Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unsure of the infection; unable to run virus scans [Solved]

Started by metsuki , Oct 18 2009 03:00 PM

  • This topic is locked This topic is locked

#16
Rorschach112
Posted 19 October 2009 - 04:54 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo...ns-t255911.html

Collect::
C:\lyqr.exe
c:\windows\system32\yoyajura.exe
c:\windows\Qturanedev.dat
c:\windows\Stifivewavadej.bin
C:\jboy.exe
C:\bqefoh.exe
C:\nmihj.exe
c:\windows\system32\sck236jn.dat
c:\windows\system32\perfc5932.dat
c:\windows\system32\perfc7683.dat
c:\windows\system32\stu2.exe
c:\windows\SYSTEM32\mehoguhi.exe
c:\windows\SYSTEM32\sesomowo.exe
c:\windows\SYSTEM32\tevisiko.exe
c:\windows\SYSTEM32\wuwijaba.exe
Folder::
c:\documents and settings\All Users\Application Data\91527327

File::


Suspect::
C:\WINDOWS\system32\drivers\dtscsi.sys


Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

  • 0

Advertisements

#17
metsuki
Posted 19 October 2009 - 10:38 AM

metsuki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 09-10-18.06 - Administrator 10/19/2009 11:22.2.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.697 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

file zipped: c:\windows\Qturanedev.dat
file zipped: c:\windows\Stifivewavadej.bin
file zipped: c:\windows\system32\perfc5932.dat
file zipped: c:\windows\system32\perfc7683.dat
file zipped: c:\windows\system32\sck236jn.dat
file zipped: c:\windows\system32\stu2.exe
file zipped: c:\windows\system32\yoyajura.exe
file zipped: c:\windows\SYSTEM32\DRIVERS\dtscsi.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Qturanedev.dat
c:\windows\Stifivewavadej.bin
c:\windows\system32\perfc5932.dat
c:\windows\system32\perfc7683.dat
c:\windows\system32\sck236jn.dat
c:\windows\system32\stu2.exe
c:\windows\system32\yoyajura.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 16:00 . 2009-07-08 18:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-19 16:00 . 2009-07-08 18:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-19 16:00 . 2009-07-08 18:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-19 15:40 . 2009-10-19 15:40 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-10-19 15:39 . 2009-10-19 15:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-10-19 13:27 . 2009-10-19 13:27 -------- d-----w- c:\program files\Alwil Software
2009-10-18 22:08 . 2009-10-18 22:08 -------- d-----w- C:\_OTL
2009-10-18 20:39 . 2009-10-19 10:04 -------- d-----w- c:\program files\mbam
2009-10-18 20:00 . 2009-10-18 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-18 20:00 . 2009-10-18 20:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-18 19:34 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 19:34 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-18 19:23 . 2009-10-18 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-10-18 18:54 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-18 18:53 . 2009-10-18 18:53 -------- d-----w- c:\program files\Panda Security
2009-10-18 18:37 . 2009-10-18 18:37 -------- d-----w- c:\program files\ERUNT
2009-10-18 17:37 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-18 17:37 . 2009-10-18 17:37 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-18 17:37 . 2009-10-18 17:37 -------- d-----w- c:\program files\McAfee.com
2009-10-18 17:37 . 2009-10-18 17:38 -------- d-----w- c:\program files\McAfee
2009-10-18 17:31 . 2009-07-08 18:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-18 16:57 . 2009-10-18 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-18 13:48 . 2009-10-19 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\gta
2009-10-18 09:33 . 2009-10-18 09:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{B3B9F2D5-20EB-4445-B9E6-D841D9A91C5B}
2009-10-18 09:32 . 2009-10-18 09:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-10-18 08:56 . 2009-10-18 09:06 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-18 08:56 . 2009-10-18 17:37 -------- d-----w- c:\windows\LastGood
2009-10-18 08:48 . 2009-10-18 08:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-18 08:48 . 2009-10-18 18:47 -------- d-----w- c:\program files\mam
2009-10-18 08:45 . 2009-10-18 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 08:39 . 2009-10-18 08:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-10-15 17:11 . 2009-10-15 17:11 -------- d-----w- c:\windows\Application Data
2009-10-15 17:11 . 2009-10-15 17:11 -------- d-----w- c:\program files\Clarus
2009-10-12 18:00 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-12 18:00 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-10-12 18:00 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-12 18:00 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-12 18:00 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-10-12 18:00 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-10-12 18:00 . 2009-10-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-12 18:00 . 2009-10-12 18:00 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-20 02:35 . 2009-09-20 02:38 -------- d-----w- c:\program files\Myst III Exile
2009-09-20 02:16 . 2009-09-20 02:16 -------- d-----w- c:\program files\Ubi Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2085-12-22 18:42 . 2004-09-29 19:04 89184 ------w- c:\windows\system32\drivers\imagedrv.sys
2085-12-22 18:42 . 2004-09-29 19:04 569344 ----a-w- c:\windows\system32\imagr5.dll
2085-12-22 18:42 . 2004-09-29 19:04 544768 ----a-w- c:\windows\system32\imagx5.dll
2085-12-22 18:42 . 2004-09-29 19:04 38912 ----a-w- c:\windows\system32\picn20.dll
2085-12-22 18:42 . 2004-09-29 19:04 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2085-12-22 18:42 . 2004-09-29 19:04 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-10-18 17:18 . 2004-08-05 15:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-18 17:18 . 2004-08-05 15:00 -------- d-----w- c:\program files\Symantec
2009-10-18 08:34 . 2004-08-05 14:57 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2009-10-18 08:34 . 2004-08-05 14:57 288 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2009-10-16 20:00 . 2004-08-29 05:31 -------- d-----w- c:\program files\Paint Shop Pro 6
2009-10-16 10:48 . 2009-07-10 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-15 17:11 . 2004-08-05 14:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 15:59 . 2004-09-27 03:27 -------- d-----w- c:\program files\Starcraft
2009-10-15 15:35 . 2005-01-09 22:39 -------- d-----w- c:\program files\StepMania
2009-09-25 05:37 . 2004-02-06 23:05 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-20 02:14 . 2009-09-15 02:49 -------- d-----w- c:\program files\Riven
2009-09-16 01:20 . 2009-09-16 01:20 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2009-09-14 02:34 . 2008-08-05 08:37 -------- d-----w- c:\program files\BitComet
2009-09-11 14:18 . 2004-03-19 22:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 03:01 . 2009-09-09 03:01 -------- d-----w- c:\program files\Myst
2009-09-04 21:03 . 2004-03-30 01:48 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 18:12 . 2009-08-31 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CELSYS
2009-08-31 18:10 . 2009-08-31 18:10 -------- d-----w- c:\program files\Smith Micro
2009-08-27 17:13 . 2009-08-27 17:13 -------- d-----w- c:\program files\Audacity
2009-08-26 11:32 . 2009-08-26 11:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-26 08:00 . 2004-03-19 22:43 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 15:01 . 2006-09-27 23:45 -------- d-----w- c:\program files\DirectVobSub
2009-08-25 15:01 . 2004-08-29 03:58 -------- d-----w- c:\program files\DivX
2009-08-20 07:10 . 2004-08-05 15:04 261264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 15:08 . 2002-10-15 22:54 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 1980-01-01 05:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 1980-01-01 05:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2006-05-06 16:42 . 2006-09-05 16:24 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2009-07-18 08:06 . 2009-07-18 08:06 1114558 --sha-w- c:\windows\SYSTEM32\gehumuro.exe
2006-04-21 23:22 . 2006-04-21 23:22 10856 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-18_23.10.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-19 16:03 . 2009-10-19 16:03 20480 c:\windows\assembly\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll
- 2009-10-18 17:38 . 2009-10-18 17:38 20480 c:\windows\assembly\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll
+ 2009-10-19 16:03 . 2009-10-19 16:03 20480 c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll
- 2009-10-18 17:38 . 2009-10-18 17:38 20480 c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll
+ 2009-10-19 16:03 . 2009-10-19 16:03 126976 c:\windows\assembly\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll
- 2009-10-18 17:38 . 2009-10-18 17:38 126976 c:\windows\assembly\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 184320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\mbam\mbam.exe" [2009-09-10 1312080]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-05-16 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
$McInstBootA5E6DEAA56$.lnk - c:\windows\SYSTEM32\cmd.exe [2004-3-19 389120]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^metsuki^Start Menu^Programs^Startup^OpenOffice.org 1.9.79.lnk]
path=c:\documents and settings\metsuki\Start Menu\Programs\Startup\OpenOffice.org 1.9.79.lnk
backup=c:\windows\pss\OpenOffice.org 1.9.79.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Tower Blaster\\TowerBlaster.exe"=
"c:\\sysreset\\mirc.exe"=
"c:\\Program Files\\World of Warcraft\\WoW.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:WOW
"6112:TCP"= 6112:TCP:blah1
"19938:TCP"= 19938:TCP:BitComet 19938 TCP
"19938:UDP"= 19938:UDP:BitComet 19938 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"19605:TCP"= 19605:TCP:BitComet 19605 TCP
"19605:UDP"= 19605:UDP:BitComet 19605 UDP

S0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [10/18/2009 1:54 PM 28544]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 0197621255966838mcinstcleanup;McAfee Application Installer Cleanup (0197621255966838);c:\docume~1\ADMINI~1\LOCALS~1\Temp\019762~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\019762~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/18/2009 12:38 PM 203280]
S2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [10/15/2009 12:11 PM 102400]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\SYSTEM32\DRIVERS\ASPI32.SYS [8/7/2008 6:19 AM 16512]
S3 SASENUM;SASENUM;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-19 02:26]

2009-10-19 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-19 02:26]

2009-10-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-25 03:18]

2005-07-16 c:\windows\Tasks\{F518690D-D6B4-4D24-9FB5-59B8DD67C23F}_ENDER_metsuki.job
- c:\windows\system32\mobsync.exe [2004-03-19 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://moreverde.com/in.cgi?3&key=tuning+carro
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {ED3F74A7-2112-4045-A90C-27D322B88B30} = 166.102.165.11,166.102.165.13
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5ii1me07.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {B3B9F2D5-20EB-4445-B9E6-D841D9A91C5B} - c:\documents and settings\Administrator\Local Settings\Application Data\{B3B9F2D5-20EB-4445-B9E6-D841D9A91C5B}\
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-MISPInst - c:\docume~1\ADMINI~1\LOCALS~1\Temp\McInstallTemp\Install.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 11:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-19 11:30
ComboFix-quarantined-files.txt 2009-10-19 16:30
ComboFix2.txt 2009-10-18 23:15

Pre-Run: 97,579,384,832 bytes free
Post-Run: 97,855,909,888 bytes free

Current=5 Default=5 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 2D9CB5C589A27308BED37666CE8D6AB7
Upload was successful
  • 0

#18
Rorschach112
Posted 19 October 2009 - 10:41 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg

:Files
c:\windows\SYSTEM32\gehumuro.exe
:Commands
[purity]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#19
metsuki
Posted 19 October 2009 - 03:14 PM

metsuki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTM Results:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\SYSTEM32\gehumuro.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 37845002 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: metsuki

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36.12 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10192009_115521


Malwarebytes didn't pick up anything, so here's Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, October 19, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 19, 2009 16:11:19
Records in database: 3035046
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 130830
Threats found: 7
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 03:03:46


File name / Threat / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\lsp.dll.vir Infected: Trojan.Win32.Agent2.cjya 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\userinit.exe.vir Infected: Packed.Win32.Krap.ae 1
C:\Qoobox\Quarantine\[4]-Submit_2009-10-19_11.22.06.zip Infected: Trojan-Clicker.Win32.Agent.iqj 1
C:\sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\WINDOWS\browserxtras\pn\remove.exe Infected: Trojan-Downloader.Win32.Keenval.f 1
C:\WINDOWS\SYSTEM32\ms32clod.dll Infected: Trojan-Clicker.Win32.Agent.iqk 1

Selected area has been scanned.
  • 0

#20
Rorschach112
Posted 20 October 2009 - 07:07 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

:Services

:Reg

:Files
C:\WINDOWS\browserxtras
C:\WINDOWS\SYSTEM32\ms32clod.dll
:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#21
metsuki
Posted 20 October 2009 - 10:27 AM

metsuki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 10/20/2009 11:10:02 AM - Run 7
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 797.95 Mb Available Physical Memory | 78.07% Memory free
2.40 Gb Paging File | 2.30 Gb Available in Paging File | 95.80% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.27 Gb Total Space | 91.20 Gb Free Space | 39.78% Space Free | Partition Type: NTFS
Drive D: | 668.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ENDER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/18 14:36:08 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/10 00:26:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0197621255966838mcinstcleanup [Auto | Stopped])
SRV - [2009/07/22 13:07:59 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2009/07/08 15:15:04 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Stopped])
SRV - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Auto | Stopped])
SRV - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Stopped])
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Stopped])
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Stopped])
SRV - [2009/05/12 21:00:48 | 00,102,400 | ---- | M] () -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service [Auto | Stopped])
SRV - [2009/01/07 03:40:58 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/12/25 21:43:24 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Stopped])
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/10/08 12:04:44 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/05/25 23:15:48 | 00,397,312 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2004/04/21 11:16:02 | 01,434,848 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS [Auto | Stopped])
SRV - [2004/03/23 12:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe -- (IAANTMon [Auto | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
SRV - [2003/01/10 17:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Stopped])
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Stopped])
SRV - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {B3B9F2D5-20EB-4445-B9E6-D841D9A91C5B}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/25 21:43:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 03:00:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{AA6C3622-8B9D-46DA-9D33-0A7E4DBAE7ED}: C:\Documents and Settings\metsuki\Local Settings\Application Data\{AA6C3622-8B9D-46DA-9D33-0A7E4DBAE7ED}
FF - HKLM\software\mozilla\Firefox\extensions\\{B3B9F2D5-20EB-4445-B9E6-D841D9A91C5B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{B3B9F2D5-20EB-4445-B9E6-D841D9A91C5B}\ [2009/10/18 04:33:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/19 11:05:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/17 14:59:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/13 22:41:13 | 00,000,000 | ---D | M]

[2009/10/18 03:40:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/10/18 03:40:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/20 04:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\5ii1me07.default\extensions
[2009/10/18 03:42:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\5ii1me07.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/19 03:56:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/13 22:41:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/05 04:38:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/25 21:44:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/09/13 22:41:08 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/13 22:41:08 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006/05/06 11:42:04 | 07,260,160 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libvlc.dll
[2008/01/23 01:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2008/12/25 21:43:25 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/09/18 13:11:12 | 01,851,392 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2006/09/18 13:11:22 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2006/10/07 12:14:56 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/09/13 22:41:10 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2005/09/23 23:44:16 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/10 14:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/08/08 03:33:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/08 03:33:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/08 03:33:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/08 03:33:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/08 03:33:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/08 03:33:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/08 03:33:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/10 14:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2006/05/06 11:42:04 | 00,478,720 | ---- | M] (VideoLAN Team) -- C:\Program Files\mozilla firefox\plugins\npvlc.dll
[2009/09/04 12:50:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/04 12:50:07 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/04 12:50:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/04 12:50:07 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/04 12:50:07 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/04 12:50:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/04 12:50:07 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [OTM] C:\Documents and Settings\Administrator\Desktop\OTM.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McInstBootA5E6DEAA56$.lnk = C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} http://www.gamescamp...GamesCampus.cab (GamesCampus Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.1.2.76.cab (CDownloadCtrl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.cartoon-f...ayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.app.../ITDetector.cab (iTunesDetector Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 12:58:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/09/30 01:52:56 | 00,000,047 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- [1999/05/13 09:21:30 | 00,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (aswBoot.exe) - File not found
O34 - HKLM BootExecute: (/A:*) - File not found
O34 - HKLM BootExecute: (/L:English) - File not found
O34 - HKLM BootExecute: (/KBD:2) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/18 14:23:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/10/18 08:48:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gta
[2009/10/18 11:57:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/10/18 15:00:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/18 03:43:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/10/18 03:47:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/10/18 03:48:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/10/18 03:39:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/10/18 15:00:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009/10/18 04:33:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{B3B9F2D5-20EB-4445-B9E6-D841D9A91C5B}
[2009/10/18 04:32:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2009/10/19 10:39:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software
[2009/10/18 03:39:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2009/10/18 12:37:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/10/19 08:27:39 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/10/15 12:11:35 | 00,000,000 | ---D | C] -- C:\Program Files\Clarus
[2009/10/18 13:37:44 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/12 13:00:08 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/10/18 03:45:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/18 03:48:22 | 00,000,000 | ---D | C] -- C:\Program Files\mam
[2009/10/18 12:37:06 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/10/18 12:37:20 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/10/18 13:53:44 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/10/18 03:56:04 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/10/19 12:04:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/19 12:04:04 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/19 11:59:17 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/10/19 11:55:21 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/19 11:54:28 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2009/10/19 11:33:02 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/10/19 11:00:53 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/10/19 11:00:53 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/10/19 11:00:53 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/10/19 08:50:24 | 01,296,288 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Administrator\Desktop\DMSetup.exe
[2009/10/19 05:03:27 | 01,312,080 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbam.exe
[2009/10/18 18:02:00 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/18 18:00:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/18 18:00:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/18 18:00:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/18 18:00:10 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/18 17:55:56 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/18 17:08:42 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/18 14:35:54 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/18 13:54:45 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/10/18 13:38:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/18 12:37:41 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/10/18 12:31:04 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/10/18 03:56:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/10/18 03:44:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2009/10/18 03:41:47 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/10/15 12:11:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\Application Data
[2009/10/15 03:06:34 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/10/12 13:00:13 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/10/12 13:00:13 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/10/12 13:00:13 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/10/12 13:00:12 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/10/12 13:00:11 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2004/08/05 09:52:34 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 14 Days ==========

[2085/12/22 13:42:24 | 00,569,344 | ---- | M] (Pegasus Software,LLC) -- C:\WINDOWS\System32\imagr5.dll
[2085/12/22 13:42:24 | 00,544,768 | ---- | M] (Pegasus Software, LLC) -- C:\WINDOWS\System32\imagx5.dll
[2085/12/22 13:42:24 | 00,283,920 | ---- | M] (Pegasus Software, LLC) -- C:\WINDOWS\System32\ImagXpr5.dll
[2085/12/22 13:42:24 | 00,155,648 | ---- | M] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2085/12/22 13:42:24 | 00,038,912 | ---- | M] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2009/10/20 11:08:55 | 00,004,483 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/20 11:08:50 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/20 11:08:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/20 11:06:44 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/20 10:57:28 | 02,096,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/19 11:59:18 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/10/19 11:54:29 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2009/10/19 11:28:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/19 11:18:56 | 03,350,731 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
[2009/10/19 11:03:16 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/10/19 11:03:15 | 00,001,585 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McInstBootA5E6DEAA56$.lnk
[2009/10/19 11:03:06 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2009/10/19 11:00:38 | 00,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/10/19 11:00:37 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/10/19 10:40:19 | 00,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/10/19 10:39:53 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/18 18:10:49 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/10/18 18:02:09 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jarahitu
[2009/10/18 18:02:08 | 00,000,299 | RHS- | M] () -- C:\BOOT.INI
[2009/10/18 14:36:08 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/18 12:48:16 | 01,296,288 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Administrator\Desktop\DMSetup.exe
[2009/10/18 08:55:20 | 00,000,938 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Green AntiVirus .lnk
[2009/10/18 03:41:02 | 00,000,989 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/10/18 03:41:02 | 00,000,229 | ---- | M] () -- C:\Boot.bak
[2009/10/18 03:34:40 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/10/18 03:34:40 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/10/18 03:34:40 | 00,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/10/18 03:34:40 | 00,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2009/10/18 03:34:40 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/10/18 03:34:40 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/10/18 03:34:40 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2009/10/18 03:34:40 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2009/10/18 03:34:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/17 16:41:37 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/10/17 12:21:56 | 00,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/10/15 12:11:48 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung SecretZone.lnk
[2009/10/15 03:08:23 | 00,507,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 03:08:23 | 00,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/10/15 03:08:23 | 00,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/10/15 03:05:16 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/09 13:00:00 | 00,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/09 13:00:00 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini

========== Files - No Company Name ==========
[2009/10/19 12:10:01 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/19 11:04:22 | 00,004,483 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/19 11:03:16 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/10/19 11:03:15 | 00,001,585 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McInstBootA5E6DEAA56$.lnk
[2009/10/19 11:03:06 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2009/10/19 11:00:38 | 00,000,356 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/10/19 11:00:37 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/10/19 10:40:19 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/10/18 18:02:08 | 00,000,229 | ---- | C] () -- C:\Boot.bak
[2009/10/18 18:02:04 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/18 18:00:10 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/18 18:00:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/18 18:00:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/18 18:00:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/18 17:50:25 | 03,350,731 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
[2009/10/18 08:55:20 | 00,000,938 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Green AntiVirus .lnk
[2009/10/15 12:11:48 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung SecretZone.lnk
[2009/10/12 13:00:14 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/10/12 13:00:14 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/10/12 13:00:12 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/10/12 13:00:12 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/12 13:00:12 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/12 13:00:10 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/12 13:00:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/09/08 22:01:30 | 00,000,390 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/07/05 18:34:18 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2006/06/01 22:31:57 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/06/01 22:21:28 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/06/01 22:21:28 | 00,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7693.sys
[2006/04/21 18:22:28 | 00,010,856 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/07 22:21:50 | 00,000,062 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/06 21:14:25 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/29 18:26:52 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/03/26 07:15:00 | 00,057,856 | ---- | C] () -- C:\WINDOWS\Fce32.dll
[2005/03/26 07:14:57 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\See32.dll
[2005/03/26 07:14:57 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\Fce32.dll
[2005/01/31 21:28:25 | 00,028,672 | ---- | C] () -- C:\WINDOWS\kmouse32.dll
[2004/10/26 17:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/10/03 19:06:29 | 00,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/09/29 14:07:32 | 00,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2004/08/29 00:31:28 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2004/08/15 16:17:40 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/08/12 16:13:39 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/08/12 16:12:11 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2004/08/12 16:12:11 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2004/08/12 16:09:21 | 00,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2004/08/05 10:04:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/05 10:04:31 | 00,261,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/08/05 10:00:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/05 09:52:50 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/08/05 09:52:36 | 00,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/08/05 09:52:36 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/08/05 09:52:34 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/08/05 09:52:34 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/08/05 09:52:13 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/08/05 09:41:34 | 02,096,656 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2004/08/05 09:40:56 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/05 09:25:32 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 16:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/20 13:21:34 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 12:58:32 | 00,000,989 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/03/20 12:50:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/20 12:50:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2004/03/20 12:50:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\DESKTOP.INI
[2004/03/19 17:37:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 17:54:04 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1980/01/01 00:00:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2009/10/18 03:48:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/10/18 17:57:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/18 10:38:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/15 09:33:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/31 13:12:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CELSYS
[2004/08/05 09:55:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2005/08/27 23:50:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/01/08 21:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/10/18 14:23:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/10/19 08:16:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gta
[2004/08/28 15:13:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2004/08/05 09:23:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2004/09/22 22:30:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/03/19 17:40:06 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/10/19 11:00:38 | 00,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/10/19 11:00:37 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/10/18 03:34:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/17 16:41:37 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2005/07/16 11:10:00 | 00,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\{F518690D-D6B4-4D24-9FB5-59B8DD67C23F}_ENDER_metsuki.job

========== Purity Check ==========


< End of report >
  • 0

#22
Rorschach112
Posted 20 October 2009 - 11:24 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg

:Files
C:\WINDOWS\System32\jarahitu
:Commands
[purity]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.




Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#23
metsuki
Posted 20 October 2009 - 02:54 PM

metsuki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you so much for all your help. I'm finally able to start windows normally without the blue screen error and I seem to be able to run my virus scans again. There are a few kinks that hopefully will be resolved with a full virus scan and the like.

I will follow your protection advice immediately!

Thank you once again. I appreciate your help and effort!
  • 0

#24
Rorschach112
Posted 20 October 2009 - 04:48 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP