\Extensions\[email protected]
[2009/03/29 21:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Miyavi\Application Data\Mozilla\Extensions\[email protected]
[2011/07/26 18:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\extensions
[2010/04/07 03:37:16 | 000,000,000 | ---D | M] (Mabinogi Avatar Renderer) -- C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}
[2010/05/04 11:50:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/26 18:23:43 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\extensions\{c8da5b82-f2d4-47c5-b55d-e8f9ffcb78c1}
[2010/04/06 21:25:30 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\searchplugins\aol-search.xml
[2010/04/26 22:24:53 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\searchplugins\daemon-search.xml
[2011/07/24 20:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/24 15:43:03 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/12/20 22:33:21 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/20 22:33:22 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2008/07/08 14:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll

O1 HOSTS File: ([2009/03/13 23:12:58 | 000,000,764 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {046C0A6E-15B2-45CA-A416-45A560DF6DF7} - C:\WINDOWS\system32\ati2cqag32.dll ()
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NSRKey] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1235205317784 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1235205373705 (MUWebControl Class)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabino...eb.2009.4.9.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} http://bgweb.nowcdn....ownStarter2.cab (DownStarter2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Miyavi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Miyavi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/21 00:52:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/28 01:19:53 | 004,096,504 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2011/07/28 00:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\12TailsOnline
[2011/07/28 00:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\12TailsOnline
[2011/07/27 01:08:15 | 416,472,883 | ---- | C] (Bigbug Studio, LTD. ) -- C:\Documents and Settings\Miyavi\Desktop\12TailsSetup4.15.exe
[2011/07/24 20:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Miyavi\Desktop\GixenDesktopManager
[2011/07/19 02:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Miyavi\My Documents\DivX Movies
[2011/07/13 18:22:10 | 000,000,000 | ---D | C] -- C:\f5e0cad4d4d9a173de8c1e85bf6f
[2011/07/05 03:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/05 02:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/05 00:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/07/03 01:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Miyavi\Local Settings\Application Data\Unity
[2011/06/29 13:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Miyavi\Desktop\Madotsuki Shimeji
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/28 01:34:13 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-362288127-839522115-1003UA.job
[2011/07/28 00:56:34 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/28 00:15:33 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Miyavi\Application Data\Microsoft\Internet Explorer\Quick Launch\12TailsOnline.lnk
[2011/07/28 00:15:30 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\12TailsOnline.lnk
[2011/07/27 23:34:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-362288127-839522115-1003Core.job
[2011/07/27 23:25:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Miyavi\Local Settings\Application Data\prvlcl.dat
[2011/07/27 17:03:22 | 082,546,833 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/07/27 02:51:07 | 416,472,883 | ---- | M] (Bigbug Studio, LTD. ) -- C:\Documents and Settings\Miyavi\Desktop\12TailsSetup4.15.exe
[2011/07/26 18:23:47 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\1713206974
[2011/07/26 18:23:38 | 000,466,432 | ---- | M] () -- C:\WINDOWS\System32\ati2cqag32.dll
[2011/07/26 18:23:37 | 000,833,024 | ---- | M] () -- C:\WINDOWS\System32\wups32.exe
[2011/07/26 18:23:37 | 000,833,024 | ---- | M] () -- C:\WINDOWS\System32\ati2cqag32.exe
[2011/07/25 16:06:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/25 00:35:14 | 000,066,688 | ---- | M] () -- C:\Documents and Settings\Miyavi\Desktop\chien(2).mp3
[2011/07/25 00:25:59 | 000,222,592 | ---- | M] () -- C:\Documents and Settings\Miyavi\Desktop\chien(2).wav
[2011/07/25 00:17:21 | 000,222,592 | ---- | M] () -- C:\Documents and Settings\Miyavi\Desktop\chien.wav
[2011/07/24 20:04:21 | 001,492,347 | ---- | M] () -- C:\Documents and Settings\Miyavi\Desktop\GixenDesktopManager.zip
[2011/07/24 19:56:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/24 19:55:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/07/24 19:55:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/22 09:54:13 | 000,658,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2011/07/19 02:37:39 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Miyavi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/14 18:22:46 | 002,162,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 18:36:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 02:13:30 | 000,000,526 | ---- | M] () -- C:\Documents and Settings\Miyavi\My Documents\charlotte.png
[2011/07/05 13:36:28 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Miyavi\Desktop\Secret of the Magic Crystal.url
[2011/07/05 13:35:05 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Miyavi\Desktop\Garry's Mod.url
[2011/07/05 03:11:48 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/05 02:32:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/28 00:15:33 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Miyavi\Application Data\Microsoft\Internet Explorer\Quick Launch\12TailsOnline.lnk
[2011/07/28 00:15:30 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\12TailsOnline.lnk
[2011/07/26 18:23:47 | 000,833,024 | ---- | C] () -- C:\WINDOWS\System32\ati2cqag32.exe
[2011/07/26 18:23:44 | 000,833,024 | ---- | C] () -- C:\WINDOWS\System32\wups32.exe
[2011/07/26 18:23:44 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\1713206974
[2011/07/26 18:23:38 | 000,466,432 | ---- | C] () -- C:\WINDOWS\System32\ati2cqag32.dll
[2011/07/25 00:35:14 | 000,066,688 | ---- | C] () -- C:\Documents and Settings\Miyavi\Desktop\chien(2).mp3
[2011/07/25 00:25:58 | 000,222,592 | ---- | C] () -- C:\Documents and Settings\Miyavi\Desktop\chien(2).wav
[2011/07/25 00:17:20 | 000,222,592 | ---- | C] () -- C:\Documents and Settings\Miyavi\Desktop\chien.wav
[2011/07/24 20:04:17 | 001,492,347 | ---- | C] () -- C:\Documents and Settings\Miyavi\Desktop\GixenDesktopManager.zip
[2011/07/11 02:13:30 | 000,000,526 | ---- | C] () -- C:\Documents and Settings\Miyavi\My Documents\charlotte.png
[2011/07/05 13:36:28 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Miyavi\Desktop\Secret of the Magic Crystal.url
[2011/07/05 13:35:05 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Miyavi\Desktop\Garry's Mod.url
[2011/07/05 03:11:48 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/05 02:41:26 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/05 02:32:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/29 18:03:50 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/01/07 20:57:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/29 18:39:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SMMVSplitter.INI
[2010/05/04 14:07:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Miyavi\Local Settings\Application Data\prvlcl.dat
[2009/11/19 15:00:04 | 000,057,888 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/11 19:05:29 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/02 00:30:42 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Miyavi\Application Data\swk.ini
[2009/09/29 20:28:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/17 18:47:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/12 01:15:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/05/22 18:24:48 | 000,069,360 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2009/05/22 18:24:48 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2009/05/08 12:02:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2009/03/24 01:30:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/03/19 00:37:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/19 00:37:05 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Miyavi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/18 22:09:35 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/03/18 22:09:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2009/03/18 22:09:35 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2009/03/18 21:56:43 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2009/03/13 22:42:02 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/03/12 22:47:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/02 12:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/21 12:57:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/21 03:18:49 | 000,215,144 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/02/21 03:18:20 | 000,215,144 | ---- | C] () -- C:\WINDOWS\pw32a.dll
[2009/02/21 03:14:40 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Miyavi\Local Settings\Application Data\fusioncache.dat
[2009/02/21 02:31:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/02/21 02:20:12 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/02/21 02:13:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/02/21 00:54:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/21 00:51:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/20 16:45:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/20 16:44:36 | 002,162,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/29 03:36:06 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/29 03:36:06 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/09/29 03:36:06 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/14 22:11:54 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/28 18:57:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/06/06 03:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,502,672 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,086,756 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/08/19 19:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2Wire
[2010/04/14 15:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/06/09 11:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/07/28 01:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 09:09:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/04/26 22:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/03/19 00:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
[2011/02/20 11:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iIlMaFe06510
[2010/02/22 12:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/02/09 18:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/09/22 00:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2010/08/17 19:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2010/02/09 18:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/04 20:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/07 14:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/17 12:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/27 12:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/15 01:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\.minecraft
[2009/03/18 22:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\2Wire
[2009/03/19 00:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\acccore
[2009/11/11 17:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Anvil Studio
[2010/05/04 11:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\AVG9
[2009/09/22 12:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Bioshock
[2011/01/14 20:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Bioshock2
[2010/12/08 21:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Boilsoft
[2010/04/28 15:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\DAEMON Tools Lite
[2010/06/16 01:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\GetRightToGo
[2011/01/16 01:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Image Zone Express
[2010/11/01 22:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\LimeWire
[2010/12/20 22:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Local
[2010/09/19 23:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\LolClient
[2010/03/16 09:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Metaversum
[2010/04/28 20:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Mount&Blade Warband
[2009/10/13 23:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Music Recognition
[2009/04/24 01:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Opera
[2011/06/02 02:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Quest3D
[2011/06/28 23:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\RIFT
[2010/03/09 21:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Screaming Bee
[2009/05/09 01:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\SogouPY
[2009/05/09 01:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\SogouPY.users
[2009/06/14 21:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Subversion
[2010/08/17 19:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\SYSTEMAX Software Development
[2010/10/06 01:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Turbine
[2010/05/09 22:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Vivox
[2009/03/04 03:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Windows Desktop Search
[2009/03/18 23:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miyavi\Application Data\Windows Search
[2011/07/24 19:55:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/05/05 07:22:03 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?¢) -- C:\WINDOWS\System32\疈¢
[2011/05/05 07:22:03 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?¢) -- C:\WINDOWS\System32\疈¢

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73B1147D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888EAF11

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 28 July 2011 - 10:45 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
For what it is worth the malware was installed 8 hours before the game you mentioned.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:Services
CLTNetCnService
AOL ACS

:OTL
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AOL ACS)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
[2011/07/26 18:23:43 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\extensions\{c8da5b82-f2d4-47c5-b55d-e8f9ffcb78c1}
[2010/04/26 22:24:53 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\searchplugins\daemon-search.xml
O2 - BHO: (no name) - {046C0A6E-15B2-45CA-A416-45A560DF6DF7} - C:\WINDOWS\system32\ati2cqag32.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [NSRKey] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011/07/26 18:23:47 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\1713206974
[2011/07/26 18:23:38 | 000,466,432 | ---- | M] () -- C:\WINDOWS\System32\ati2cqag32.dll
[2011/07/26 18:23:37 | 000,833,024 | ---- | M] () -- C:\WINDOWS\System32\wups32.exe
[2011/07/26 18:23:37 | 000,833,024 | ---- | M] () -- C:\WINDOWS\System32\ati2cqag32.exe
[2011/05/05 07:22:03 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?¢) -- C:\WINDOWS\System32\疈¢
[2011/05/05 07:22:03 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?¢) -- C:\WINDOWS\System32\疈¢


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


We need to uninstall AVG9 in order to run the next scan. It's obsolete anyway. We will replace it with the free Avast.
Download save and run the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.

Uninstall AVG9

Run the Avg Remover

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:
Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK
Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?


Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron
  • 0

#3
aigloscelt
Posted 29 July 2011 - 02:13 AM

aigloscelt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL Fix Log:

========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
Service AOL ACS stopped successfully!
Service AOL ACS deleted successfully!
========== OTL ==========
Error: No service named CLTNetCnService was found to stop!
Service\Driver key CLTNetCnService not found.
Error: No service named AOL ACS was found to stop!
Service\Driver key AOL ACS not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\extensions\{c8da5b82-f2d4-47c5-b55d-e8f9ffcb78c1}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\extensions\{c8da5b82-f2d4-47c5-b55d-e8f9ffcb78c1}\defaults folder moved successfully.
C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\extensions\{c8da5b82-f2d4-47c5-b55d-e8f9ffcb78c1}\chrome folder moved successfully.
C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\extensions\{c8da5b82-f2d4-47c5-b55d-e8f9ffcb78c1} folder moved successfully.
C:\Documents and Settings\Miyavi\Application Data\Mozilla\Firefox\Profiles\zjssob59.default\searchplugins\daemon-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{046C0A6E-15B2-45CA-A416-45A560DF6DF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{046C0A6E-15B2-45CA-A416-45A560DF6DF7}\ deleted successfully.
C:\WINDOWS\system32\ati2cqag32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NSRKey deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\system32\1713206974 moved successfully.
File C:\WINDOWS\System32\ati2cqag32.dll not found.
C:\WINDOWS\system32\wups32.exe moved successfully.
C:\WINDOWS\system32\ati2cqag32.exe moved successfully.
C:\WINDOWS\system32\疈¢ moved successfully.
File C:\WINDOWS\System32\疈¢ not found.
========== FILES ==========
[color=#A23BEC]< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >[/color]
0 File(s) copied
C:\Documents and Settings\Miyavi\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Miyavi\My Documents\Downloads\cmd.txt deleted successfully.
[color=#A23BEC]< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >[/color]
0 File(s) copied
C:\Documents and Settings\Miyavi\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Miyavi\My Documents\Downloads\cmd.txt deleted successfully.
[color=#A23BEC]< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >[/color]
0 File(s) copied
C:\Documents and Settings\Miyavi\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Miyavi\My Documents\Downloads\cmd.txt deleted successfully.
[color=#A23BEC]< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >[/color]
0 File(s) copied
C:\Documents and Settings\Miyavi\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Miyavi\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.1 log created on 07282011_215348

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes log

Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org
Database version: 7313 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/28/2011 10:15:29 PM
mbam-log-2011-07-28 (22-15-29).txt Scan type: Quick scan Objects scanned: 180733 Time elapsed: 12 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0 Files Infected: 1
Memory Processes Infected: (No malicious items detected)
Memory Modules Infected: (No malicious items detected)
Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected: (No malicious items detected)
Registry Data Items Infected: (No malicious items detected)
Folders Infected: (No malicious items detected)
Files Infected: c:\documents and settings\Miyavi\local settings\Temp\tmph4453462616652405360.tmp (Adware.Agent) -> Quarantined and deleted successfully.


Avast denied access for the combofix log so no log was made.

aswMBR.exe log. The Fix button was not enabled.

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software Run date: 2011-07-29 00:46:01 ----------------------------- 00:46:01.812 OS Version: Windows 5.1.2600 Service Pack 3 00:46:01.812 Number of processors: 2 586 0xF06 00:46:01.812 ComputerName: EVA-DT UserName: Miyavi 00:46:03.234 Initialize success 00:46:04.187 AVAST engine defs: 11072801 00:46:27.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 00:46:27.078 Disk 0 Vendor: ST3160812AS 3.ADH Size: 152587MB BusType: 3 00:46:27.109 Disk 0 MBR read successfully 00:46:27.109 Disk 0 MBR scan 00:46:27.109 Disk 0 Windows XP default MBR code 00:46:27.109 Disk 0 scanning sectors +312496380 00:46:27.187 Disk 0 scanning C:\WINDOWS\system32\drivers 00:46:40.687 Service scanning 00:46:41.359 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 00:46:41.921 Modules scanning 00:46:50.140 Disk 0 trace - called modules: 00:46:50.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spul.sys hal.dll >>UNKNOWN [0x86f86938]<< 00:46:50.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86eddab8] 00:46:50.156 3 CLASSPNP.SYS[f7604fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f08d98] 00:46:51.406 AVAST engine scan C:\WINDOWS 00:47:00.593 AVAST engine scan C:\WINDOWS\system32 00:48:48.343 AVAST engine scan C:\WINDOWS\system32\drivers 00:49:05.796 AVAST engine scan C:\Documents and Settings\Miyavi 01:07:22.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Miyavi\Desktop\MBR.dat" 01:07:22.812 The log file has been saved successfully to "C:\Documents and Settings\Miyavi\Desktop\aswMBR.txt"


Will do the avast scan overnight and will post that and the logs from otl in the morning
  • 0

#4
RKinner
Posted 29 July 2011 - 08:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Please do not quote the logs. Just copy and paste them.

Avast should have been turned off before downloading or running Combofix:

"Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK
Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted"
  • 0

#5
aigloscelt
Posted 29 July 2011 - 11:51 AM

aigloscelt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Should I rerun combofix?
  • 0

#6
RKinner
Posted 29 July 2011 - 02:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Please do.

Ron
  • 0

#7
aigloscelt
Posted 31 July 2011 - 09:56 PM

aigloscelt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
sorry for delay, been busy> will do scans tonight and post logs asap
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP