Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can't remove "trojanDownloader:Win32/Dofoil.R"


  • Please log in to reply

#1
negotiator

negotiator

    New Member

  • Member
  • Pip
  • 2 posts
hi I am using windows 7

Whenever I connect to internet, many files are downloaded in my temp folder like 167.exe 578.exe etc. Then these files begins to execute one by one. These files asks for my permissions. If I deny the permissions, they keep on asking it again and again.

My windows defender detects TrojanDownloader:Win32/Dofoil.R
I think this is the virus that downloads these files and If i select to quarantine it, it says not found and the problem continues. It makes use of my internet bandwidth also.

Scanner- avast
nothing found


-------------- OTL log----------

OTL logfile created on: 12/13/2012 20:33:42 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\manni\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 70.58% Memory free
5.49 Gb Paging File | 4.60 Gb Available in Paging File | 83.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 7.06 Gb Free Space | 11.77% Space Free | Partition Type: NTFS
Drive D: | 80.00 Gb Total Space | 25.10 Gb Free Space | 31.37% Space Free | Partition Type: NTFS
Drive E: | 66.88 Gb Total Space | 6.30 Gb Free Space | 9.42% Space Free | Partition Type: NTFS
Drive F: | 91.21 Gb Total Space | 12.73 Gb Free Space | 13.96% Space Free | Partition Type: NTFS
Drive H: | 26.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BLACKBOX | User Name: manni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/13 20:14:56 | 000,630,272 | ---- | M] (OldTimer Tools) -- C:\Users\manni\Desktop\OTL.exe
PRC - [2012/12/13 11:23:47 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/10/08 19:43:14 | 000,278,920 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2012/08/29 11:37:30 | 008,224,768 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2012/04/13 14:49:12 | 000,114,688 | ---- | M] () -- C:\ProgramData\ChgService.exe
PRC - [2011/08/09 16:24:36 | 001,449,296 | ---- | M] () -- C:\Program Files\Reliance 3G\UIMain.exe
PRC - [2011/08/09 16:24:36 | 000,270,672 | ---- | M] () -- C:\Program Files\Reliance 3G\AssistantServices.exe
PRC - [2011/08/09 16:24:36 | 000,153,424 | ---- | M] () -- C:\Program Files\Reliance 3G\UIExec.exe
PRC - [2010/05/07 02:29:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/07 02:29:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/07 02:29:25 | 000,119,200 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/04/12 14:10:16 | 000,208,896 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/08/04 20:45:12 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/04 20:44:44 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/14 06:56:21 | 000,101,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2009/07/14 06:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/13 19:15:33 | 000,184,320 | -HS- | M] () -- C:\Windows\System32\aj074b36.ocx
MOD - [2012/10/08 19:42:58 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/06/18 20:54:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2011/08/09 16:24:36 | 001,461,584 | ---- | M] () -- C:\Program Files\Reliance 3G\UIPlugin\UISetting.dll
MOD - [2011/08/09 16:24:36 | 001,449,296 | ---- | M] () -- C:\Program Files\Reliance 3G\UIMain.exe
MOD - [2011/08/09 16:24:36 | 000,721,232 | ---- | M] () -- C:\Program Files\Reliance 3G\UIPlugin\UISms.dll
MOD - [2011/08/09 16:24:36 | 000,682,832 | ---- | M] () -- C:\Program Files\Reliance 3G\UIPlugin\UIPhoneBook.dll
MOD - [2011/08/09 16:24:36 | 000,608,080 | ---- | M] () -- C:\Program Files\Reliance 3G\UIPlugin\UIConnectRecord.dll
MOD - [2011/08/09 16:24:36 | 000,386,896 | ---- | M] () -- C:\Program Files\Reliance 3G\UISkin.dll
MOD - [2011/08/09 16:24:36 | 000,324,432 | ---- | M] () -- C:\Program Files\Reliance 3G\UIPlugin\UIUssd.dll
MOD - [2011/08/09 16:24:36 | 000,312,656 | ---- | M] () -- C:\Program Files\Reliance 3G\UIPlugin\UIStk.dll
MOD - [2011/08/09 16:24:36 | 000,284,496 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIDataBase.dll
MOD - [2011/08/09 16:24:36 | 000,253,776 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BISetting.dll
MOD - [2011/08/09 16:24:36 | 000,250,704 | ---- | M] () -- C:\Program Files\Reliance 3G\UICommonDlg.dll
MOD - [2011/08/09 16:24:36 | 000,242,000 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BKService.dll
MOD - [2011/08/09 16:24:36 | 000,236,368 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIConfig.dll
MOD - [2011/08/09 16:24:36 | 000,225,616 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BISms.dll
MOD - [2011/08/09 16:24:36 | 000,185,168 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BICodec.dll
MOD - [2011/08/09 16:24:36 | 000,177,488 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIXml.dll
MOD - [2011/08/09 16:24:36 | 000,175,440 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIPhoneBook.dll
MOD - [2011/08/09 16:24:36 | 000,155,472 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIRas.dll
MOD - [2011/08/09 16:24:36 | 000,153,424 | ---- | M] () -- C:\Program Files\Reliance 3G\UIExec.exe
MOD - [2011/08/09 16:24:36 | 000,145,232 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIService.dll
MOD - [2011/08/09 16:24:36 | 000,145,232 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIDevManager.dll
MOD - [2011/08/09 16:24:36 | 000,135,504 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIOptimizationClient.dll
MOD - [2011/08/09 16:24:36 | 000,125,264 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BILog.dll
MOD - [2011/08/09 16:24:36 | 000,124,752 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIConnectRecord.dll
MOD - [2011/08/09 16:24:36 | 000,104,784 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIStk.dll
MOD - [2011/08/09 16:24:36 | 000,096,080 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIVoice.dll
MOD - [2011/08/09 16:24:36 | 000,096,080 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BIUssd.dll
MOD - [2011/08/09 16:24:36 | 000,090,448 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\SysService.dll
MOD - [2011/08/09 16:24:36 | 000,089,936 | ---- | M] () -- C:\Program Files\Reliance 3G\Component\BICallRecord.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/14 06:45:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll


========== Services (SafeList) ==========

SRV - [2012/11/20 07:42:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/08/29 11:37:30 | 008,224,768 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV - [2012/04/13 14:49:12 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\ProgramData\ChgService.exe -- (Change Modem Device Service)
SRV - [2011/08/09 16:24:36 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Reliance 3G\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/05/07 02:29:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/07 02:29:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/07 02:29:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/07 02:29:25 | 000,119,200 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2009/08/04 20:44:44 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/12/13 20:29:29 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\mcsysx.sys -- (msfindsrv01)
DRV - [2011/09/15 11:02:04 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011/03/26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/05/07 02:11:30 | 000,099,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/05/07 02:11:12 | 000,307,280 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/05/07 02:10:49 | 000,190,416 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/05/07 02:09:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/07 02:09:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/07 02:04:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/07 02:04:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/07 02:03:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/12 14:14:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/20 01:40:13 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2009/08/04 21:22:18 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/23 23:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/14 06:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 06:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 06:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 04:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 04:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 03:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 03:32:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/05/04 21:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 46 AF 39 50 CD CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {A32C7A75-E603-47F3-8C8E-5886A8E3A4DF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A32C7A75-E603-47F3-8C8E-5886A8E3A4DF}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012/11/18 18:33:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manni\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:

O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Adobe PDF Link Helper) - {4F404AF6-7C8D-539D-56D9-6B4663232DD4} - C:\Windows\System32\moriccons.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File not found
O4 - HKLM..\Run: [UIExec] C:\Program Files\Reliance 3G\UIExec.exe ()
O4 - HKCU..\Run: [cdchbhdskuqtyvkitmc] C:\Users\manni\AppData\Roaming\cdchbhdskuqtyvkitmc.exe File not found
O4 - HKCU..\Run: [DeviceMgr] C:\Users\manni\AppData\Roaming\sb123nb.EXE File not found
O4 - HKCU..\Run: [engel] C:\Users\manni\AppData\Roaming\updates\updates.exe ()
O4 - HKCU..\Run: [MSConfig] C:\Users\manni\iryfiywa.exe ()
O4 - HKCU..\Run: [pnlpchd] C:\Users\manni\jsmafsikh.exe ()
O4 - HKCU..\Run: [tnssb] C:\Users\manni\AppData\Roaming\ljysba.EXE File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [VideoMgr] C:\Users\manni\AppData\Roaming\lqc6lb.EXE File not found
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0kfqvvl.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4qqqqv5.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aa0qgg5l.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cnciiic2x2.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvggvvaqvq.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j8uupuj7z.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llvq8vaa.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p6je9pje.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppe70jzeu.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pupzjujj.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s1smmmm6mx.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sx81c6hssx.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tzj3jjeezeo.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vffvvlvql.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlgvvv5qggl.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlqqlaav.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xccx9h21s.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xx6mscsm.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YOUTUBE.PLAYER.exe ()
F3 - HKCU WinNT: Load - (C:\Users\manni\LOCALS~1\Temp\msetwb.com) - C:\Users\manni\Local Settings\Temp\msetwb.com ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 50756 = C:\PROGRA~2\LOCALS~1\Temp\mszamkuh.scr ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Reaper = C:\Users\manni\AppData\Roaming\CBCA59\CBCA59.exe ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39F75425-3B21-4AEA-9F35-D2BCF366FAE6}: NameServer = 208.67.222.222 208.67.220.220
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\manni\slcwjcml.exe) - C:\Users\manni\slcwjcml.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/16 23:19:38 | 000,000,034 | R--- | M] () - H:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2011/09/02 14:46:41 | 000,000,061 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6adad67e-3170-11e2-b659-00238bcf78b2}\Shell - "" = AutoRun
O33 - MountPoints2\{6adad67e-3170-11e2-b659-00238bcf78b2}\Shell\AutoRun\command - "" = H:\Windows/AutoRun.exe -- [2011/08/04 16:11:20 | 000,370,000 | R--- | M] ()
O33 - MountPoints2\{8ac6035f-3d3f-11e2-8190-00238bcf78b2}\Shell - "" = AutoRun
O33 - MountPoints2\{8ac6035f-3d3f-11e2-8190-00238bcf78b2}\Shell\AutoRun\command - "" = J:\.\ShowModem.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe /dvd
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/13 20:13:14 | 000,630,272 | ---- | C] (OldTimer Tools) -- C:\Users\manni\Desktop\OTL.exe
[2012/12/13 19:30:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/12/13 18:57:25 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\Diagnostics
[2012/12/13 16:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/13 13:29:55 | 000,000,000 | ---D | C] -- C:\updates
[2012/12/13 13:28:07 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/12/13 13:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/12/13 13:14:28 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\updates
[2012/12/13 11:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/12/12 20:05:21 | 000,000,000 | ---D | C] -- C:\Users\manni\Documents\Floodgate
[2012/12/12 20:02:38 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\PlayFirst
[2012/12/12 20:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2012/12/12 19:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Gogii
[2012/12/12 19:42:10 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\casualArts
[2012/12/12 19:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\casualArts
[2012/12/12 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\ValuSoft
[2012/12/12 18:39:29 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\PathToSuccess
[2012/12/12 18:37:30 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Big Fish Games
[2012/12/12 16:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/12/07 16:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/12/07 16:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/12/05 16:22:06 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\Shareaza
[2012/12/05 16:22:01 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Shareaza
[2012/12/05 16:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shareaza
[2012/12/03 17:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MMX352G 3G USB Manager
[2012/12/03 17:37:48 | 000,105,984 | ---- | C] (QUALCOMM Incorporated) -- C:\Windows\System32\drivers\cmnsusbser.sys
[2012/12/03 17:37:48 | 000,103,424 | ---- | C] (Thesycon GmbH) -- C:\Windows\System32\MyDIT_GenClassCoInst.dll
[2012/12/03 17:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\MMX352G 3G USB Manager
[2012/12/03 02:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/03 02:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LimeWire
[2012/12/03 02:03:23 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LimeWire
[2012/12/02 12:19:41 | 000,000,000 | ---D | C] -- C:\Users\manni\Documents\NetBeansProjects
[2012/12/02 09:27:45 | 000,000,000 | ---D | C] -- C:\Users\manni\.netbeans
[2012/12/01 00:35:26 | 000,000,000 | ---D | C] -- C:\Users\manni\Documents\ValuSoft
[2012/12/01 00:33:38 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tabloid Tycoon
[2012/12/01 00:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tabloid Tycoon
[2012/11/30 22:43:40 | 000,000,000 | ---D | C] -- C:\Users\manni\Documents\LimeWire
[2012/11/30 22:42:12 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\LimeWire
[2012/11/30 22:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2012/11/30 19:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Shareaza
[2012/11/29 21:46:41 | 000,000,000 | ---D | C] -- C:\Users\manni\Documents\FIFA MANAGER 12
[2012/11/28 15:51:28 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\Iron Sky
[2012/11/28 15:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Iron Sky
[2012/11/28 15:49:52 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\G2Launcher
[2012/11/28 15:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\G2Launcher
[2012/11/26 10:49:11 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\Microsoft Games
[2012/11/25 20:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxing Manager
[2012/11/25 20:19:05 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Friday's games
[2012/11/25 20:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com
[2012/11/25 20:18:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\3099
[2012/11/25 19:17:29 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\ProgSense
[2012/11/25 19:17:26 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\GrabPro
[2012/11/25 19:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/11/25 19:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2012/11/25 19:17:20 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\OpenCandy
[2012/11/25 19:16:23 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Orbit
[2012/11/25 13:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wbm
[2012/11/25 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\InstallShield
[2012/11/25 09:53:52 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\KatGames
[2012/11/25 09:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\KatGames
[2012/11/24 18:49:53 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\STARGAZE_IMAGE_CACHE
[2012/11/24 18:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Stargaze
[2012/11/24 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\playfirst
[2012/11/24 14:02:18 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/11/23 15:14:50 | 000,000,000 | ---D | C] -- C:\Users\manni\Desktop\dump
[2012/11/20 17:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\glassfish-3.1.1
[2012/11/20 16:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
[2012/11/20 16:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.0.1
[2012/11/20 16:47:13 | 000,000,000 | ---D | C] -- C:\Users\manni\.nbi
[2012/11/20 16:11:21 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2012/11/20 16:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2012/11/20 16:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2012/11/20 15:08:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/11/20 15:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/11/19 15:35:23 | 000,000,000 | ---D | C] -- C:\Users\manni\Documents\EA SPORTS™ Cricket 07
[2012/11/19 15:32:13 | 000,000,000 | ---D | C] -- C:\Users\manni\Documents\NFS Most Wanted
[2012/11/19 14:36:33 | 000,000,000 | ---D | C] -- C:\Users\manni\Documents\FIFA 12
[2012/11/19 05:44:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/19 05:42:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/11/19 05:40:36 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/11/19 05:32:42 | 000,000,000 | ---D | C] -- C:\Windows.old
[2012/11/18 21:13:23 | 000,000,000 | ---D | C] -- C:\Users\manni\.grails
[2012/11/18 21:10:41 | 000,000,000 | ---D | C] -- C:\Users\manni\IdeaProjects
[2012/11/18 21:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/11/18 21:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/11/18 21:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/18 19:00:43 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Macromedia
[2012/11/18 18:58:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/11/18 18:33:21 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Mozilla
[2012/11/18 17:23:44 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\ATI
[2012/11/18 17:23:44 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\ATI
[2012/11/18 17:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/11/18 17:23:39 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\TSVNCache
[2012/11/18 17:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/11/18 17:17:12 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Subversion
[2012/11/18 17:17:04 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Adobe
[2012/11/18 17:17:04 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\Adobe
[2012/11/18 17:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2012/11/18 17:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2012/11/18 17:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2012/11/18 17:16:10 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GNU CLISP 2.49
[2012/11/18 17:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNU CLISP 2.49
[2012/11/18 17:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\clisp-2.49
[2012/11/18 17:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/11/18 17:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/11/18 17:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/11/18 17:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/11/18 17:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/11/18 17:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/11/18 17:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/11/18 17:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/11/18 17:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/11/18 17:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/11/18 17:06:17 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\WinRAR
[2012/11/18 17:06:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/11/18 17:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/11/18 17:03:05 | 000,000,000 | ---D | C] -- C:\Users\manni\.IntelliJIdea11
[2012/11/18 17:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/11/18 17:00:19 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
[2012/11/18 17:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\JetBrains
[2012/11/18 16:59:58 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\Microsoft Help
[2012/11/18 16:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/11/18 16:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/11/18 16:54:01 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/11/18 16:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/11/18 16:53:59 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Notepad++
[2012/11/18 16:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012/11/18 16:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/11/18 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\Google
[2012/11/18 16:51:59 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Opera
[2012/11/18 16:51:59 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\Opera
[2012/11/18 16:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/11/18 16:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012/11/18 16:47:23 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2012/11/18 16:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2012/11/18 16:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/11/18 16:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2012/11/18 16:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012/11/18 16:46:43 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Winamp
[2012/11/18 16:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012/11/18 16:44:55 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\uTorrent
[2012/11/18 16:44:44 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\vlc
[2012/11/18 16:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/11/18 16:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/11/18 16:43:30 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2012/11/18 16:43:30 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2012/11/18 16:43:30 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2012/11/18 16:43:30 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2012/11/18 16:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reliance 3G
[2012/11/18 16:43:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB
[2012/11/18 16:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/11/18 16:43:12 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/11/18 16:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reliance 3G
[2012/11/18 16:43:11 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/11/18 16:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/11/18 16:35:51 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/11/18 16:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/11/18 16:35:50 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/11/18 16:35:49 | 000,307,280 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/11/18 16:35:47 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/11/18 16:35:26 | 000,190,416 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/11/18 16:35:25 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/11/18 16:35:24 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/11/18 16:35:22 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/11/18 16:34:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/11/18 16:34:41 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/11/18 16:34:40 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2012/11/18 16:34:40 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2012/11/18 16:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/11/18 16:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/11/18 16:32:09 | 000,000,000 | R--D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/18 16:32:09 | 000,000,000 | R--D | C] -- C:\Users\manni\Searches
[2012/11/18 16:32:09 | 000,000,000 | R--D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/11/18 16:32:09 | 000,000,000 | -H-D | C] -- C:\Users\manni\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/11/18 16:32:00 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Identities
[2012/11/18 16:31:57 | 000,000,000 | R--D | C] -- C:\Users\manni\Contacts
[2012/11/18 16:31:46 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\VirtualStore
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\AppData\Local\Temporary Internet Files
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\Templates
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\Start Menu
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\SendTo
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\Recent
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\PrintHood
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\NetHood
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\Documents\My Videos
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\Documents\My Pictures
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\Documents\My Music
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\My Documents
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\Local Settings
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\AppData\Local\History
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\Cookies
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\Application Data
[2012/11/18 16:31:44 | 000,000,000 | -HSD | C] -- C:\Users\manni\AppData\Local\Application Data
[2012/11/18 16:31:43 | 000,000,000 | --SD | C] -- C:\Users\manni\AppData\Roaming\Microsoft
[2012/11/18 16:31:43 | 000,000,000 | R--D | C] -- C:\Users\manni\Videos
[2012/11/18 16:31:43 | 000,000,000 | R--D | C] -- C:\Users\manni\Saved Games
[2012/11/18 16:31:43 | 000,000,000 | R--D | C] -- C:\Users\manni\Pictures
[2012/11/18 16:31:43 | 000,000,000 | R--D | C] -- C:\Users\manni\Music
[2012/11/18 16:31:43 | 000,000,000 | R--D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/18 16:31:43 | 000,000,000 | R--D | C] -- C:\Users\manni\Links
[2012/11/18 16:31:43 | 000,000,000 | R--D | C] -- C:\Users\manni\Favorites
[2012/11/18 16:31:43 | 000,000,000 | R--D | C] -- C:\Users\manni\Downloads
[2012/11/18 16:31:43 | 000,000,000 | R--D | C] -- C:\Users\manni\Documents
[2012/11/18 16:31:43 | 000,000,000 | R--D | C] -- C:\Users\manni\Desktop
[2012/11/18 16:31:43 | 000,000,000 | R--D | C] -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/18 16:31:43 | 000,000,000 | -H-D | C] -- C:\Users\manni\AppData
[2012/11/18 16:31:43 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\Temp
[2012/11/18 16:31:43 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Local\Microsoft
[2012/11/18 16:31:43 | 000,000,000 | ---D | C] -- C:\Users\manni\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2012/12/13 20:36:29 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 20:36:29 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 20:31:33 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/13 20:31:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/13 20:31:05 | 2212,360,192 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/13 20:29:29 | 000,008,192 | ---- | M] () -- C:\Windows\System32\drivers\mcsysx.sys
[2012/12/13 20:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/13 20:14:56 | 000,630,272 | ---- | M] (OldTimer Tools) -- C:\Users\manni\Desktop\OTL.exe
[2012/12/13 20:06:22 | 000,009,248 | ---- | M] () -- C:\Users\manni\Desktop\ComboFix.exe
[2012/12/13 19:51:11 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pupzjujj.exe
[2012/12/13 19:51:10 | 000,081,408 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j8uupuj7z.exe
[2012/12/13 19:51:08 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppe70jzeu.exe
[2012/12/13 19:51:06 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p6je9pje.exe
[2012/12/13 19:46:52 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/13 19:46:52 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/13 19:15:33 | 000,184,320 | -HS- | M] () -- C:\Windows\System32\aj074b36.ocx
[2012/12/13 19:15:33 | 000,184,320 | -HS- | M] () -- C:\Windows\System32\2eipqd28.dll
[2012/12/13 19:15:33 | 000,184,320 | -HS- | M] () -- C:\Windows\System32\29u5.dll
[2012/12/13 19:14:42 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlqqlaav.exe
[2012/12/13 19:14:42 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlgvvv5qggl.exe
[2012/12/13 19:14:42 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aa0qgg5l.exe
[2012/12/13 19:14:42 | 000,081,408 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvggvvaqvq.exe
[2012/12/13 18:54:24 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cnciiic2x2.exe
[2012/12/13 17:50:26 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tzj3jjeezeo.exe
[2012/12/13 16:59:38 | 000,002,241 | ---- | M] () -- C:\Users\manni\Desktop\Google Chrome.lnk
[2012/12/13 13:28:41 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xx6mscsm.exe
[2012/12/13 13:28:37 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s1smmmm6mx.exe
[2012/12/13 13:28:35 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sx81c6hssx.exe
[2012/12/13 13:28:34 | 000,081,408 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xccx9h21s.exe
[2012/12/13 13:24:00 | 000,001,374 | ---- | M] () -- C:\Users\manni\Desktop\Temp - Shortcut.lnk
[2012/12/13 13:19:39 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llvq8vaa.exe
[2012/12/13 13:19:31 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4qqqqv5.exe
[2012/12/13 13:19:27 | 000,081,408 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vffvvlvql.exe
[2012/12/13 13:19:17 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0kfqvvl.exe
[2012/12/13 13:18:32 | 000,137,216 | RHS- | M] () -- C:\Users\manni\slcwjcml.exe
[2012/12/13 13:15:31 | 000,163,840 | -H-- | M] () -- C:\Users\manni\iryfiywa.exe
[2012/12/13 13:14:36 | 000,137,216 | RHS- | M] () -- C:\Users\manni\jsmafsikh.exe
[2012/12/13 13:14:20 | 000,062,464 | ---- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YOUTUBE.PLAYER.exe
[2012/12/09 19:26:49 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/12/05 03:24:53 | 000,003,584 | ---- | M] () -- C:\Users\manni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/04 02:57:00 | 000,001,265 | ---- | M] () -- C:\Users\manni\Desktop\New folder (2) - Shortcut.lnk
[2012/12/03 02:03:23 | 000,001,869 | ---- | M] () -- C:\Users\manni\Desktop\LimeWire 5.5.16.lnk
[2012/11/28 15:37:28 | 000,000,600 | ---- | M] () -- C:\Users\manni\PUTTY.RND
[2012/11/27 18:34:09 | 008,363,379 | ---- | M] () -- C:\Users\manni\Desktop\WBM_manual_EN.pdf
[2012/11/27 18:09:19 | 000,000,334 | ---- | M] () -- C:\Users\manni\AppData\Roaming\ribb
[2012/11/27 18:09:13 | 000,000,592 | -H-- | M] () -- C:\Users\manni\AppData\Roaming\tnsb
[2012/11/27 18:09:09 | 000,000,712 | ---- | M] () -- C:\Users\manni\AppData\Roaming\dajj
[2012/11/20 16:10:32 | 027,601,408 | ---- | M] () -- C:\Users\manni\Documents\mysql-workbench-gpl-5.2.44-win32.msi
[2012/11/20 15:44:29 | 032,644,608 | ---- | M] () -- C:\Users\manni\Documents\mysql-5.5.28-win32.msi
[2012/11/19 05:46:16 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/11/19 05:44:18 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/11/19 05:40:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/11/18 17:23:14 | 000,412,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/18 16:48:07 | 000,001,413 | ---- | M] () -- C:\Users\manni\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/18 16:41:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/11/18 16:35:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2012/12/13 20:00:59 | 000,009,248 | ---- | C] () -- C:\Users\manni\Desktop\ComboFix.exe
[2012/12/13 19:51:16 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pupzjujj.exe
[2012/12/13 19:51:15 | 000,081,408 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j8uupuj7z.exe
[2012/12/13 19:51:13 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppe70jzeu.exe
[2012/12/13 19:51:11 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p6je9pje.exe
[2012/12/13 19:27:59 | 000,184,320 | -HS- | C] () -- C:\Windows\System32\aj074b36.ocx
[2012/12/13 19:17:32 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\mcsysx.sys
[2012/12/13 19:16:10 | 000,184,320 | -HS- | C] () -- C:\Windows\System32\2eipqd28.dll
[2012/12/13 19:15:45 | 000,184,320 | -HS- | C] () -- C:\Windows\System32\29u5.dll
[2012/12/13 19:14:49 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlgvvv5qggl.exe
[2012/12/13 19:14:48 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlqqlaav.exe
[2012/12/13 19:14:48 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aa0qgg5l.exe
[2012/12/13 19:14:48 | 000,081,408 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvggvvaqvq.exe
[2012/12/13 18:54:32 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cnciiic2x2.exe
[2012/12/13 17:50:33 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tzj3jjeezeo.exe
[2012/12/13 16:59:38 | 000,002,241 | ---- | C] () -- C:\Users\manni\Desktop\Google Chrome.lnk
[2012/12/13 16:59:13 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/13 16:59:12 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/13 13:28:46 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xx6mscsm.exe
[2012/12/13 13:28:43 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s1smmmm6mx.exe
[2012/12/13 13:28:42 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sx81c6hssx.exe
[2012/12/13 13:28:41 | 000,081,408 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xccx9h21s.exe
[2012/12/13 13:24:00 | 000,001,374 | ---- | C] () -- C:\Users\manni\Desktop\Temp - Shortcut.lnk
[2012/12/13 13:19:44 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llvq8vaa.exe
[2012/12/13 13:19:37 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4qqqqv5.exe
[2012/12/13 13:19:34 | 000,081,408 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vffvvlvql.exe
[2012/12/13 13:19:21 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0kfqvvl.exe
[2012/12/13 13:18:34 | 000,137,216 | RHS- | C] () -- C:\Users\manni\slcwjcml.exe
[2012/12/13 13:15:31 | 000,163,840 | -H-- | C] () -- C:\Users\manni\iryfiywa.exe
[2012/12/13 13:14:38 | 000,137,216 | RHS- | C] () -- C:\Users\manni\jsmafsikh.exe
[2012/12/13 13:14:28 | 000,062,464 | ---- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YOUTUBE.PLAYER.exe
[2012/12/04 02:57:00 | 000,001,265 | ---- | C] () -- C:\Users\manni\Desktop\New folder (2) - Shortcut.lnk
[2012/12/03 17:37:47 | 000,114,688 | ---- | C] () -- C:\ProgramData\ChgService.exe
[2012/12/03 02:03:23 | 000,001,869 | ---- | C] () -- C:\Users\manni\Desktop\LimeWire 5.5.16.lnk
[2012/11/30 20:06:59 | 000,003,584 | ---- | C] () -- C:\Users\manni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/27 18:34:08 | 008,363,379 | ---- | C] () -- C:\Users\manni\Desktop\WBM_manual_EN.pdf
[2012/11/27 18:09:13 | 000,000,592 | -H-- | C] () -- C:\Users\manni\AppData\Roaming\tnsb
[2012/11/27 18:09:09 | 000,000,712 | ---- | C] () -- C:\Users\manni\AppData\Roaming\dajj
[2012/11/25 20:18:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/11/20 15:55:54 | 027,601,408 | ---- | C] () -- C:\Users\manni\Documents\mysql-workbench-gpl-5.2.44-win32.msi
[2012/11/20 15:41:44 | 032,644,608 | ---- | C] () -- C:\Users\manni\Documents\mysql-5.5.28-win32.msi
[2012/11/20 15:07:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/11/19 05:46:09 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/11/19 05:46:01 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/11/19 05:44:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/11/18 23:19:05 | 000,000,334 | ---- | C] () -- C:\Users\manni\AppData\Roaming\ribb
[2012/11/18 18:35:37 | 000,000,600 | ---- | C] () -- C:\Users\manni\PUTTY.RND
[2012/11/18 17:15:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/11/18 16:51:57 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/11/18 16:48:07 | 000,001,413 | ---- | C] () -- C:\Users\manni\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/18 16:41:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/11/18 16:32:12 | 000,001,419 | ---- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/18 16:31:44 | 000,000,290 | ---- | C] () -- C:\Users\manni\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/11/18 16:31:44 | 000,000,272 | ---- | C] () -- C:\Users\manni\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:16:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 06:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/12 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\Big Fish Games
[2012/12/12 19:42:10 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\casualArts
[2012/12/13 13:25:20 | 000,000,000 | -HSD | M] -- C:\Users\manni\AppData\Roaming\CBCA59
[2012/11/25 20:19:05 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\Friday's games
[2012/11/25 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\GrabPro
[2012/11/25 09:53:52 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\KatGames
[2012/12/03 00:48:53 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\LimeWire
[2012/11/20 09:09:55 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\Notepad++
[2012/11/25 19:17:20 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\OpenCandy
[2012/11/18 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\Opera
[2012/12/03 02:02:58 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\Orbit
[2012/12/12 18:39:55 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\PathToSuccess
[2012/12/12 20:02:38 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\PlayFirst
[2012/11/25 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\ProgSense
[2012/12/08 03:43:26 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\Shareaza
[2012/11/18 17:17:12 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\Subversion
[2012/12/13 13:14:28 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\updates
[2012/12/13 20:31:39 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\uTorrent
[2012/12/12 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\manni\AppData\Roaming\ValuSoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 780432 bytes -> C:\Users\manni\AppData\Roaming\desktop.ini:init
@Alternate Data Stream - 16 bytes -> C:\Users\manni\Downloads:Shareaza.GUID
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:137E60A0

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
WARNING: IF your desktop icons are missing delete the line:
[EMPTYTEMP] under :Commands before running the following script!

Copy the text in the code box by highlighting and Ctrl + c


:OTL
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File not found
O4 - HKCU..\Run: [cdchbhdskuqtyvkitmc] C:\Users\manni\AppData\Roaming\cdchbhdskuqtyvkitmc.exe File not found
O4 - HKCU..\Run: [DeviceMgr] C:\Users\manni\AppData\Roaming\sb123nb.EXE File not found
O4 - HKCU..\Run: [engel] C:\Users\manni\AppData\Roaming\updates\updates.exe ()
O4 - HKCU..\Run: [MSConfig] C:\Users\manni\iryfiywa.exe ()
O4 - HKCU..\Run: [pnlpchd] C:\Users\manni\jsmafsikh.exe ()
O4 - HKCU..\Run: [tnssb] C:\Users\manni\AppData\Roaming\ljysba.EXE File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [VideoMgr] C:\Users\manni\AppData\Roaming\lqc6lb.EXE File not found
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0kfqvvl.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4qqqqv5.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aa0qgg5l.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cnciiic2x2.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvggvvaqvq.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j8uupuj7z.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llvq8vaa.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p6je9pje.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppe70jzeu.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pupzjujj.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s1smmmm6mx.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sx81c6hssx.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tzj3jjeezeo.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vffvvlvql.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlgvvv5qggl.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlqqlaav.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xccx9h21s.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xx6mscsm.exe ()
O4 - Startup: C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YOUTUBE.PLAYER.exe ()
F3 - HKCU WinNT: Load - (C:\Users\manni\LOCALS~1\Temp\msetwb.com) - C:\Users\manni\Local Settings\Temp\msetwb.com ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 50756 = C:\PROGRA~2\LOCALS~1\Temp\mszamkuh.scr ()
O20 - HKCU Winlogon: Shell - (C:\Users\manni\slcwjcml.exe) - C:\Users\manni\slcwjcml.exe ()
[2012/12/13 19:51:11 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pupzjujj.exe
[2012/12/13 19:51:10 | 000,081,408 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j8uupuj7z.exe
[2012/12/13 19:51:08 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppe70jzeu.exe
[2012/12/13 19:51:06 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p6je9pje.exe
[2012/12/13 19:15:33 | 000,184,320 | -HS- | M] () -- C:\Windows\System32\aj074b36.ocx
[2012/12/13 19:15:33 | 000,184,320 | -HS- | M] () -- C:\Windows\System32\2eipqd28.dll
[2012/12/13 19:15:33 | 000,184,320 | -HS- | M] () -- C:\Windows\System32\29u5.dll
[2012/12/13 19:14:42 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlqqlaav.exe
[2012/12/13 19:14:42 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlgvvv5qggl.exe
[2012/12/13 19:14:42 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aa0qgg5l.exe
[2012/12/13 19:14:42 | 000,081,408 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvggvvaqvq.exe
[2012/12/13 18:54:24 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cnciiic2x2.exe
[2012/12/13 17:50:26 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tzj3jjeezeo.exe
[2012/12/13 13:28:41 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xx6mscsm.exe
[2012/12/13 13:28:37 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s1smmmm6mx.exe
[2012/12/13 13:28:35 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sx81c6hssx.exe
[2012/12/13 13:28:34 | 000,081,408 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xccx9h21s.exe
[2012/12/13 13:19:39 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llvq8vaa.exe
[2012/12/13 13:19:31 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4qqqqv5.exe
[2012/12/13 13:19:27 | 000,081,408 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vffvvlvql.exe
[2012/12/13 13:19:17 | 000,088,576 | RHS- | M] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0kfqvvl.exe
[2012/12/13 13:18:32 | 000,137,216 | RHS- | M] () -- C:\Users\manni\slcwjcml.exe
[2012/12/13 13:15:31 | 000,163,840 | -H-- | M] () -- C:\Users\manni\iryfiywa.exe
[2012/12/13 13:14:36 | 000,137,216 | RHS- | M] () -- C:\Users\manni\jsmafsikh.exe
[2012/11/27 18:09:19 | 000,000,334 | ---- | M] () -- C:\Users\manni\AppData\Roaming\ribb
[2012/11/27 18:09:13 | 000,000,592 | -H-- | M] () -- C:\Users\manni\AppData\Roaming\tnsb
[2012/11/27 18:09:09 | 000,000,712 | ---- | M] () -- C:\Users\manni\AppData\Roaming\dajj
[2012/12/13 19:51:16 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pupzjujj.exe
[2012/12/13 19:51:15 | 000,081,408 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j8uupuj7z.exe
[2012/12/13 19:51:13 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppe70jzeu.exe
[2012/12/13 19:51:11 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p6je9pje.exe
[2012/12/13 19:27:59 | 000,184,320 | -HS- | C] () -- C:\Windows\System32\aj074b36.ocx
[2012/12/13 19:17:32 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\mcsysx.sys
[2012/12/13 19:16:10 | 000,184,320 | -HS- | C] () -- C:\Windows\System32\2eipqd28.dll
[2012/12/13 19:15:45 | 000,184,320 | -HS- | C] () -- C:\Windows\System32\29u5.dll
[2012/12/13 19:14:49 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlgvvv5qggl.exe
[2012/12/13 19:14:48 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlqqlaav.exe
[2012/12/13 19:14:48 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aa0qgg5l.exe
[2012/12/13 19:14:48 | 000,081,408 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvggvvaqvq.exe
[2012/12/13 18:54:32 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cnciiic2x2.exe
[2012/12/13 17:50:33 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tzj3jjeezeo.exe
[2012/12/13 13:28:46 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xx6mscsm.exe
[2012/12/13 13:28:43 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s1smmmm6mx.exe
[2012/12/13 13:28:42 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sx81c6hssx.exe
[2012/12/13 13:28:41 | 000,081,408 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xccx9h21s.exe
[2012/12/13 13:19:44 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\llvq8vaa.exe
[2012/12/13 13:19:37 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4qqqqv5.exe
[2012/12/13 13:19:34 | 000,081,408 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vffvvlvql.exe
[2012/12/13 13:19:21 | 000,088,576 | RHS- | C] () -- C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0kfqvvl.exe
[2012/12/13 13:18:34 | 000,137,216 | RHS- | C] () -- C:\Users\manni\slcwjcml.exe
[2012/12/13 13:15:31 | 000,163,840 | -H-- | C] () -- C:\Users\manni\iryfiywa.exe
[2012/12/13 13:14:38 | 000,137,216 | RHS- | C] () -- C:\Users\manni\jsmafsikh.exe
@Alternate Data Stream - 780432 bytes -> C:\Users\manni\AppData\Roaming\desktop.ini:init
@Alternate Data Stream - 16 bytes -> C:\Users\manni\Downloads:Shareaza.GUID
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:137E60A0

:files
at /c
C:\Windows\tasks\At*.job
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\manni\AppData\Local\Temp\*.exe
C:\Users\manni\AppData\Local\Temp\*.dll
sfc.exe /scanfile=c:\windows\system32\services.exe /c
C:\Windows\System32\aj074b36.ocx
sc config msfindsrv01 start= disabled /c
C:\Windows\System32\drivers\mcsysx.sys
C:\Users\manni\*.exe
C:\Users\manni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
C:\Windows\System32\%APPDATA%
C:\PROGRA~2\LOCALS~1\Temp\*.scr

:Commands
[EMPTYTEMP]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\12132012-some number.log so if you don't see it look there.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
tcpip.sys
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#3
negotiator

negotiator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks RKinner for the fast reply

Before your reply I tried my own hand and using the avast firewall blocked all the weird looking connections. The files are no longer being downloaded once deleted. But recently a new problem has occured. I have started getting bsod due to tcpip.sys driver. Also sometimes the system just hangs one by one windows fails to respond and ultimately nothing is responsive. Then I have to power off the system.

1)So are the problems related
2)Do i still have to do your prescribed steps.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
1. Probably
2. Yes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP