Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with a RAT [Solved]

Started by Pookani , Apr 18 2010 01:11 AM

  • Please log in to reply

#1
Pookani
Posted 18 April 2010 - 01:11 AM

Pookani

    Member

  • Member
  • PipPip
  • 40 posts
As the title says I am infected with a RAT.

Here are my logs:

MBAM:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4003

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/17/2010 11:40:02 PM
mbam-log-2010-04-17 (23-40-02).txt

Scan type: Quick scan
Objects scanned: 122796
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-17 23:57:07
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\JAGDEE~1\AppData\Local\Temp\agtdapog.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82820AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82820104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828203F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828092D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82808898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828201DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82820958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828206F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82820F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828211A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82880599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828A4F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90404000, 0x23097E, 0xE8000020]
.text peauth.sys 97D5BC9D 28 Bytes [5E, 4B, C4, 81, 42, 86, A9, ...]
.text peauth.sys 97D5BCC1 28 Bytes [5E, 4B, C4, 81, 42, 86, A9, ...]
PAGE peauth.sys 97D61E20 101 Bytes [66, 28, 5A, 97, 23, A1, 6B, ...]
PAGE peauth.sys 97D6202C 102 Bytes [01, A2, D3, F8, F1, B8, 8C, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3076] ntdll.dll!LdrLoadDll 77D7F585 5 Bytes JMP 001113F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval 604800

---- EOF - GMER 1.0.15 ----


OTL:

OTL logfile created on: 4/17/2010 11:59:59 PM - Run 2
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\removed\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.00 Gb Total Space | 204.08 Gb Free Space | 71.61% Space Free | Partition Type: NTFS
Drive D: | 5.98 Gb Total Space | 5.88 Gb Free Space | 98.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: removed-PC
Current User Name: removed
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/17 23:58:44 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\removed\Downloads\OTL(3).exe
PRC - [2010/04/06 12:44:14 | 000,247,856 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/04/02 17:54:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/31 17:24:08 | 000,194,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/03/29 00:01:45 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_16\bin\jusched.exe
PRC - [2010/03/18 02:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/22 20:36:00 | 000,621,320 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/17 23:58:44 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\removed\Downloads\OTL(3).exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/06 12:44:46 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/04/06 12:44:14 | 000,247,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/04/03 16:46:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/31 17:24:08 | 000,194,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/03/18 02:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 1D 11 80 B7 CF CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100314


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 17:55:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 15:33:36 | 000,000,000 | ---D | M]

[2010/03/29 01:14:56 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Mozilla\Extensions
[2010/03/29 01:14:56 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/04/17 23:40:52 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Mozilla\Firefox\Profiles\b92xmn2m.default\extensions
[2010/03/29 15:19:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\removed\AppData\Roaming\Mozilla\Firefox\Profiles\b92xmn2m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/28 23:05:21 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Mozilla\Firefox\Profiles\b92xmn2m.default\extensions\[email protected]
[2010/04/16 15:33:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 15:33:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/07/30 10:51:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_16\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Users\removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 64.59.144.16 64.59.144.17
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ecf5ac75-3af2-11df-808e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ecf5ac75-3af2-11df-808e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\iPodSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 19:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/17 20:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/17 20:27:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/17 20:27:48 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/17 20:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/16 20:10:54 | 000,000,000 | ---D | C] -- C:\Users\removed\Desktop\Anti_freezel
[2010/04/16 19:57:14 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Roaming\mIRC
[2010/04/16 19:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2010/04/16 15:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2010/04/14 18:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/04/14 18:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/04/11 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Roaming\TeamViewer
[2010/04/11 16:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/04/10 23:54:41 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Local\TechSmith
[2010/04/10 23:54:33 | 000,000,000 | ---D | C] -- C:\Users\removed\Documents\Camtasia Studio
[2010/04/10 23:54:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/04/10 23:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/04/10 23:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/04/10 23:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/04/09 20:33:16 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Roaming\TortoiseSVN
[2010/04/09 20:29:32 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Local\TSVNCache
[2010/04/09 20:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/04/09 20:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/04/09 17:48:45 | 000,000,000 | ---D | C] -- C:\Users\removed\Documents\RSBot
[2010/04/08 17:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\JFormDesigner
[2010/04/08 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\removed\.jformdesigner
[2010/04/06 20:11:01 | 000,000,000 | ---D | C] -- C:\Users\removed\workspace
[2010/04/06 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Roaming\Apple Computer
[2010/04/06 16:04:05 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Local\Apple Computer

========== Files - Modified Within 14 Days ==========

[2010/04/18 00:00:06 | 001,572,864 | -HS- | M] () -- C:\Users\removed\NTUSER.DAT
[2010/04/17 23:34:26 | 000,030,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 23:34:26 | 000,030,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 23:29:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/17 23:29:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/17 23:29:05 | 2313,388,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/17 20:39:34 | 265,552,275 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/17 20:27:55 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 08:36:42 | 000,747,848 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/17 08:36:42 | 000,637,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/17 08:36:42 | 000,115,154 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/17 00:22:09 | 003,040,078 | -H-- | M] () -- C:\Users\removed\AppData\Local\IconCache.db
[2010/04/16 22:46:04 | 000,000,075 | ---- | M] () -- C:\Users\removed\jagex_runescape_preferences2.dat
[2010/04/16 22:45:06 | 000,000,041 | ---- | M] () -- C:\Users\removed\jagex_runescape_preferences.dat
[2010/04/16 22:15:55 | 000,001,371 | ---- | M] () -- C:\Users\removed\Desktop\Anti-freezel - Shortcut.lnk
[2010/04/16 07:48:29 | 000,003,584 | ---- | M] () -- C:\Users\removed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/16 07:48:28 | 003,419,396 | ---- | M] () -- C:\Users\removed\Desktop\unfreezer2.avi
[2010/04/15 23:33:26 | 006,905,774 | ---- | M] () -- C:\Users\removed\Desktop\unfreezer.avi
[2010/04/15 15:11:19 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/11 16:59:50 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/04/09 16:49:04 | 000,001,506 | ---- | M] () -- C:\Users\removed\Desktop\eclipse - Shortcut.lnk
[2010/04/06 23:49:46 | 000,000,916 | ---- | M] () -- C:\Users\removed\Desktop\IntelliJ IDEA 9.0.1.lnk
[2010/04/05 20:52:45 | 000,218,875 | RHS- | M] () -- C:\PWMZF
[2010/04/05 20:52:45 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/04/05 19:45:45 | 000,002,589 | ---- | M] () -- C:\Windows\SLIC.cmd

========== Files Created - No Company Name ==========

[2010/04/17 20:27:55 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/16 20:19:53 | 000,001,371 | ---- | C] () -- C:\Users\removed\Desktop\Anti-freezel - Shortcut.lnk
[2010/04/16 07:48:43 | 003,419,396 | ---- | C] () -- C:\Users\removed\Desktop\unfreezer2.avi
[2010/04/15 23:33:39 | 006,905,774 | ---- | C] () -- C:\Users\removed\Desktop\unfreezer.avi
[2010/04/11 16:59:50 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/04/10 23:57:03 | 000,003,584 | ---- | C] () -- C:\Users\removed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/09 16:49:04 | 000,001,506 | ---- | C] () -- C:\Users\removed\Desktop\eclipse - Shortcut.lnk
[2010/04/06 23:49:46 | 000,000,916 | ---- | C] () -- C:\Users\removed\Desktop\IntelliJ IDEA 9.0.1.lnk
[2010/04/05 20:52:45 | 000,218,875 | RHS- | C] () -- C:\PWMZF
[2010/04/05 20:52:45 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/04/05 19:45:42 | 000,002,589 | ---- | C] () -- C:\Windows\SLIC.cmd
[2010/04/02 23:58:08 | 000,000,000 | ---- | C] () -- C:\Users\removed\.javafx_eula_accepted
[2010/03/31 18:53:13 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/31 15:31:37 | 000,000,075 | ---- | C] () -- C:\Users\removed\jagex_runescape_preferences2.dat
[2010/03/31 15:31:37 | 000,000,000 | ---- | C] () -- C:\Users\removed\jagex__preferences3.dat
[2010/03/31 15:31:21 | 000,000,041 | ---- | C] () -- C:\Users\removed\jagex_runescape_preferences.dat
[2010/03/31 00:31:26 | 000,000,761 | ---- | C] () -- C:\Users\removed\hosts
[2010/03/30 19:46:58 | 000,524,288 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{9035a7f5-3c6f-11df-aae7-001e336bd5fb}.TMContainer00000000000000000002.regtrans-ms
[2010/03/30 19:46:58 | 000,524,288 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{9035a7f5-3c6f-11df-aae7-001e336bd5fb}.TMContainer00000000000000000001.regtrans-ms
[2010/03/30 19:46:58 | 000,065,536 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{9035a7f5-3c6f-11df-aae7-001e336bd5fb}.TM.blf
[2010/03/29 21:43:35 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/03/29 14:29:58 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/03/28 22:52:39 | 000,000,020 | -HS- | C] () -- C:\Users\removed\ntuser.ini
[2010/03/28 22:52:38 | 000,524,288 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/03/28 22:52:38 | 000,524,288 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/03/28 22:52:38 | 000,262,144 | -HS- | C] () -- C:\Users\removed\ntuser.dat.LOG1
[2010/03/28 22:52:38 | 000,065,536 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/03/28 22:52:38 | 000,000,000 | -HS- | C] () -- C:\Users\removed\ntuser.dat.LOG2
[2010/03/28 22:52:36 | 001,572,864 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/12/01 20:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

========== LOP Check ==========

[2010/03/29 14:30:19 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Canneverbe Limited
[2010/04/17 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\LimeWire
[2010/04/03 16:43:48 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Subversion
[2010/04/11 17:10:55 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\TeamViewer
[2009/07/13 21:53:46 | 000,020,340 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 18:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 18:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/03/29 21:43:35 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/27 00:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/27 00:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/27 00:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys

< End of report >
  • 0

Advertisements

#2
Pookani
Posted 18 April 2010 - 11:04 AM

Pookani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Please somebody help! :)
  • 0

#3
Pookani
Posted 18 April 2010 - 01:14 PM

Pookani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Anybody..please help! ;(
  • 0

#4
mpascal
Posted 21 April 2010 - 07:49 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi Pookani,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
I suggest you be a bit more patient. It was less than a day before you bumped your topic. We're all volunteers here, we're not here waiting for people to make topics.

As it has been a few days, I'm going to need some fresh logs. Please run the following:

STEP 1 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

STEP 3 - OTL

Open OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Change the Standard Registry and Extra Registry options to Use Safelist.
  • Check the boxes beside LOP Check and Purity Check.
  • In the Custom Scans box, copy and paste the following:
    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • OTL Log
  • GMER Log

  • 0

#5
Pookani
Posted 21 April 2010 - 07:51 PM

Pookani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I haven't really done anything else on my computer other than check this thread for updates (literally speaking). Is it really necessary to re-post the logs then?
  • 0

#6
mpascal
Posted 21 April 2010 - 07:53 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Can you elaborate on what problems you're having.
  • 0

#7
Pookani
Posted 21 April 2010 - 07:55 PM

Pookani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
There's a keylogger on my computer, many of my passwords have been changed, my computer goes on and off automatically and it has been beginning to crash recently since I got infected.
  • 0

#8
mpascal
Posted 21 April 2010 - 08:01 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Open up OTL, push the Quickscan button and post the log here.
  • 0

#9
Pookani
Posted 21 April 2010 - 08:07 PM

Pookani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTL logfile created on: 4/21/2010 7:05:30 PM - Run 3
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\removed\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.00 Gb Total Space | 200.79 Gb Free Space | 70.45% Space Free | Partition Type: NTFS
Drive D: | 5.98 Gb Total Space | 5.88 Gb Free Space | 98.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: removed-PC
Current User Name: removed
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/21 16:01:12 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/17 23:58:44 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\removed\Downloads\OTL(3).exe
PRC - [2010/04/06 12:44:14 | 000,247,856 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/04/02 17:54:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/31 17:24:08 | 000,194,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/03/29 00:01:45 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_16\bin\jusched.exe
PRC - [2010/03/23 15:40:50 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2010/03/18 02:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/22 20:36:00 | 000,621,320 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/08/17 22:59:28 | 000,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/17 23:58:44 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\removed\Downloads\OTL(3).exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/21 16:01:12 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/06 12:44:46 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/04/06 12:44:14 | 000,247,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/04/03 16:46:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/31 17:24:08 | 000,194,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/03/18 02:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 1D 11 80 B7 CF CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100314


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 17:55:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 15:33:36 | 000,000,000 | ---D | M]

[2010/03/29 01:14:56 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Mozilla\Extensions
[2010/03/29 01:14:56 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/04/21 15:38:55 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Mozilla\Firefox\Profiles\b92xmn2m.default\extensions
[2010/03/29 15:19:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\removed\AppData\Roaming\Mozilla\Firefox\Profiles\b92xmn2m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/28 23:05:21 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Mozilla\Firefox\Profiles\b92xmn2m.default\extensions\[email protected]
[2010/04/16 15:33:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 15:33:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/07/30 10:51:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_16\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Users\removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 64.59.144.16 64.59.144.17
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ecf5ac75-3af2-11df-808e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ecf5ac75-3af2-11df-808e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\iPodSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/19 00:00:12 | 000,000,000 | ---D | C] -- C:\Users\removed\Desktop\RSBot
[2010/04/17 20:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/17 20:27:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/17 20:27:48 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/17 20:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/16 20:10:54 | 000,000,000 | ---D | C] -- C:\Users\removed\Desktop\Anti_freezel
[2010/04/16 19:57:14 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Roaming\mIRC
[2010/04/16 19:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2010/04/16 15:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2010/04/14 18:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/04/14 18:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/04/11 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Roaming\TeamViewer
[2010/04/11 16:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/04/10 23:54:41 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Local\TechSmith
[2010/04/10 23:54:33 | 000,000,000 | ---D | C] -- C:\Users\removed\Documents\Camtasia Studio
[2010/04/10 23:54:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/04/10 23:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/04/10 23:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/04/10 23:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/04/09 20:33:16 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Roaming\TortoiseSVN
[2010/04/09 20:29:32 | 000,000,000 | ---D | C] -- C:\Users\removed\AppData\Local\TSVNCache
[2010/04/09 20:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/04/09 20:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/04/09 17:48:45 | 000,000,000 | ---D | C] -- C:\Users\removed\Documents\RSBot
[2010/04/08 17:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\JFormDesigner
[2010/04/08 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\removed\.jformdesigner

========== Files - Modified Within 14 Days ==========

[2010/04/21 19:06:22 | 001,572,864 | -HS- | M] () -- C:\Users\removed\NTUSER.DAT
[2010/04/21 17:39:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/21 16:29:25 | 000,000,075 | ---- | M] () -- C:\Users\removed\jagex_runescape_preferences2.dat
[2010/04/21 16:28:05 | 000,000,041 | ---- | M] () -- C:\Users\removed\jagex__preferences3.dat
[2010/04/21 16:27:57 | 000,000,041 | ---- | M] () -- C:\Users\removed\jagex_runescape_preferences.dat
[2010/04/21 16:14:03 | 000,002,106 | ---- | M] () -- C:\Users\removed\Desktop\SummerSchool2010-fullCredit.xml
[2010/04/21 15:48:38 | 000,208,279 | ---- | M] () -- C:\Users\removed\Desktop\3.png
[2010/04/21 15:48:14 | 000,210,369 | ---- | M] () -- C:\Users\removed\Desktop\2.png
[2010/04/21 15:47:57 | 000,206,873 | ---- | M] () -- C:\Users\removed\Desktop\1.png
[2010/04/21 15:33:11 | 000,030,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 15:33:11 | 000,030,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 15:28:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/21 15:27:55 | 2313,388,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/19 23:41:04 | 003,042,008 | -H-- | M] () -- C:\Users\removed\AppData\Local\IconCache.db
[2010/04/18 10:27:39 | 000,001,506 | ---- | M] () -- C:\Users\removed\Desktop\eclipse - Shortcut.lnk
[2010/04/17 20:39:34 | 265,552,275 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/17 20:27:55 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 08:36:42 | 000,747,848 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/17 08:36:42 | 000,637,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/17 08:36:42 | 000,115,154 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/16 07:48:29 | 000,003,584 | ---- | M] () -- C:\Users\removed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/16 07:48:28 | 003,419,396 | ---- | M] () -- C:\Users\removed\Desktop\unfreezer2.avi
[2010/04/15 23:33:26 | 006,905,774 | ---- | M] () -- C:\Users\removed\Desktop\unfreezer.avi
[2010/04/15 15:11:19 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/11 16:59:50 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk

========== Files Created - No Company Name ==========

[2010/04/21 16:14:03 | 000,002,106 | ---- | C] () -- C:\Users\removed\Desktop\SummerSchool2010-fullCredit.xml
[2010/04/21 15:48:38 | 000,208,279 | ---- | C] () -- C:\Users\removed\Desktop\3.png
[2010/04/21 15:48:14 | 000,210,369 | ---- | C] () -- C:\Users\removed\Desktop\2.png
[2010/04/21 15:47:56 | 000,206,873 | ---- | C] () -- C:\Users\removed\Desktop\1.png
[2010/04/17 20:27:55 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/16 07:48:43 | 003,419,396 | ---- | C] () -- C:\Users\removed\Desktop\unfreezer2.avi
[2010/04/15 23:33:39 | 006,905,774 | ---- | C] () -- C:\Users\removed\Desktop\unfreezer.avi
[2010/04/11 16:59:50 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/04/10 23:57:03 | 000,003,584 | ---- | C] () -- C:\Users\removed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/09 16:49:04 | 000,001,506 | ---- | C] () -- C:\Users\removed\Desktop\eclipse - Shortcut.lnk
[2010/04/02 23:58:08 | 000,000,000 | ---- | C] () -- C:\Users\removed\.javafx_eula_accepted
[2010/03/31 18:53:13 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/31 15:31:37 | 000,000,075 | ---- | C] () -- C:\Users\removed\jagex_runescape_preferences2.dat
[2010/03/31 15:31:37 | 000,000,041 | ---- | C] () -- C:\Users\removed\jagex__preferences3.dat
[2010/03/31 15:31:21 | 000,000,041 | ---- | C] () -- C:\Users\removed\jagex_runescape_preferences.dat
[2010/03/31 00:31:26 | 000,000,761 | ---- | C] () -- C:\Users\removed\hosts
[2010/03/30 19:46:58 | 000,524,288 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{9035a7f5-3c6f-11df-aae7-001e336bd5fb}.TMContainer00000000000000000002.regtrans-ms
[2010/03/30 19:46:58 | 000,524,288 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{9035a7f5-3c6f-11df-aae7-001e336bd5fb}.TMContainer00000000000000000001.regtrans-ms
[2010/03/30 19:46:58 | 000,065,536 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{9035a7f5-3c6f-11df-aae7-001e336bd5fb}.TM.blf
[2010/03/29 21:43:35 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/03/29 14:29:58 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/03/28 22:52:39 | 000,000,020 | -HS- | C] () -- C:\Users\removed\ntuser.ini
[2010/03/28 22:52:38 | 000,524,288 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/03/28 22:52:38 | 000,524,288 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/03/28 22:52:38 | 000,262,144 | -HS- | C] () -- C:\Users\removed\ntuser.dat.LOG1
[2010/03/28 22:52:38 | 000,065,536 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/03/28 22:52:38 | 000,000,000 | -HS- | C] () -- C:\Users\removed\ntuser.dat.LOG2
[2010/03/28 22:52:36 | 001,572,864 | -HS- | C] () -- C:\Users\removed\NTUSER.DAT
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/12/01 20:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

========== LOP Check ==========

[2010/03/29 14:30:19 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Canneverbe Limited
[2010/04/21 15:29:55 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\LimeWire
[2010/04/03 16:43:48 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\Subversion
[2010/04/11 17:10:55 | 000,000,000 | ---D | M] -- C:\Users\removed\AppData\Roaming\TeamViewer
[2009/07/13 21:53:46 | 000,021,842 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
  • 0

#10
mpascal
Posted 21 April 2010 - 08:14 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
O33 - MountPoints2\{ecf5ac75-3af2-11df-808e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ecf5ac75-3af2-11df-808e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\iPodSetup.exe -- File not found

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
STEP 2 - MBAM

Open Malwarebyte''s Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

  • 0

Advertisements

#11
Pookani
Posted 22 April 2010 - 05:41 PM

Pookani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Kaspersky took forever, anyways here's the logs:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4003

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/21/2010 10:13:22 PM
mbam-log-2010-04-21 (22-13-22).txt

Scan type: Quick scan
Objects scanned: 122950
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



and


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, April 22, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, April 22, 2010 17:22:55
Records in database: 3968016
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 79554
Threats found: 2
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 02:51:17


File name / Threat / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Users\removed\Desktop\all\mirc\mirc.exe.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Users\removed\Desktop\Anti_freezel\Anti_freezel\Anti-freezel\mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Users\removed\Downloads\Anti_freezel\Anti_freezel\Anti-freezel\mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Users\removed\Downloads\Anti_freezel.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Users\removed\Downloads\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.
  • 0

#12
mpascal
Posted 22 April 2010 - 05:46 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
There doesn't appear to be any malware issues on your machine. Do you see any pattern with when your computer crashes?
  • 0

#13
Pookani
Posted 22 April 2010 - 06:50 PM

Pookani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

There doesn't appear to be any malware issues on your machine. Do you see any pattern with when your computer crashes?


There's no pattern, it's just very random.
  • 0

#14
mpascal
Posted 22 April 2010 - 07:10 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
When you ran OTL for the first time, was there another log named Extras.txt?
  • 0

#15
Pookani
Posted 22 April 2010 - 07:11 PM

Pookani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

When you ran OTL for the first time, was there another log named Extras.txt?


No I didn't get the extras.txt file. Should I try scanning with OTL and see if I get the file again?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP