Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/Help! Mebroot trojan can't be removed by Nod32 antivirus

Started by boonierator , Sep 04 2011 07:23 AM

  • This topic is locked This topic is locked

#1
boonierator
Posted 04 September 2011 - 07:23 AM

boonierator

    New Member

  • Member
  • Pip
  • 8 posts
recently nod32 detected a trojan called win32/mebroot in my computer. it cannot be removed by nod32. ive tried using the nod32 stand alone program in there website to specifically removed mebroot. when i run the program it detected the mebroot trojan but when i click the remove mebroot button my pc crashes and turned into a blue screen...
im sorry for my bad english cause its not my first language.
ang thank you in advance whoever is going to help me...

Edited by boonierator, 04 September 2011 - 07:41 AM.

  • 0

Advertisements

#2
boonierator
Posted 04 September 2011 - 07:48 AM

boonierator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
i started using OTL and this is the scan report

OTL logfile created on: 9/4/2011 9:30:22 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = E:\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.38 Mb Total Physical Memory | 70.84 Mb Available Physical Memory | 6.94% Memory free
2.25 Gb Paging File | 1.15 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52.14 Gb Total Space | 8.53 Gb Free Space | 16.36% Space Free | Partition Type: NTFS
Drive E: | 51.84 Gb Total Space | 41.67 Gb Free Space | 80.39% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/04 21:07:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
PRC - [2011/09/04 20:25:34 | 000,928,320 | ---- | M] (北京完美时空网络技术有限公司) -- E:\Program Files\Cubizone Philippinesz\Forsaken World\patcher.exe
PRC - [2011/09/01 09:23:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/15 16:26:47 | 000,403,320 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2010/04/20 22:16:59 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010/04/01 17:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/30 15:08:26 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/10/30 15:05:48 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/09/12 11:31:18 | 000,811,008 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/07 21:59:10 | 000,062,744 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files\Qtel Mobile Broadband\WaHelper.exe
PRC - [2009/02/23 21:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2007/11/26 19:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/04/12 01:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0470Mon.exe
PRC - [2007/01/03 10:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/01/03 10:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/01/03 08:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2006/12/29 12:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006/12/28 23:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/12/23 06:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/12/01 13:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/25 04:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/07/18 16:15:18 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\vmsnap3.exe
PRC - [2006/07/04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/04 20:30:00 | 008,019,008 | ---- | M] () -- E:\Program Files\Cubizone Philippinesz\Forsaken World\update\game.exe
MOD - [2011/09/04 20:29:59 | 000,035,392 | ---- | M] () -- E:\Program Files\Cubizone Philippinesz\Forsaken World\sysinfo.dll
MOD - [2011/09/04 20:25:34 | 000,084,544 | ---- | M] () -- E:\Program Files\Cubizone Philippinesz\Forsaken World\packdll.dll
MOD - [2011/09/01 09:23:37 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/16 10:06:22 | 000,077,312 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\oe15661r.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
MOD - [2011/07/10 08:56:29 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2007/01/03 10:52:18 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2006/07/04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/07/09 18:50:23 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/12/18 19:47:40 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/10/30 15:05:48 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/10/30 15:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/09/17 15:33:26 | 000,651,776 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 15:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 19:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/01/03 10:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/03 08:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/03 01:33:24 | 000,135,168 | ---- | M] (acer) [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 12:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 23:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/23 06:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/25 04:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/04 16:18:25 | 000,114,984 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\EOlmalikFixer\EMebFix.sys -- (EMebFix)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/16 13:45:59 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/20 02:43:03 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/11 07:26:28 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/04/01 05:45:41 | 000,190,080 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u90.sys -- (SWNC8U90) Sierra Wireless MUX NDIS Driver (UMTS90)
DRV - [2009/03/26 04:42:22 | 000,148,096 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx90.sys -- (SWUMX90) Sierra Wireless USB MUX Driver (UMTS90)
DRV - [2009/03/19 19:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/19 19:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/02/09 13:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 13:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 13:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 13:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/01/15 05:20:01 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/26 15:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/26 19:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 19:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 19:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/06/23 13:45:58 | 000,480,128 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2007/05/15 10:14:24 | 001,472,768 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC0303)
DRV - [2007/04/21 01:00:00 | 000,146,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0470Vid.sys -- (VF0470Vid) Live! Cam Notebook (VF0470)
DRV - [2006/12/20 13:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/12/07 23:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 21:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 15:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 09:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/25 14:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 14:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 14:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/19 07:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/07/28 13:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/20 23:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 23:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [1998/12/28 13:19:12 | 000,040,392 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mgnt.sys -- (MicroGuard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.startup.homepage: "http://www.google.com.ph/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\user\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.21: C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/23 21:36:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 09:23:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/10 22:09:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/07/09 18:39:51 | 000,000,000 | ---D | M]

[2011/07/09 19:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2011/08/25 18:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\oe15661r.default\extensions
[2011/08/18 21:15:58 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\oe15661r.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/07/15 16:27:02 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\oe15661r.default\extensions\[email protected]
[2011/07/15 16:27:01 | 000,000,863 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\oe15661r.default\searchplugins\conduit.xml
[2011/07/09 19:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/03 11:46:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/01 09:23:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [V0470Mon.exe] C:\Windows\V0470Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VMSnap3] C:\Windows\vmsnap3.exe (Vimicro)
O4 - HKLM..\Run: [WatcherHelper] C:\Program files\Qtel Mobile Broadband\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E7B5C0B-26F1-4DD9-A108-BA163D540B5A}: DhcpNameServer = 212.77.192.59 212.77.192.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2987596-BAF9-420F-8857-A372EE243B36}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAAA3638-CF3A-49B2-AE26-6729357509F2}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/04 04:23:20 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5743b2af-aa0f-11e0-8049-0016d4d5a4fa}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{64126cc7-6012-11de-b297-0016d4d5a4fa}\Shell\AutoRun\command - "" = G:\cache\tmp983.exe
O33 - MountPoints2\{64126cc7-6012-11de-b297-0016d4d5a4fa}\Shell\oPEN\coMmaNd - "" = G:\cache\tmp983.exe
O33 - MountPoints2\{66d93fad-1e15-11df-88b2-00a0d5ffffab}\Shell\AutoRun\command - "" = mbvd.exe
O33 - MountPoints2\{66d93fad-1e15-11df-88b2-00a0d5ffffab}\Shell\open\Command - "" = mbvd.exe
O33 - MountPoints2\{67d8baca-6001-11de-bbbb-0016d4d5a4fa}\Shell\AutoRun\command - "" = G:\d1vmq.exe
O33 - MountPoints2\{67d8baca-6001-11de-bbbb-0016d4d5a4fa}\Shell\open\Command - "" = G:\d1vmq.exe
O33 - MountPoints2\{67d8bacc-6001-11de-bbbb-0016d4d5a4fa}\Shell\AutoRun\command - "" = H:\d1vmq.exe
O33 - MountPoints2\{67d8bacc-6001-11de-bbbb-0016d4d5a4fa}\Shell\open\Command - "" = H:\d1vmq.exe
O33 - MountPoints2\{9af0b18c-98c5-11df-b19b-0016d4d5a4fa}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{db801fde-c002-11de-9268-0016d4d5a4fa}\Shell - "" = AutoRun
O33 - MountPoints2\{db801fde-c002-11de-9268-0016d4d5a4fa}\Shell\AutoRun\command - "" = G:\WIN\setup.exe
O33 - MountPoints2\{eb042568-6a22-11e0-b129-0016d4d5a4fa}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ed614c09-e324-11df-86a9-0016d4d5a4fa}\Shell - "" = Autorun
O33 - MountPoints2\{ed614c09-e324-11df-86a9-0016d4d5a4fa}\Shell\AutoRun\command - "" = D:\scvhosts.exe
O33 - MountPoints2\{ed614c09-e324-11df-86a9-0016d4d5a4fa}\Shell\Open\command - "" = D:\scvhosts.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 21:06:33 | 000,581,120 | ---- | C] (OldTimer Tools) -- E:\Desktop\OTL.exe
[2011/09/04 20:30:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forsaken World
[2011/09/04 14:58:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2011/09/04 14:58:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/04 14:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 14:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/04 14:58:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/04 14:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 00:27:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\QuickScan
[2011/09/04 00:15:17 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011/09/04 00:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/08/30 16:43:51 | 000,000,000 | ---D | C] -- E:\Desktop\New Folder (2)
[2011/08/17 22:20:49 | 000,000,000 | ---D | C] -- C:\logs
[2011/08/17 22:20:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chikka Messenger
[2011/08/17 22:20:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Chikka Messenger
[2011/08/15 21:05:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2009/06/23 17:27:17 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/01/18 18:43:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2 C:\Users\user\AppData\Local\*.tmp files -> C:\Users\user\AppData\Local\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 21:30:14 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/09/04 21:17:08 | 000,012,978 | ---- | M] () -- C:\Users\user\AppData\Roaming\nvModes.001
[2011/09/04 21:07:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
[2011/09/04 20:56:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/04 20:51:58 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/09/04 20:51:58 | 000,012,978 | ---- | M] () -- C:\Users\user\AppData\Roaming\nvModes.dat
[2011/09/04 20:51:57 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2011/09/04 20:51:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 20:51:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 20:51:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/04 20:51:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/04 20:51:11 | 155,367,200 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/04 20:44:11 | 000,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2011/09/04 20:30:14 | 000,000,053 | ---- | M] () -- E:\Desktop\Forsaken World.url
[2011/09/04 00:31:41 | 000,000,845 | ---- | M] () -- E:\Documents\fix.reg
[2011/09/04 00:03:36 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2011/09/03 02:30:04 | 000,001,620 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\shutdown.lnk
[2011/08/26 20:49:09 | 000,050,994 | ---- | M] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2011/08/17 22:20:46 | 000,000,943 | ---- | M] () -- E:\Desktop\Chikka Messenger v.5.lnk
[2011/08/17 22:19:39 | 002,459,767 | ---- | M] () -- E:\Desktop\ctm_v5_setup.exe
[2011/08/06 12:16:56 | 000,612,336 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/06 12:16:56 | 000,108,132 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2 C:\Users\user\AppData\Local\*.tmp files -> C:\Users\user\AppData\Local\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/04 20:30:14 | 000,000,053 | ---- | C] () -- E:\Desktop\Forsaken World.url
[2011/09/04 00:45:20 | 155,367,200 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/04 00:31:41 | 000,000,845 | ---- | C] () -- E:\Documents\fix.reg
[2011/09/03 02:31:10 | 000,001,620 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\shutdown.lnk
[2011/08/17 22:20:46 | 000,000,943 | ---- | C] () -- E:\Desktop\Chikka Messenger v.5.lnk
[2011/08/17 22:16:57 | 002,459,767 | ---- | C] () -- E:\Desktop\ctm_v5_setup.exe
[2011/07/13 19:04:35 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe
[2011/07/13 19:04:35 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2011/07/09 19:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/09 18:26:37 | 000,050,994 | ---- | C] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2011/07/09 17:19:11 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/10/13 18:14:19 | 000,000,552 | ---- | C] () -- C:\Users\user\AppData\Local\d3d8caps.dat
[2010/06/06 09:40:19 | 000,000,537 | ---- | C] () -- C:\Windows\FICEDULA.INI
[2010/06/04 22:11:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/15 23:53:56 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat
[2010/04/23 21:26:11 | 000,031,232 | R--- | C] () -- C:\Program Files\dev-chkg.exe
[2010/04/23 21:26:11 | 000,004,434 | R--- | C] () -- C:\Program Files\deviance.nfo
[2010/01/25 01:37:11 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/11/20 02:43:03 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2009/11/19 05:19:08 | 000,022,688 | ---- | C] () -- C:\Windows\System32\Mg16.dll
[2009/11/19 05:19:07 | 000,040,392 | ---- | C] () -- C:\Windows\System32\drivers\mgnt.sys
[2009/10/24 02:54:58 | 000,028,288 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/10/20 15:50:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 15:50:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/11 10:44:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/04 16:32:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/24 02:58:07 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2009/06/23 23:13:08 | 000,012,978 | ---- | C] () -- C:\Users\user\AppData\Roaming\nvModes.001
[2009/06/23 23:13:07 | 000,012,978 | ---- | C] () -- C:\Users\user\AppData\Roaming\nvModes.dat
[2009/06/23 22:53:38 | 000,012,800 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/23 21:39:07 | 000,047,104 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2009/06/23 21:37:51 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/06/23 17:53:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/23 17:27:17 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2009/06/23 17:25:04 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/06/23 17:20:35 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2009/06/23 17:07:12 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\Desktop_.ini
[2007/01/18 18:57:38 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2007/01/18 18:51:03 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/01/18 18:51:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/01/18 18:50:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/01/18 18:46:13 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/01/18 18:43:05 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/01/18 18:32:43 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/01/18 18:26:06 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/01/18 16:52:14 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/01/03 10:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/01/03 10:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/01/03 10:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/01/03 10:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll
[2007/01/03 10:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/01/03 10:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/01/03 10:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/26 07:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 21:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/03 22:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,401,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,612,336 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,108,132 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 20:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/27 07:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 14:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 07:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 13:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >

Attached Files


  • 0

#3
Essexboy
Posted 04 September 2011 - 08:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there your USB drive is infected

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{5743b2af-aa0f-11e0-8049-0016d4d5a4fa}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{64126cc7-6012-11de-b297-0016d4d5a4fa}\Shell\AutoRun\command - "" = G:\cache\tmp983.exe
    O33 - MountPoints2\{64126cc7-6012-11de-b297-0016d4d5a4fa}\Shell\oPEN\coMmaNd - "" = G:\cache\tmp983.exe
    O33 - MountPoints2\{66d93fad-1e15-11df-88b2-00a0d5ffffab}\Shell\AutoRun\command - "" = mbvd.exe
    O33 - MountPoints2\{66d93fad-1e15-11df-88b2-00a0d5ffffab}\Shell\open\Command - "" = mbvd.exe
    O33 - MountPoints2\{67d8baca-6001-11de-bbbb-0016d4d5a4fa}\Shell\AutoRun\command - "" = G:\d1vmq.exe
    O33 - MountPoints2\{67d8baca-6001-11de-bbbb-0016d4d5a4fa}\Shell\open\Command - "" = G:\d1vmq.exe
    O33 - MountPoints2\{67d8bacc-6001-11de-bbbb-0016d4d5a4fa}\Shell\AutoRun\command - "" = H:\d1vmq.exe
    O33 - MountPoints2\{67d8bacc-6001-11de-bbbb-0016d4d5a4fa}\Shell\open\Command - "" = H:\d1vmq.exe
    O33 - MountPoints2\{9af0b18c-98c5-11df-b19b-0016d4d5a4fa}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{db801fde-c002-11de-9268-0016d4d5a4fa}\Shell - "" = AutoRun
    O33 - MountPoints2\{db801fde-c002-11de-9268-0016d4d5a4fa}\Shell\AutoRun\command - "" = G:\WIN\setup.exe
    O33 - MountPoints2\{eb042568-6a22-11e0-b129-0016d4d5a4fa}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{ed614c09-e324-11df-86a9-0016d4d5a4fa}\Shell - "" = Autorun
    O33 - MountPoints2\{ed614c09-e324-11df-86a9-0016d4d5a4fa}\Shell\AutoRun\command - "" = D:\scvhosts.exe
    O33 - MountPoints2\{ed614c09-e324-11df-86a9-0016d4d5a4fa}\Shell\Open\command - "" = D:\scvhosts.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
boonierator
Posted 04 September 2011 - 08:41 AM

boonierator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
thank you very much sir for reading my post and helping me..
this is the scan result that you've ask for...

Attached Files


  • 0

#5
Essexboy
Posted 04 September 2011 - 08:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Re-Run aswMBR

Click Scan

On completion of the scan
Click the FIXMBR Button

Posted Image


Save the log as before and post in your next reply
  • 0

#6
boonierator
Posted 04 September 2011 - 08:48 AM

boonierator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
here is the result sir...

Attached Files


  • 0

#7
Essexboy
Posted 04 September 2011 - 08:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this is the difficult one - we need to use the windows cd - do you have one ? If not then do the following

Create a Windows 7/Vista System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.




When you reboot you will see this . Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

  • Bootrec.exe /FixMbr
  • Once finished type Exit


Reboot to normal windows and run aswMBR again please
  • 0

#8
boonierator
Posted 04 September 2011 - 09:51 AM

boonierator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
sir i followed your instruction but it seems like i can't run recdisc.exe ...
so i tried to lacate it in windows system32 double clicked it and nothing happens, i tried to run it as admin still nothing happens sir.
i tried to edit the permission for system and click allow all to my administrator but it says that "unable to save permission changes on recdisc. Access is denied..
sorry for the late reply sir and for my bad english...
  • 0

#9
boonierator
Posted 04 September 2011 - 10:03 AM

boonierator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
sir, even as an administrators user i can't semm to run recdisc and also cant edit or change the permission to full control...
thank you sir for your help and patience...
  • 0

#10
Essexboy
Posted 04 September 2011 - 10:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets download a copy for you

Download Vista 32 bit recovery disc to your desktop
Unzip the ISO file to your desktop

Download Imgburn and install

Double click the Vista iso and imgburn will open and burn the file to disc

Reboot the computer with the CD and follow the instructions to fix the MBR
  • 0

#11
boonierator
Posted 04 September 2011 - 10:17 AM

boonierator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
i found a copy of vista recovery disc 32bit and i currently downloading it right now it's gonna take a while sir.. hopefully this will work! and thank you so much for your help sir...

Edited by boonierator, 04 September 2011 - 10:45 AM.

  • 0

#12
boonierator
Posted 04 September 2011 - 12:09 PM

boonierator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
sir ive copied the vista recovery to my cd and when i reboot my pc nothing happens. i edited in bios to boot my cd room first still nothing happens sir. ive decided that i reformat my laptop sice i cannot run any heavy applcation using my laptop since ive got the trojan. well anyway sir thnx fr your time and effort, i really appreciate it sir...
  • 0

#13
Essexboy
Posted 04 September 2011 - 12:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will be here on and off for the next 3 hours :)
  • 0

#14
Essexboy
Posted 07 September 2011 - 01:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP