Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirects and possible other viruses [Solved]

Started by Simorebut , Jan 28 2012 06:07 PM

  • This topic is locked This topic is locked

#1
Simorebut
Posted 28 January 2012 - 06:07 PM

Simorebut

    New Member

  • Member
  • Pip
  • 7 posts
Hello,

I have followed the guide (http://www.geekstogo...ogle-redirects/) to try and remove the google redirects but still does not remove the malware. I also tried the code from the guide but it just freezes the computer and does nothing.

I have tried using MBAM, TDSSKiller, combo fix and it still hasn't worked. Also Windows Security Essentials has been disabled and will not open.

Thanks in advance for your help.

Here is my OTL log

OTL logfile created on: 1/28/2012 6:58:11 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mat\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.06% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 22.40 Gb Free Space | 4.81% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 99.21 Gb Free Space | 21.30% Space Free | Partition Type: NTFS

Computer Name: PHAN | User Name: Mat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 22:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.com
PRC - [2012/01/25 22:00:03 | 000,111,616 | ---- | M] () -- C:\WINDOWS\system32\Wc32py.com_
PRC - [2012/01/25 22:00:03 | 000,111,616 | ---- | M] () -- C:\WINDOWS\system32\Wc32py.com
PRC - [2012/01/09 23:50:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/10 00:59:21 | 000,110,352 | ---- | M] (www.motioninjoy.com) -- C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/28 10:54:14 | 000,323,400 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\vc10tray.exe
PRC - [2010/05/28 10:54:08 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe
PRC - [2010/05/28 10:54:02 | 000,411,464 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10Play.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Apps\F.lux\flux.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/25 22:00:03 | 000,111,616 | ---- | M] () -- C:\WINDOWS\system32\Wc32py.com_
MOD - [2012/01/25 22:00:03 | 000,111,616 | ---- | M] () -- C:\WINDOWS\system32\Wc32py.com
MOD - [2012/01/11 03:06:12 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2012/01/11 03:06:03 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2012/01/09 23:50:59 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 02:09:12 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 02:09:11 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:09:05 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 02:08:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 02:08:42 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 02:08:40 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 02:08:22 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/22 07:42:24 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/05/25 23:24:21 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/25 21:41:00 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Apps\F.lux\flux.exe
MOD - [2008/08/18 16:11:24 | 001,237,504 | ---- | M] () -- C:\Program Files\Virtual CD v10\System\vorbis.dll
MOD - [2008/08/18 16:08:10 | 000,050,688 | ---- | M] () -- C:\Program Files\Virtual CD v10\System\ogg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/28 10:54:08 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/05/16 13:48:56 | 000,228,208 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/10 00:59:22 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/25 23:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/05/21 09:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2010/04/08 03:11:36 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/10 17:34:34 | 000,013,952 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HH10Help.sys -- (HH10Help.sys)
DRV - [2009/10/06 05:54:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/28 03:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/12/20 19:23:00 | 000,023,872 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys -- (FXDrv32)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 23:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/23 19:06:34 | 000,000,000 | ---D | M]

[2010/11/13 22:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Extensions
[2012/01/26 18:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions
[2010/12/03 00:55:15 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2011/12/23 22:00:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/27 12:29:45 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/01/26 18:03:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/21 20:01:38 | 000,000,000 | ---D | M] ("Reddit Enhancement Suite") -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack
[2010/12/12 03:30:25 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\searchplugins\askcom.xml
[2011/07/11 13:04:02 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\searchplugins\startsear.xml
[2011/11/10 17:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\715AF8VE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/09 23:51:00 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/01 01:07:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 05:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 05:56:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://startsear.ch/...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: vshare plugin = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

O1 HOSTS File: ([2012/01/27 16:21:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\Mat\Local Settings\Apps\F.lux\flux.exe ()
O4 - Startup: C:\Documents and Settings\Mat\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C719369-D75D-4E20-9AD8-BE5B18C11559}: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C719369-D75D-4E20-9AD8-BE5B18C11559}: NameServer = 8.8.4.4,8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/13 22:19:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/28 11:02:28 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/27 23:10:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/27 22:48:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/27 22:08:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.com
[2012/01/27 22:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Desktop\GooredFix Backups
[2012/01/27 22:03:47 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe
[2012/01/27 22:01:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mat\Desktop\GooredFix.exe
[2012/01/27 21:46:29 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/27 21:45:33 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTM.exe
[2012/01/27 21:34:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/27 16:00:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/27 15:58:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/27 15:58:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/27 15:58:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/27 15:58:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/27 15:58:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/27 15:58:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/27 15:57:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mat\Start Menu\Programs\Administrative Tools
[2012/01/27 15:57:12 | 004,392,905 | R--- | C] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe
[2012/01/26 03:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/26 01:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/01/25 18:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
[2012/01/24 21:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/24 21:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/24 21:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/01/24 21:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2012/01/24 17:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\Zeov
[2012/01/24 17:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\Xooq
[2012/01/23 19:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX
[2012/01/23 19:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/01/23 19:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/01/22 19:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ParetoLogic
[2012/01/22 19:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/01/22 19:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/01/22 19:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/01/22 19:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2012/01/15 20:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Desktop\Mass Effect 2
[2012/01/15 20:22:01 | 000,333,312 | ---- | C] (BioWare) -- C:\Documents and Settings\Mat\Desktop\ME2CRC.exe
[2012/01/09 20:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2012/01/09 20:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\mIRC
[2012/01/09 20:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\mIRC
[2012/01/08 03:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\Applian FLV and Media Player
[2012/01/08 03:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Applian Technologies
[2012/01/08 03:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2012/01/08 01:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2012/01/02 20:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BodogPoker
[2012/01/02 20:08:17 | 000,000,000 | ---D | C] -- C:\Bodog
[2010/11/13 22:28:17 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/28 19:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/28 18:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/01/28 18:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/01/28 18:31:04 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/28 18:29:11 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\IKYDJJ.job
[2012/01/28 18:29:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/28 18:25:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-813497703-1417001333-1003UA.job
[2012/01/28 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/01/28 17:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/01/28 17:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/01/28 16:34:19 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/01/28 16:34:18 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/01/28 16:25:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-813497703-1417001333-1003Core.job
[2012/01/28 15:34:17 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/01/28 15:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/01/28 14:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/01/28 14:34:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/01/28 13:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/01/28 13:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/01/28 12:34:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/01/28 12:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/01/28 11:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/01/28 11:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/01/28 11:02:11 | 004,392,905 | R--- | M] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe
[2012/01/28 10:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/01/28 10:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/01/28 09:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/01/28 09:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/01/28 08:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/01/28 08:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/01/28 07:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/01/28 07:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/01/28 06:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/01/28 06:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/01/28 05:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/01/28 05:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/01/28 04:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/01/28 04:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/01/28 03:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/01/28 03:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/01/28 02:34:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/01/28 02:34:21 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/01/28 01:34:23 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/01/28 01:34:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/01/28 00:34:19 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/01/28 00:34:19 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/01/27 23:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/01/27 23:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/01/27 22:34:21 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/01/27 22:34:19 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/01/27 22:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.com
[2012/01/27 22:01:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mat\Desktop\GooredFix.exe
[2012/01/27 21:45:13 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTM.exe
[2012/01/27 20:34:20 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/01/27 20:34:20 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/01/27 19:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/01/27 19:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/01/27 16:21:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/27 16:00:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/27 15:42:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/26 21:34:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/01/26 21:34:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/01/26 03:32:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/26 00:30:29 | 000,177,664 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/26 00:26:41 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\4mSI4sF.dat
[2012/01/25 22:00:03 | 000,111,616 | ---- | M] () -- C:\WINDOWS\System32\Wc32py.com_
[2012/01/25 22:00:03 | 000,111,616 | ---- | M] () -- C:\WINDOWS\System32\Wc32py.com
[2012/01/24 21:05:02 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2012/01/24 21:03:46 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf
[2012/01/24 19:25:46 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Google Chrome.lnk
[2012/01/24 19:25:46 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/24 17:41:09 | 000,126,976 | RHS- | M] () -- C:\WINDOWS\System32\wmpsrcwp5.dll
[2012/01/24 16:44:58 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe
[2012/01/23 19:06:30 | 000,001,463 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\DivX Movies.lnk
[2012/01/23 00:33:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2012/01/22 19:07:00 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Data Recovery.lnk
[2012/01/21 13:40:28 | 000,001,139 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Now Playing44.wpl
[2012/01/18 17:43:03 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2012/01/15 20:42:21 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Mat\My Documents\John_31_Engineer_221105
[2012/01/15 20:41:52 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\John_31_Engineer_221105
[2012/01/15 20:41:16 | 000,015,719 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Save_0012.xbsav
[2012/01/11 03:07:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/11 03:05:27 | 000,492,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 03:05:27 | 000,083,466 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/09 20:10:35 | 000,029,024 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/09 20:06:06 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/01/08 03:06:33 | 000,001,034 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Applian FLV and Media Player.lnk
[2012/01/02 20:08:18 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BodogPoker.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/28 14:34:18 | 000,111,616 | ---- | C] () -- C:\WINDOWS\System32\Wc32py.com
[2012/01/27 16:00:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/27 16:00:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/27 15:58:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/27 15:58:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/27 15:58:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/27 15:58:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/27 15:58:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/27 06:09:05 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/26 00:23:59 | 000,111,616 | ---- | C] () -- C:\WINDOWS\System32\Wc32py.com_
[2012/01/25 18:09:09 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4mSI4sF.dat
[2012/01/25 18:09:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/01/25 18:09:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/01/25 18:09:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/01/25 18:09:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/01/25 18:09:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/01/25 18:09:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/01/25 18:09:06 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/01/25 18:09:06 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/01/25 18:09:06 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/01/25 18:09:06 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/01/25 18:09:06 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/01/25 18:09:06 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/01/25 18:09:06 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012/01/25 18:09:05 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012/01/25 18:09:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/01/24 21:05:02 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2012/01/24 21:03:46 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\9B13A86D.plf
[2012/01/24 17:52:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/24 17:41:09 | 000,126,976 | RHS- | C] () -- C:\WINDOWS\System32\wmpsrcwp5.dll
[2012/01/24 17:41:09 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\IKYDJJ.job
[2012/01/23 19:06:30 | 000,001,463 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\DivX Movies.lnk
[2012/01/22 19:07:06 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/01/22 19:07:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2012/01/22 19:07:00 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Data Recovery.lnk
[2012/01/21 13:40:28 | 000,001,139 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Now Playing44.wpl
[2012/01/15 20:42:21 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\Mat\My Documents\John_31_Engineer_221105
[2012/01/15 20:31:37 | 000,015,719 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Save_0012.xbsav
[2012/01/15 20:31:00 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\John_31_Engineer_221105
[2012/01/09 20:10:35 | 000,029,024 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/09 20:06:06 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/01/08 03:06:33 | 000,001,034 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Applian FLV and Media Player.lnk
[2012/01/02 20:08:18 | 000,000,353 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BodogPoker.lnk
[2011/02/20 17:29:56 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2011/02/20 17:29:56 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2011/02/20 17:29:56 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2011/02/20 17:29:56 | 000,000,308 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2011/02/20 17:29:53 | 000,002,944 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2011/01/30 00:54:32 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/01/01 03:17:36 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/12/15 02:01:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/12/15 02:01:17 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/12/15 02:01:17 | 000,224,001 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/12/15 02:01:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/12/06 08:58:56 | 002,496,715 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2010/12/04 11:00:56 | 000,265,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/04 02:25:10 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010/11/20 02:19:27 | 000,177,664 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 22:38:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/13 22:28:17 | 000,982,224 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/11/13 22:28:17 | 000,439,336 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/11/13 22:27:46 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/11/13 22:20:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 22:16:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/13 17:07:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/13 15:53:18 | 000,168,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,492,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,083,466 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 29 January 2012 - 08:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you post the combofix log please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultengine: "Web Search"
    FF - prefs.js..browser.search.defaultenginename: "Web Search"
    [2011/07/11 13:04:02 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\searchplugins\startsear.xml
    O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
    [2012/01/24 17:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\Zeov
    [2012/01/24 17:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\Xooq
    [2012/01/25 18:09:09 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4mSI4sF.dat

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\system32\Wc32py.com_
    C:\WINDOWS\system32\Wc32py.com
    C:\WINDOWS\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Simorebut
Posted 29 January 2012 - 06:06 PM

Simorebut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I'm having trouble running the OTL code. I let it run for hours and all it says is Killing All Processes, DO NOT INTERRUPT.. stays on that only and does nothing else.
  • 0

#4
Essexboy
Posted 30 January 2012 - 12:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you have the latest MBAM you will need to disable the service via Taskmanager

Right click the service and select stop service - then re-run the OTL fix


[attachment=55798:Capture.JPG]
  • 0

#5
Simorebut
Posted 30 January 2012 - 08:28 PM

Simorebut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the combo fix log.

ComboFix 12-01-29.02 - Mat 01/29/2012 12:12:21.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1381 [GMT -5:00]
Running from: c:\documents and settings\Mat\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mat\Application Data\mIRC\logs\status.log
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 12:34 . 2012-01-26 03:00 111616 ----a-w- c:\windows\system32\Wc32py.com_
2012-01-28 04:10 . 2012-01-28 04:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-28 03:48 . 2012-01-28 03:48 -------- d-----w- C:\_OTL
2012-01-28 02:46 . 2012-01-28 02:46 -------- d-----w- C:\_OTM
2012-01-27 11:01 . 2012-01-27 11:01 -------- d-----w- c:\documents and settings\Administrator.PHAN.000
2012-01-26 06:55 . 2012-01-26 06:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-01-25 23:25 . 2012-01-29 13:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2012-01-25 03:46 . 2012-01-25 03:46 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-01-25 02:05 . 2012-01-25 02:05 -------- d-----w- c:\program files\Recuva
2012-01-24 22:49 . 2012-01-25 02:26 -------- d-----w- c:\documents and settings\Mat\Application Data\Xooq
2012-01-24 22:49 . 2012-01-24 22:59 -------- d-----w- c:\documents and settings\Mat\Application Data\Zeov
2012-01-24 22:45 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{609D3516-6A54-420C-A1D5-930F69373A7F}\mpengine.dll
2012-01-24 22:41 . 2012-01-24 22:41 126976 --sha-r- c:\windows\system32\wmpsrcwp5.dll
2012-01-24 00:06 . 2012-01-24 00:06 -------- d-----w- c:\program files\DivX
2012-01-24 00:06 . 2012-01-24 00:06 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-01-23 00:06 . 2012-01-23 00:06 -------- d-----w- c:\program files\ParetoLogic
2012-01-23 00:06 . 2012-01-23 00:06 -------- d-----w- c:\program files\Common Files\ParetoLogic
2012-01-23 00:06 . 2012-01-23 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2012-01-23 00:06 . 2012-01-23 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2012-01-10 04:51 . 2012-01-10 04:51 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-10 04:51 . 2012-01-10 04:51 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-10 04:51 . 2012-01-10 04:51 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-10 04:51 . 2012-01-10 04:51 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-10 01:06 . 2012-01-29 17:17 -------- d-----w- c:\documents and settings\Mat\Application Data\mIRC
2012-01-10 01:06 . 2012-01-29 17:04 -------- d-----w- c:\program files\mIRC
2012-01-08 08:08 . 2012-01-08 08:08 -------- d-----w- c:\documents and settings\Mat\Application Data\Applian FLV and Media Player
2012-01-08 08:06 . 2012-01-08 08:06 -------- d-----w- c:\program files\Applian Technologies
2012-01-08 06:39 . 2012-01-08 06:39 -------- d-----w- c:\program files\Common Files\SWF Studio
2012-01-03 01:08 . 2012-01-03 01:08 -------- d-----w- C:\Bodog
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 04:19 . 2011-03-14 01:23 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-10 20:24 . 2011-03-03 11:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-03 15:28 . 2008-04-14 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:35 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-01-10 04:51 . 2011-06-22 23:40 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-27_21.21.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-29 17:19 . 2012-01-29 17:19 16384 c:\windows\temp\Perflib_Perfdata_718.dat
+ 2012-01-28 02:45 . 2012-01-28 02:45 299008 c:\windows\ERDNT\1-27-2012\Users\00000002\UsrClass.dat
+ 2012-01-28 02:45 . 2005-10-20 17:02 163328 c:\windows\ERDNT\1-27-2012\ERDNT.EXE
+ 2012-01-28 02:45 . 2012-01-28 02:45 4378624 c:\windows\ERDNT\1-27-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-07-10 110352]
"F.lux"="c:\documents and settings\Mat\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-06 18750976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-26 144920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"VC10Player"="c:\program files\Virtual CD v10\System\VC10Play.exe" [2010-05-28 411464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Mat\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 16:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DS3 Tool]
2011-07-10 05:59 110352 ----a-w- c:\program files\MotioninJoy\ds3\DS3_Tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-05-17 18:11 5729136 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
.
R1 vdrv1000;vdrv1000;c:\windows\system32\drivers\vdrv1000.sys [12/4/2010 12:08 AM 186392]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/3/2011 6:48 AM 652872]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2/20/2011 5:29 PM 14976]
R2 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [12/4/2010 12:08 AM 144712]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [12/4/2010 2:25 AM 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/3/2011 6:48 AM 20464]
S?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/13/2010 10:26 PM 1684736]
S3 FXDrv32;FXDrv32;c:\program files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [11/13/2010 10:29 PM 23872]
S3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [12/4/2010 12:08 AM 13952]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [12/15/2010 1:58 PM 81168]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\At10.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At12.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At14.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At16.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At18.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At2.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At20.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At22.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At24.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-28 c:\windows\Tasks\At26.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-28 c:\windows\Tasks\At28.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-28 c:\windows\Tasks\At30.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-28 c:\windows\Tasks\At32.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-28 c:\windows\Tasks\At34.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-28 c:\windows\Tasks\At36.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-28 c:\windows\Tasks\At38.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At4.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At40.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At42.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At44.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At46.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At48.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At6.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-29 c:\windows\Tasks\At8.job
- c:\windows\system32\Wc32py.com_ [2012-01-29 03:00]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-813497703-1417001333-1003Core.job
- c:\documents and settings\Mat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-10 04:05]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-813497703-1417001333-1003UA.job
- c:\documents and settings\Mat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-10 04:05]
.
2012-01-29 c:\windows\Tasks\IKYDJJ.job
- c:\windows\system32\wmpsrcwp5.dll [2012-01-24 22:41]
.
2012-01-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-01-28 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]
.
2012-01-29 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]
.
2012-01-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-02 00:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
TCP: Interfaces\{5C719369-D75D-4E20-9AD8-BE5B18C11559}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\documents and settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Virtual CD v10\System\VC10Tray.exe
.
**************************************************************************
.
Completion time: 2012-01-29 12:25:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-29 17:25
ComboFix2.txt 2012-01-28 16:10
ComboFix3.txt 2012-01-28 02:34
ComboFix4.txt 2012-01-27 21:23
.
Pre-Run: 23,486,193,664 bytes free
Post-Run: 23,640,219,648 bytes free
.
- - End Of File - - 2ABE9523008CB3961A8C9A0A36B323E3
  • 0

#6
Simorebut
Posted 30 January 2012 - 08:52 PM

Simorebut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 1/30/2012 9:28:38 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mat\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.39% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 85.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 22.66 Gb Free Space | 4.87% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 99.21 Gb Free Space | 21.30% Space Free | Partition Type: NTFS

Computer Name: PHAN | User Name: Mat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 22:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.com
PRC - [2012/01/09 23:50:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/10 00:59:21 | 000,110,352 | ---- | M] (www.motioninjoy.com) -- C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/28 10:54:14 | 000,323,400 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\vc10tray.exe
PRC - [2010/05/28 10:54:08 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe
PRC - [2010/05/28 10:54:02 | 000,411,464 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10Play.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Apps\F.lux\flux.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/11 03:06:12 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2012/01/11 03:06:03 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2012/01/09 23:50:59 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 02:09:12 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 02:09:11 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:09:05 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 02:08:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 02:08:42 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 02:08:40 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 02:08:22 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/22 07:42:24 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/11/25 21:41:00 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Apps\F.lux\flux.exe
MOD - [2008/08/18 16:11:24 | 001,237,504 | ---- | M] () -- C:\Program Files\Virtual CD v10\System\vorbis.dll
MOD - [2008/08/18 16:08:10 | 000,050,688 | ---- | M] () -- C:\Program Files\Virtual CD v10\System\ogg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/28 10:54:08 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/05/16 13:48:56 | 000,228,208 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2011/07/10 00:59:22 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/25 23:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/05/21 09:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2010/04/08 03:11:36 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/10 17:34:34 | 000,013,952 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HH10Help.sys -- (HH10Help.sys)
DRV - [2009/10/06 05:54:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/28 03:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/12/20 19:23:00 | 000,023,872 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys -- (FXDrv32)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 23:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/23 19:06:34 | 000,000,000 | ---D | M]

[2010/11/13 22:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Extensions
[2012/01/26 18:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions
[2010/12/03 00:55:15 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2011/12/23 22:00:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/27 12:29:45 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/01/26 18:03:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/21 20:01:38 | 000,000,000 | ---D | M] ("Reddit Enhancement Suite") -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack
[2010/12/12 03:30:25 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\searchplugins\askcom.xml
[2011/11/10 17:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\715AF8VE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/09 23:51:00 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/01 01:07:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 05:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 05:56:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://startsear.ch/...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: vshare plugin = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

O1 HOSTS File: ([2012/01/30 20:16:25 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\Mat\Local Settings\Apps\F.lux\flux.exe ()
O4 - Startup: C:\Documents and Settings\Mat\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C719369-D75D-4E20-9AD8-BE5B18C11559}: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C719369-D75D-4E20-9AD8-BE5B18C11559}: NameServer = 8.8.4.4,8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/13 22:19:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 20:18:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/29 12:56:27 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mat\Desktop\aswMBR.exe
[2012/01/29 12:17:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/29 12:11:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/27 23:10:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/27 22:48:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/27 22:08:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.com
[2012/01/27 22:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Desktop\GooredFix Backups
[2012/01/27 22:03:47 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe
[2012/01/27 22:01:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mat\Desktop\GooredFix.exe
[2012/01/27 21:46:29 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/27 21:45:33 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTM.exe
[2012/01/27 16:00:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/27 15:58:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/27 15:58:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/27 15:58:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/27 15:58:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/27 15:58:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/27 15:58:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/27 15:57:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mat\Start Menu\Programs\Administrative Tools
[2012/01/27 15:57:12 | 004,393,882 | R--- | C] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe
[2012/01/26 03:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/26 01:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/01/25 18:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
[2012/01/24 21:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/24 21:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/24 21:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/01/24 21:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2012/01/23 19:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX
[2012/01/23 19:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/01/23 19:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/01/22 19:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ParetoLogic
[2012/01/22 19:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/01/22 19:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/01/22 19:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/01/22 19:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2012/01/15 20:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Desktop\Mass Effect 2
[2012/01/15 20:22:01 | 000,333,312 | ---- | C] (BioWare) -- C:\Documents and Settings\Mat\Desktop\ME2CRC.exe
[2012/01/09 20:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2012/01/09 20:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\mIRC
[2012/01/09 20:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\mIRC
[2012/01/08 03:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\Applian FLV and Media Player
[2012/01/08 03:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Applian Technologies
[2012/01/08 03:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2012/01/08 01:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2012/01/02 20:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BodogPoker
[2012/01/02 20:08:17 | 000,000,000 | ---D | C] -- C:\Bodog
[2010/11/13 22:28:17 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/01/30 21:30:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-813497703-1417001333-1003UA.job
[2012/01/30 21:26:23 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 21:24:29 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\IKYDJJ.job
[2012/01/30 21:24:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 21:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/30 20:16:25 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/30 02:30:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-813497703-1417001333-1003Core.job
[2012/01/29 12:53:55 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mat\Desktop\aswMBR.exe
[2012/01/29 12:11:02 | 004,393,882 | R--- | M] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe
[2012/01/29 03:39:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2012/01/29 01:49:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/28 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/01/27 22:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.com
[2012/01/27 22:01:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mat\Desktop\GooredFix.exe
[2012/01/27 21:45:13 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTM.exe
[2012/01/27 16:00:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/26 03:32:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/26 00:30:29 | 000,177,664 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/24 21:05:02 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2012/01/24 21:03:46 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf
[2012/01/24 19:25:46 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Google Chrome.lnk
[2012/01/24 19:25:46 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/24 17:41:09 | 000,126,976 | RHS- | M] () -- C:\WINDOWS\System32\wmpsrcwp5.dll
[2012/01/24 16:44:58 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe
[2012/01/23 19:06:30 | 000,001,463 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\DivX Movies.lnk
[2012/01/22 19:07:00 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Data Recovery.lnk
[2012/01/21 13:40:28 | 000,001,139 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Now Playing44.wpl
[2012/01/18 17:43:03 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2012/01/15 20:42:21 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Mat\My Documents\John_31_Engineer_221105
[2012/01/15 20:41:52 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\John_31_Engineer_221105
[2012/01/15 20:41:16 | 000,015,719 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Save_0012.xbsav
[2012/01/11 03:07:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/11 03:05:27 | 000,492,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 03:05:27 | 000,083,466 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/09 20:10:35 | 000,029,024 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/09 20:06:06 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/01/08 03:06:33 | 000,001,034 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Applian FLV and Media Player.lnk
[2012/01/02 20:08:18 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BodogPoker.lnk

========== Files Created - No Company Name ==========

[2012/01/27 16:00:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/27 16:00:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/27 15:58:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/27 15:58:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/27 15:58:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/27 15:58:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/27 15:58:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/27 06:09:05 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/24 21:05:02 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2012/01/24 21:03:46 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\9B13A86D.plf
[2012/01/24 17:52:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/24 17:41:09 | 000,126,976 | RHS- | C] () -- C:\WINDOWS\System32\wmpsrcwp5.dll
[2012/01/24 17:41:09 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\IKYDJJ.job
[2012/01/23 19:06:30 | 000,001,463 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\DivX Movies.lnk
[2012/01/22 19:07:06 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/01/22 19:07:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2012/01/22 19:07:00 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Data Recovery.lnk
[2012/01/21 13:40:28 | 000,001,139 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Now Playing44.wpl
[2012/01/15 20:42:21 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\Mat\My Documents\John_31_Engineer_221105
[2012/01/15 20:31:37 | 000,015,719 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Save_0012.xbsav
[2012/01/15 20:31:00 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\John_31_Engineer_221105
[2012/01/09 20:10:35 | 000,029,024 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/09 20:06:06 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/01/08 03:06:33 | 000,001,034 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Applian FLV and Media Player.lnk
[2012/01/02 20:08:18 | 000,000,353 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BodogPoker.lnk
[2011/02/20 17:29:56 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2011/02/20 17:29:56 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2011/02/20 17:29:56 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2011/02/20 17:29:56 | 000,000,308 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2011/02/20 17:29:53 | 000,002,944 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2011/01/30 00:54:32 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/01/01 03:17:36 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/12/15 02:01:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/12/15 02:01:17 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/12/15 02:01:17 | 000,224,001 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/12/15 02:01:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/12/06 08:58:56 | 002,496,715 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2010/12/04 11:00:56 | 000,265,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/04 02:25:10 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010/11/20 02:19:27 | 000,177,664 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 22:38:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/13 22:28:17 | 000,982,224 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/11/13 22:28:17 | 000,439,336 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/11/13 22:27:46 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/11/13 22:20:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 22:16:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/13 17:07:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/13 15:53:18 | 000,168,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,492,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,083,466 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/28 21:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/01/22 19:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2012/01/22 19:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/01/30 00:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/11/14 14:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2011/01/29 03:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\abgx360
[2010/11/28 21:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\acccore
[2012/01/08 03:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Applian FLV and Media Player
[2011/02/17 00:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Camfrog
[2011/03/03 03:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\FileZilla
[2011/01/01 20:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\GameTuts
[2010/12/10 03:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\GPass
[2010/12/12 03:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\ImgBurn
[2011/01/30 02:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Mael
[2010/12/12 02:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Megaupload
[2011/02/20 21:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\mkvtoolnix
[2010/12/15 13:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\MotioninJoy
[2011/06/22 07:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\OpenOffice.org
[2011/01/30 00:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Research In Motion
[2011/12/29 18:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Stellarium
[2011/08/11 19:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\StreamTorrent
[2011/05/28 00:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\SystemRequirementsLab
[2010/12/04 00:09:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Mat\Application Data\Virtual CD v10
[2010/12/11 22:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\vShare
[2012/01/30 21:24:29 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\IKYDJJ.job
[2012/01/29 01:49:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/01/28 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2012/01/29 03:39:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2012/01/30 21:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >
  • 0

#7
Simorebut
Posted 30 January 2012 - 09:12 PM

Simorebut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 21:52:43
-----------------------------
21:52:43.765 OS Version: Windows 5.1.2600 Service Pack 3
21:52:43.765 Number of processors: 2 586 0x170A
21:52:43.765 ComputerName: PHAN UserName: Mat
21:52:44.531 Initialize success
21:53:26.984 AVAST engine defs: 12013000
21:54:42.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
21:54:42.921 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
21:54:42.921 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-19
21:54:42.921 Disk 1 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476940MB BusType: 3
21:54:42.953 Disk 0 MBR read successfully
21:54:42.953 Disk 0 MBR scan
21:54:42.984 Disk 0 Windows XP default MBR code
21:54:42.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
21:54:42.984 Disk 0 scanning sectors +976752000
21:54:43.046 Disk 0 scanning C:\WINDOWS\system32\drivers
21:54:48.968 Service scanning
21:54:49.218 Service vdrv1000 C:\WINDOWS\system32\DRIVERS\vdrv1000.sys **LOCKED**
21:54:49.734 Modules scanning
21:54:55.125 Disk 0 trace - called modules:
21:54:55.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:54:55.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d6aab8]
21:54:55.125 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000068[0x89e41cb8]
21:54:55.125 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x89e06940]
21:55:08.718 AVAST engine scan C:\WINDOWS
21:55:31.953 AVAST engine scan C:\WINDOWS\system32
21:56:51.921 File: C:\WINDOWS\system32\wmpsrcwp5.dll **INFECTED** Win32:Diller-E [Trj]
21:58:16.500 AVAST engine scan C:\WINDOWS\system32\drivers
21:58:48.031 AVAST engine scan C:\Documents and Settings\Mat
22:10:50.578 AVAST engine scan C:\Documents and Settings\All Users
22:11:19.390 Scan finished successfully
22:12:04.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mat\Desktop\MBR.dat"
22:12:04.218 The log file has been saved successfully to "C:\Documents and Settings\Mat\Desktop\aswMBR.txt"
  • 0

#8
Essexboy
Posted 31 January 2012 - 01:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now take out the one that aswMBR is not happy about. MBAM has been updated today to cure the problem with OTL so could you update MBAM prior to running the fix

Once the run is complete can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    [2012/01/30 21:24:29 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\IKYDJJ.job
    [2012/01/24 17:41:09 | 000,126,976 | RHS- | C] () -- C:\WINDOWS\System32\wmpsrcwp5.dll


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
Simorebut
Posted 31 January 2012 - 04:48 PM

Simorebut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Everything seems to be working fine now. Thanks.

OTL logfile created on: 1/31/2012 5:45:06 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mat\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.99% Memory free
3.85 Gb Paging File | 3.24 Gb Available in Paging File | 84.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 22.65 Gb Free Space | 4.86% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 99.21 Gb Free Space | 21.30% Space Free | Partition Type: NTFS

Computer Name: PHAN | User Name: Mat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/27 22:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.com
PRC - [2012/01/09 23:50:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/10 00:59:21 | 000,110,352 | ---- | M] (www.motioninjoy.com) -- C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/28 10:54:14 | 000,323,400 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\vc10tray.exe
PRC - [2010/05/28 10:54:08 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe
PRC - [2010/05/28 10:54:02 | 000,411,464 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10Play.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Apps\F.lux\flux.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/11 03:06:12 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2012/01/11 03:06:03 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2012/01/09 23:50:59 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 02:09:12 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 02:09:11 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:09:05 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 02:08:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 02:08:42 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 02:08:40 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 02:08:22 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/22 07:42:24 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/05/25 23:24:21 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/25 21:41:00 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Apps\F.lux\flux.exe
MOD - [2008/08/18 16:11:24 | 001,237,504 | ---- | M] () -- C:\Program Files\Virtual CD v10\System\vorbis.dll
MOD - [2008/08/18 16:08:10 | 000,050,688 | ---- | M] () -- C:\Program Files\Virtual CD v10\System\ogg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/28 10:54:08 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/05/16 13:48:56 | 000,228,208 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2011/07/10 00:59:22 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010/11/25 23:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/05/21 09:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2010/04/08 03:11:36 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/10 17:34:34 | 000,013,952 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HH10Help.sys -- (HH10Help.sys)
DRV - [2009/10/06 05:54:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/28 03:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/12/20 19:23:00 | 000,023,872 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys -- (FXDrv32)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 23:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/23 19:06:34 | 000,000,000 | ---D | M]

[2010/11/13 22:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Extensions
[2012/01/26 18:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions
[2010/12/03 00:55:15 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2011/12/23 22:00:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/27 12:29:45 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/01/26 18:03:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/21 20:01:38 | 000,000,000 | ---D | M] ("Reddit Enhancement Suite") -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack
[2010/12/12 03:30:25 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\715af8ve.default\searchplugins\askcom.xml
[2011/11/10 17:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\715AF8VE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/09 23:51:00 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/01 01:07:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 05:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 05:56:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://startsear.ch/...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: vshare plugin = C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

O1 HOSTS File: ([2012/01/31 17:40:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\Mat\Local Settings\Apps\F.lux\flux.exe ()
O4 - Startup: C:\Documents and Settings\Mat\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C719369-D75D-4E20-9AD8-BE5B18C11559}: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C719369-D75D-4E20-9AD8-BE5B18C11559}: NameServer = 8.8.4.4,8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/13 22:19:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 20:18:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/29 12:56:27 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mat\Desktop\aswMBR.exe
[2012/01/29 12:17:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/29 12:11:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/27 23:10:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/27 22:48:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/27 22:08:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.com
[2012/01/27 22:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Desktop\GooredFix Backups
[2012/01/27 22:03:47 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe
[2012/01/27 22:01:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Mat\Desktop\GooredFix.exe
[2012/01/27 21:46:29 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/01/27 21:45:33 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTM.exe
[2012/01/27 16:00:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/27 15:58:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/27 15:58:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/27 15:58:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/27 15:58:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/27 15:58:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/27 15:58:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/27 15:57:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mat\Start Menu\Programs\Administrative Tools
[2012/01/27 15:57:12 | 004,393,882 | R--- | C] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe
[2012/01/26 03:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/26 01:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/01/25 18:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
[2012/01/24 21:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/24 21:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/24 21:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/01/24 21:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2012/01/23 19:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX
[2012/01/23 19:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/01/23 19:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/01/22 19:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ParetoLogic
[2012/01/22 19:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/01/22 19:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/01/22 19:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/01/22 19:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2012/01/15 20:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Desktop\Mass Effect 2
[2012/01/15 20:22:01 | 000,333,312 | ---- | C] (BioWare) -- C:\Documents and Settings\Mat\Desktop\ME2CRC.exe
[2012/01/09 20:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2012/01/09 20:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\mIRC
[2012/01/09 20:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\mIRC
[2012/01/08 03:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\Applian FLV and Media Player
[2012/01/08 03:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Applian Technologies
[2012/01/08 03:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2012/01/08 01:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2012/01/02 20:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BodogPoker
[2012/01/02 20:08:17 | 000,000,000 | ---D | C] -- C:\Bodog
[2010/11/13 22:28:17 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/01/31 17:44:30 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/31 17:42:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/31 17:40:41 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/31 06:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/31 05:30:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-813497703-1417001333-1003UA.job
[2012/01/31 02:30:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-813497703-1417001333-1003Core.job
[2012/01/30 22:12:04 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\MBR.dat
[2012/01/29 12:53:55 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mat\Desktop\aswMBR.exe
[2012/01/29 12:11:02 | 004,393,882 | R--- | M] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe
[2012/01/29 03:39:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2012/01/29 01:49:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/28 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/01/27 22:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.com
[2012/01/27 22:01:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Mat\Desktop\GooredFix.exe
[2012/01/27 21:45:13 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTM.exe
[2012/01/27 16:00:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/26 03:32:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/26 00:30:29 | 000,177,664 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/24 21:05:02 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2012/01/24 21:03:46 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf
[2012/01/24 19:25:46 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Google Chrome.lnk
[2012/01/24 19:25:46 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/24 16:44:58 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe
[2012/01/23 19:06:30 | 000,001,463 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\DivX Movies.lnk
[2012/01/22 19:07:00 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Data Recovery.lnk
[2012/01/21 13:40:28 | 000,001,139 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Now Playing44.wpl
[2012/01/18 17:43:03 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2012/01/15 20:42:21 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Mat\My Documents\John_31_Engineer_221105
[2012/01/15 20:41:52 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\John_31_Engineer_221105
[2012/01/15 20:41:16 | 000,015,719 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Save_0012.xbsav
[2012/01/11 03:07:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/11 03:05:27 | 000,492,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 03:05:27 | 000,083,466 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/09 20:10:35 | 000,029,024 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/09 20:06:06 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/01/08 03:06:33 | 000,001,034 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Applian FLV and Media Player.lnk
[2012/01/02 20:08:18 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BodogPoker.lnk

========== Files Created - No Company Name ==========

[2012/01/30 22:12:04 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\MBR.dat
[2012/01/27 16:00:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/27 16:00:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/27 15:58:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/27 15:58:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/27 15:58:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/27 15:58:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/27 15:58:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/27 06:09:05 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/24 21:05:02 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2012/01/24 21:03:46 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\9B13A86D.plf
[2012/01/24 17:52:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/23 19:06:30 | 000,001,463 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\DivX Movies.lnk
[2012/01/22 19:07:06 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/01/22 19:07:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2012/01/22 19:07:00 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Data Recovery.lnk
[2012/01/21 13:40:28 | 000,001,139 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Now Playing44.wpl
[2012/01/15 20:42:21 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\Mat\My Documents\John_31_Engineer_221105
[2012/01/15 20:31:37 | 000,015,719 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Save_0012.xbsav
[2012/01/15 20:31:00 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\John_31_Engineer_221105
[2012/01/09 20:10:35 | 000,029,024 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/09 20:06:06 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/01/08 03:06:33 | 000,001,034 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Applian FLV and Media Player.lnk
[2012/01/02 20:08:18 | 000,000,353 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BodogPoker.lnk
[2011/02/20 17:29:56 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2011/02/20 17:29:56 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\DEVLOAD.EXE
[2011/02/20 17:29:56 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2011/02/20 17:29:56 | 000,000,308 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2011/02/20 17:29:53 | 000,002,944 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2011/01/30 00:54:32 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/01/01 03:17:36 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/12/15 02:01:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/12/15 02:01:17 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/12/15 02:01:17 | 000,224,001 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/12/15 02:01:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/12/06 08:58:56 | 002,496,715 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2010/12/04 11:00:56 | 000,265,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/04 02:25:10 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010/11/20 02:19:27 | 000,177,664 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 22:38:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/13 22:28:17 | 000,982,224 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/11/13 22:28:17 | 000,439,336 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/11/13 22:27:46 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/11/13 22:20:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 22:16:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/13 17:07:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/13 15:53:18 | 000,168,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,492,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,083,466 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/28 21:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/01/22 19:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2012/01/22 19:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/01/30 00:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/11/14 14:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2011/01/29 03:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\abgx360
[2010/11/28 21:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\acccore
[2012/01/08 03:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Applian FLV and Media Player
[2011/02/17 00:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Camfrog
[2011/03/03 03:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\FileZilla
[2011/01/01 20:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\GameTuts
[2010/12/10 03:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\GPass
[2010/12/12 03:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\ImgBurn
[2011/01/30 02:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Mael
[2010/12/12 02:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Megaupload
[2011/02/20 21:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\mkvtoolnix
[2010/12/15 13:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\MotioninJoy
[2011/06/22 07:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\OpenOffice.org
[2011/01/30 00:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Research In Motion
[2011/12/29 18:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\Stellarium
[2011/08/11 19:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\StreamTorrent
[2011/05/28 00:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\SystemRequirementsLab
[2010/12/04 00:09:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Mat\Application Data\Virtual CD v10
[2010/12/11 22:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mat\Application Data\vShare
[2012/01/29 01:49:11 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/01/28 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2012/01/29 03:39:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2012/01/31 06:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >
  • 0

#10
Essexboy
Posted 01 February 2012 - 01:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
Simorebut
Posted 01 February 2012 - 04:47 PM

Simorebut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks a lot for your good work. I appreciate the help.
  • 0

#12
Essexboy
Posted 02 February 2012 - 12:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP