Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92370 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Clock keeps reseting to 12 April 2016!


  • This topic is locked This topic is locked
141 replies to this topic

#121 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 16 November 2009 - 05:32 AM

I tried running combifix again while in safe mode, I left the computer for a few minutes and when I came back it had restarted itself - So I'm not sure if it worked. While starting up combifix said I have a prevx scanner on my system. About a year ago I purchased prevx, but found it was not very good so I got a refund and took it off of my system, I can't find it when I try to search for it so I don't know why combifix is saying it is active on my system??

    Advertisements

Register to Remove


#122 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 16 November 2009 - 05:43 AM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - [2016/04/12 00:00:14 | 00,168,960 | ---- | M] () -- C:\Documents and Settings\fabi\Local Settings\temp\b.exe
    PRC - [2009/11/16 09:59:10 | 00,246,784 | ---- | M] () -- C:\WINDOWS\msc.exe
    MOD - [2008/04/14 00:12:08 | 00,176,640 | ---- | M] () -- C:\WINDOWS\uhihekevasuqeru.dll
    O2 - BHO: (no name) - {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [70686633] C:\Documents and Settings\All Users\Application Data\70686633\70686633.exe ()
    O4 - HKLM..\Run: [lsdefrag] C:\Documents and Settings\fabi\Local Settings\temp\tglm.exe ()
    O4 - HKLM..\Run: [NWEReboot] File not found
    O4 - HKLM..\Run: [Otenowaqifih] C:\WINDOWS\uhihekevasuqeru.DLL ()
    O4 - HKLM..\Run: [WinsysMon] C:\Program Files\Common Files\openfile.exe ( )
    O4 - HKCU..\Run: [MailBlocker] C:\Documents and Settings\fabi\Local Settings\temp\b.exe ()
    O4 - HKCU..\Run: [rundll32.exe] File not found
    O4 - HKCU..\Run: [WAB] C:\Documents and Settings\fabi\Application Data\Macromedia\Common\81d6602c19.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
    
    :Files
    C:\Documents and Settings\All Users\Application Data\70686633
    C:\Program Files\Common Files\openfile.exe
    C:\Documents and Settings\fabi\Application Data\vnsys.exe
    C:\WINDOWS\msc.exe
    C:\WINDOWS\msb.exe
    C:\WINDOWS\Rsupiqefameteqar.dat
    C:\WINDOWS\msa.exe
    C:\WINDOWS\rasqervy.dll
    C:\WINDOWS\win32k.sys
    C:\WINDOWS\Mtabimeqaguvimup.bin
    C:\didx.exe
    C:\dnpevj.exe
    C:\Documents and Settings\fabi\Application Data\sysint.exe
    C:\Documents and Settings\fabi\Application Data\excom.exe
    C:\Documents and Settings\fabi\Application Data\updateset.exe
    C:\Documents and Settings\fabi\Application Data\sysdrive.exe
    C:\Documents and Settings\fabi\Application Data\opdriver.exe
    C:\Documents and Settings\fabi\Application Data\gload.exe
    C:\Program Files\Common Files\openfile.exe
    C:\Documents and Settings\fabi\Desktop\Security Tool.lnk
    C:\WINDOWS\System32\drivers\atapi.sys.vir
    C:\WINDOWS\sdfinacs.dll
    C:\WINDOWS\sdfixwcs.dll
    C:\WINDOWS\uhihekevasuqeru.dll
    C:\Documents and Settings\fabi\Local Settings\temp\b.exe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#123 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 16 November 2009 - 06:02 AM

here is the otl fix log -

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named b.exe was found!
No active process named msc.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A45A4B15-23F2-42AD-F4E4-00AAC39C0004}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A45A4B15-23F2-42AD-F4E4-00AAC39C0004}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\70686633 not found.
File C:\Documents and Settings\All Users\Application Data\70686633\70686633.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lsdefrag not found.
File C:\Documents and Settings\fabi\Local Settings\temp\tglm.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Otenowaqifih deleted successfully.
File C:\WINDOWS\uhihekevasuqeru.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinsysMon deleted successfully.
C:\Program Files\Common Files\openfile.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MailBlocker not found.
File C:\Documents and Settings\fabi\Local Settings\temp\b.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rundll32.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WAB deleted successfully.
C:\Documents and Settings\fabi\Application Data\Macromedia\Common\81d6602c19.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\70686633 not found.
File\Folder C:\Program Files\Common Files\openfile.exe not found.
C:\Documents and Settings\fabi\Application Data\vnsys.exe moved successfully.
File\Folder C:\WINDOWS\msc.exe not found.
File\Folder C:\WINDOWS\msb.exe not found.
C:\WINDOWS\Rsupiqefameteqar.dat moved successfully.
File\Folder C:\WINDOWS\msa.exe not found.
File\Folder C:\WINDOWS\rasqervy.dll not found.
C:\WINDOWS\win32k.sys moved successfully.
C:\WINDOWS\Mtabimeqaguvimup.bin moved successfully.
C:\didx.exe moved successfully.
C:\dnpevj.exe moved successfully.
C:\Documents and Settings\fabi\Application Data\sysint.exe moved successfully.
C:\Documents and Settings\fabi\Application Data\excom.exe moved successfully.
C:\Documents and Settings\fabi\Application Data\updateset.exe moved successfully.
C:\Documents and Settings\fabi\Application Data\sysdrive.exe moved successfully.
C:\Documents and Settings\fabi\Application Data\opdriver.exe moved successfully.
C:\Documents and Settings\fabi\Application Data\gload.exe moved successfully.
File\Folder C:\Program Files\Common Files\openfile.exe not found.
File\Folder C:\Documents and Settings\fabi\Desktop\Security Tool.lnk not found.
C:\WINDOWS\System32\drivers\atapi.sys.vir moved successfully.
File\Folder C:\WINDOWS\sdfinacs.dll not found.
File\Folder C:\WINDOWS\sdfixwcs.dll not found.
File\Folder C:\WINDOWS\uhihekevasuqeru.dll not found.
File\Folder C:\Documents and Settings\fabi\Local Settings\temp\b.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: fabi
->Temp folder emptied: 5657 bytes
->Temporary Internet Files folder emptied: 14684526 bytes
->Java cache emptied: 23082646 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MCX1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: sean

User: sean.DC59QB2J
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 25493434 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 56320 bytes
Windows Temp folder emptied: 125464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 59136 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.70 mb


OTL by OldTimer - Version 3.1.5.0 log created on 11162009_114940

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5b0.dat not found!

Registry entries deleted on Reboot...


and the new OTL log

OTL logfile created on: 16/11/2009 12:00:55 - Run 2
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\fabi\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.37 Mb Total Physical Memory | 427.47 Mb Available Physical Memory | 41.81% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.01 Gb Total Space | 31.62 Gb Free Space | 36.34% Space Free | Partition Type: NTFS
Drive D: | 186.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 518.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 216.14 Mb Total Space | 199.82 Mb Free Space | 92.45% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: DC59QB2J
Current User Name: fabi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/16 10:13:11 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\explorer.exe.exe
PRC - [2009/09/14 19:38:34 | 01,422,568 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2009/09/14 19:38:32 | 00,967,912 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2009/08/27 05:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/16 12:20:16 | 25,604,904 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/07/16 12:20:16 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/07/07 15:21:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/07 15:21:21 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/28 21:11:38 | 03,325,952 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2009/02/06 10:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/20 06:50:34 | 02,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 06:46:58 | 00,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 20:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/10/29 17:11:14 | 00,801,544 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe
PRC - [2008/10/29 17:11:06 | 00,300,296 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe
PRC - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
PRC - [2008/05/09 20:55:44 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 16:10:00 | 00,652,624 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE
PRC - [2007/09/13 16:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/09/07 18:16:50 | 00,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2007/09/07 18:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2007/09/07 18:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2007/06/29 05:24:52 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2006/03/24 15:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/08 10:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/02/15 22:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/02/15 22:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/12/28 11:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 10:56:16 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 10:55:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 10:52:32 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/12/09 19:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/12/09 15:54:56 | 00,966,756 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
PRC - [2005/10/20 18:55:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\McrdSvc.exe
PRC - [2005/10/20 18:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe
PRC - [2005/10/20 18:55:40 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSysTry.exe
PRC - [2005/09/29 13:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/08/05 12:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
PRC - [2005/06/10 09:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/12/06 00:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2003/10/29 01:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 01:24:00 | 00,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe


========== Modules (SafeList) ==========

MOD - [2009/11/16 10:13:11 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\explorer.exe.exe
MOD - [2009/09/14 19:38:40 | 00,341,224 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/09/14 19:38:36 | 00,632,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Trusteer\Rapport\bin\msvcr80.dll
MOD - [2008/12/16 20:59:28 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2008/04/14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 00:12:05 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll
MOD - [2008/04/14 00:11:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/14 00:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/14 00:11:48 | 01,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (CSIScanner)
SRV - [2009/09/14 19:38:32 | 00,967,912 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/07/07 15:21:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/16 20:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/03/27 12:08:26 | 00,068,608 | ---- | M] () -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe -- (License Management Service ESD)
SRV - [2007/09/07 18:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/09/06 07:18:52 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/02/05 10:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/25 17:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/02/15 22:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/12/28 11:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/20 18:55:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\McrdSvc.exe -- (McrdSvc)
SRV - [2005/10/20 18:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe -- (RMSvc)
SRV - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2004/08/10 04:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipxsap.dll -- (NwSapAgent)


========== Driver Services (SafeList) ==========

DRV - [2009/09/14 19:38:40 | 00,333,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2009/09/14 19:38:40 | 00,058,856 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009/07/04 10:36:19 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec)
DRV - [2009/07/04 10:36:19 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2008/12/17 06:02:08 | 00,023,832 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 06:01:44 | 06,364,440 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/12/17 06:01:22 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 06:00:14 | 00,768,024 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 05:53:46 | 02,686,104 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/12/16 20:58:54 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/28 16:19:28 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/28 20:54:48 | 00,278,984 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/05/28 20:54:48 | 00,025,416 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/04/13 18:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 18:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 18:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 18:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 18:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 18:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2008/04/13 17:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/23 08:19:44 | 00,501,560 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/02/16 19:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 18:30:12 | 00,012,848 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/16 00:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2007/01/25 17:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/10/18 02:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/06/27 21:26:17 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP)
DRV - [2006/03/24 15:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 10:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/15 22:39:00 | 01,421,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/28 12:22:08 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/04 08:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/30 23:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/11/30 23:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/11/30 23:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/10/04 20:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/08/05 08:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 15:58:14 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 14:28:38 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 16:00:30 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/06/30 12:23:34 | 00,004,608 | ---- | M] (NVIDIA Corporation.) -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2005/06/13 16:27:56 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/12/06 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 00:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 00:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 00:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 02:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/10 04:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 04:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/03/02 08:26:58 | 00,050,007 | ---- | M] (Analog Deivces) -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER)
DRV - [2004/03/02 08:24:16 | 00,127,065 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2004/02/13 08:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/12/19 01:00:00 | 00,006,656 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...&...&channel=uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...&...&channel=uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/07 15:21:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 13:52:56 | 00,000,000 | ---D | M]

[2009/04/16 15:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fabi\Application Data\Mozilla\Extensions
[2008/12/26 13:00:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fabi\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: (759 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF15381.cfx File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\fabi\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Extract Flash Video with Bytescout... - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html ()
O9 - Extra 'Tools' menuitem : Extract Flash Video with Bytescout... - {11C91DA0-5258-4B2F-96C6-6A531C0E0DD7} - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Extract Flash Video with Bytescout... - {BBE87EC9-5D71-483A-99E0-DEE4DF3E466C} - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Dream%20Day%20Wedding%20-%20Viva%20Las%20Vegas/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/29 20:59:46 | 00,000,199 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/09/10 00:18:33 | 00,052,896 | R--- | M] (Her Interactive, Inc.) - E:\autorun2.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/10 00:05:38 | 00,000,046 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/16 11:49:40 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/16 11:05:06 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/16 11:01:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\fabi\Desktop\dds
[2009/11/16 10:13:11 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\explorer.exe.exe
[2009/11/15 00:37:10 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/11/15 00:37:10 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/11/14 23:48:36 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/13 20:52:19 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/11/07 14:05:07 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/07 14:05:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/07 14:05:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/07 14:03:31 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/07 14:03:27 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/07 14:03:26 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/07 14:03:26 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/07 14:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/07 13:58:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/05 17:16:50 | 00,000,000 | ---D | C] -- C:\Program Files\Big City Adventure - New York City
[2009/10/19 12:54:24 | 00,000,000 | ---D | C] -- C:\multiAVCHD

========== Files - Modified Within 30 Days ==========

[2009/11/16 11:57:33 | 00,000,376 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/11/16 11:57:22 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/11/16 11:57:21 | 00,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/11/16 11:57:21 | 00,000,238 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/11/16 11:54:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/16 11:54:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/16 11:54:13 | 10,721,03424 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/16 11:53:14 | 11,010,048 | ---- | M] () -- C:\Documents and Settings\fabi\ntuser.dat
[2009/11/16 11:53:08 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\fabi\ntuser.ini
[2009/11/16 10:20:24 | 00,288,256 | ---- | M] () -- C:\Documents and Settings\fabi\Desktop\explorer.exe.com
[2009/11/16 10:13:11 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\explorer.exe.exe
[2009/11/15 22:30:11 | 01,579,328 | -H-- | M] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\IconCache.db
[2009/11/15 22:26:40 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/15 19:54:15 | 00,190,976 | ---- | M] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/15 19:19:03 | 03,560,550 | R--- | M] () -- C:\Documents and Settings\fabi\Desktop\ComboFix.exe
[2009/11/15 16:06:07 | 00,361,369 | ---- | M] () -- C:\Documents and Settings\fabi\Desktop\dds.com
[2009/11/15 11:23:12 | 00,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/11/15 00:46:58 | 02,226,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/15 00:46:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/14 23:48:54 | 00,000,308 | RHS- | M] () -- C:\boot.ini
[2009/11/14 23:22:17 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/13 20:52:19 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/11/13 20:27:59 | 00,000,437 | ---- | M] () -- C:\Documents and Settings\fabi\My Documents\Shortcut to Shared Documents.lnk
[2009/11/11 12:06:01 | 00,000,244 | ---- | M] () -- C:\Boot.bak
[2009/11/07 14:05:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/06 20:46:06 | 00,472,912 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/06 20:46:05 | 00,085,898 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/06 20:46:04 | 00,568,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/05 17:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/04 12:58:37 | 00,004,482 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/11/04 12:37:54 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/04 12:37:54 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/03 17:01:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/02 12:36:19 | 00,133,875 | ---- | M] () -- C:\Documents and Settings\fabi\My Documents\StockIllustrationsContractSept09[1].pdf
[2009/10/31 20:02:38 | 00,871,936 | ---- | M] () -- C:\Documents and Settings\fabi\My Documents\Nancy Drew 21.doc
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/21 04:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/21 04:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/19 09:32:28 | 00,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk

========== Files Created - No Company Name ==========

[2009/11/16 10:20:20 | 00,288,256 | ---- | C] () -- C:\Documents and Settings\fabi\Desktop\explorer.exe.com
[2009/11/15 16:06:03 | 00,361,369 | ---- | C] () -- C:\Documents and Settings\fabi\Desktop\dds.com
[2009/11/15 13:53:26 | 03,560,550 | R--- | C] () -- C:\Documents and Settings\fabi\Desktop\ComboFix.exe
[2009/11/14 23:48:53 | 00,000,244 | ---- | C] () -- C:\Boot.bak
[2009/11/14 23:48:42 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/14 23:22:17 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/07 14:05:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/07 14:03:31 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/07 14:03:27 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/07 14:03:26 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/07 14:03:26 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/07 14:03:26 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/06 21:57:21 | 00,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/11/06 21:57:05 | 00,000,238 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/11/04 12:37:52 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/04 12:37:52 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/02 12:36:19 | 00,133,875 | ---- | C] () -- C:\Documents and Settings\fabi\My Documents\StockIllustrationsContractSept09[1].pdf
[2009/10/28 20:36:33 | 00,871,936 | ---- | C] () -- C:\Documents and Settings\fabi\My Documents\Nancy Drew 21.doc
[2009/10/14 17:35:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2009/10/01 14:02:24 | 00,019,944 | ---- | C] () -- C:\Program Files\Common Files\fufuwubuha._dl
[2009/10/01 14:02:24 | 00,019,428 | ---- | C] () -- C:\Program Files\Common Files\iluqic.ban
[2009/10/01 14:02:24 | 00,017,513 | ---- | C] () -- C:\Program Files\Common Files\ybecawy.db
[2009/10/01 14:02:24 | 00,017,247 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mizasy.bin
[2009/10/01 14:02:24 | 00,014,503 | ---- | C] () -- C:\Program Files\Common Files\utylimykow.dat
[2009/10/01 14:02:24 | 00,013,913 | ---- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\oxih.dat
[2009/10/01 14:02:24 | 00,011,980 | ---- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\figidakahi.bin
[2009/10/01 14:02:24 | 00,010,733 | ---- | C] () -- C:\Documents and Settings\fabi\Application Data\opozatixe.lib
[2009/10/01 08:32:43 | 00,018,693 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\esam.pif
[2009/10/01 08:32:42 | 00,019,336 | ---- | C] () -- C:\Program Files\Common Files\emiquxut.ban
[2009/10/01 08:32:42 | 00,014,618 | ---- | C] () -- C:\Program Files\Common Files\etena.dl
[2009/10/01 08:32:42 | 00,011,921 | ---- | C] () -- C:\Documents and Settings\fabi\Application Data\qijufofoci.bin
[2009/10/01 08:32:41 | 00,019,496 | ---- | C] () -- C:\Program Files\Common Files\ovamovi.bin
[2009/09/05 21:23:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/07/21 20:57:16 | 00,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/07/18 08:08:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2009/07/12 17:31:04 | 00,000,134 | -H-- | C] () -- C:\Documents and Settings\fabi\Application Data\lakerda1967.sys
[2009/07/12 17:30:37 | 00,010,584 | ---- | C] () -- C:\Documents and Settings\fabi\Application Data\docXConverter (3).ini
[2009/06/22 16:39:28 | 00,000,295 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/05/22 16:34:13 | 00,005,002 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amjmwaey.gaf
[2009/05/21 10:19:39 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/12/17 10:57:46 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2008/12/17 10:57:38 | 00,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/12/17 10:57:38 | 00,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2008/12/17 10:57:35 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2008/12/17 10:57:34 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2008/12/16 20:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/12/11 17:33:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDCurses.INI
[2008/11/27 14:41:20 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/21 12:12:36 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/07/20 11:44:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/06/20 17:11:39 | 01,579,328 | -H-- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\IconCache.db
[2008/06/10 20:11:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhantomOfVenice.INI
[2008/05/28 20:54:48 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/05/28 20:54:48 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/05/08 17:46:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/16 07:42:57 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/02 21:55:17 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/12/01 16:48:12 | 00,000,020 | ---- | C] () -- C:\WINDOWS\musicmv.INI
[2007/12/01 12:59:59 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/12/01 12:59:50 | 00,000,001 | ---- | C] () -- C:\WINDOWS\gaminon.dll
[2007/12/01 11:42:28 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/11/25 13:29:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2007/11/05 11:32:01 | 00,004,482 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/15 07:28:46 | 00,001,301 | ---- | C] () -- C:\WINDOWS\script95.ini
[2007/10/04 13:39:42 | 00,000,168 | RHS- | C] () -- C:\WINDOWS\System32\973D450A65.sys
[2007/09/30 13:21:22 | 00,190,976 | ---- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/10 22:19:33 | 00,037,824 | ---- | C] () -- C:\Documents and Settings\fabi\Application Data\GDIPFONTCACHEV1.DAT
[2007/09/07 21:50:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/05 20:56:29 | 00,037,824 | ---- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/09/05 20:56:12 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\650A453D97.sys
[2007/09/05 20:56:05 | 00,007,518 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/05 17:15:59 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\fusioncache.dat
[2007/09/05 17:15:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\desktop.ini
[2007/07/25 13:24:30 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/25 17:31:36 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/01/10 06:44:26 | 01,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/27 21:40:02 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/27 21:31:04 | 00,000,185 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/27 20:59:17 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/06/27 20:58:01 | 00,000,473 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/26 14:08:28 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/08/16 03:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 03:18:43 | 00,000,661 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 03:18:41 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/16 03:18:21 | 00,129,024 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\rnfiles.exe
[2005/08/16 03:18:21 | 00,105,019 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\loader.exe
[2005/08/16 03:18:21 | 00,099,840 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\driverload.exe
[2005/08/05 13:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/20 21:25:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/12/19 01:00:00 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2002/09/10 15:10:05 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88050731
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E5E0A4D
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2AAF611
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41A00CF0
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60B38AF3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF09BC9E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB64EAA8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B8B2AF8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B5038B1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60516BC3
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FCCEABB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9E9471A
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D41AB8D0
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67C9F690
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1BCFD4A
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
< End of report >

#124 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 16 November 2009 - 06:05 AM

Now, for good measure...

Delete the current copy of combofix from your desktop.

Redownload Combofix from any of the links below.

Link 1
Link 2

Once downloaded, unplug your internet connection from that computer.

Run Combofix, ignore warnings about prevx, and post the resulting log (C:\Combofix.txt).
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#125 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 16 November 2009 - 06:15 AM

now it does not want to run combofix because it says there is a date error - but my date and time is correct (16/11/2009) so I tried again but it says the same ting - date error

#126 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 16 November 2009 - 06:25 AM

We'll get Dave to shed a bit more light on that later. (What would we all do without him?)

Until then...

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#127 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 16 November 2009 - 06:47 AM

Malwarebytes' Anti-Malware 1.41 Database version: 3178 Windows 5.1.2600 Service Pack 3 16/11/2009 12:47:03 mbam-log-2009-11-16 (12-47-03).txt Scan type: Quick Scan Objects scanned: 136969 Time elapsed: 7 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\diepunkv.dll (Trojan.Hiloti) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: diepunkv.dll -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\diepunkv.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\config\Systemprofile\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\fabi\Application Data\Macromedia\Common\81d6602c1.dll (Hijack.Sound) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\fabi\Desktop\explorer.exe.com (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#128 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 16 November 2009 - 06:50 AM

If you've rebooted, you can jump back on the internet now.

You can use either Internet Explorer or Mozilla FireFox for this scan.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#129 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 16 November 2009 - 08:36 AM

C:\Documents and Settings\fabi\Application Data\driverload.exe a variant of Win32/Injector.AFH trojan C:\Documents and Settings\fabi\Application Data\loader.exe a variant of Win32/Injector.AFH trojan C:\Documents and Settings\fabi\Application Data\rnfiles.exe a variant of Win32/Injector.AFH trojan C:\Documents and Settings\sean.DC59QB2J\Application Data\Macromedia\Common\81d6602c19.exe Win32/Agent.QHS trojan C:\multiAVCHD\tools\process.exe Win32/PrcView application C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\70686633\70686633.exe.vir a variant of Win32/Kryptik.BBZ trojan C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir a variant of Win32/Kryptik.BCX trojan C:\Qoobox\Quarantine\C\WINDOWS\msb.exe.vir a variant of Win32/Kryptik.BCX trojan C:\Qoobox\Quarantine\C\WINDOWS\msc.exe.vir a variant of Win32/Kryptik.BCX trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Win32/Sirefef.A trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.PV trojan C:\_OTL\MovedFiles\11162009_114940\C_\didx.exe a variant of Win32/Kryptik.BAS trojan C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\excom.exe Win32/TrojanDownloader.FakeAlert.ADA trojan C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\gload.exe a variant of Win32/Injector.AFH trojan C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\opdriver.exe a variant of Win32/Injector.AFH trojan C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\sysdrive.exe a variant of Win32/Injector.AFH trojan C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\sysint.exe a variant of Win32/Kryptik.BAV trojan C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\updateset.exe a variant of Win32/Injector.AFH trojan C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\vnsys.exe a variant of Win32/Injector.AFH trojan C:\_OTL\MovedFiles\11162009_114940\C_Program Files\Common Files\openfile.exe a variant of Win32/Injector.AHI trojan

#130 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 16 November 2009 - 09:24 AM

that was the results from the online scanner - here is the log from my C: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=7.00.6000.16915 (vista_gdr.090826-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=99e3fddcb1dce949aa3bc2ab7048b5a7 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-16 02:21:01 # local_time=2009-11-16 02:21:01 (+0000, GMT Standard Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 17951001 17951001 0 0 # compatibility_mode=8192 67108863 100 0 3802 3802 0 0 # scanned=126363 # found=20 # cleaned=0 # scan_time=4816 C:\Documents and Settings\fabi\Application Data\driverload.exe a variant of Win32/Injector.AFH trojan 00000000000000000000000000000000 I C:\Documents and Settings\fabi\Application Data\loader.exe a variant of Win32/Injector.AFH trojan 00000000000000000000000000000000 I C:\Documents and Settings\fabi\Application Data\rnfiles.exe a variant of Win32/Injector.AFH trojan 00000000000000000000000000000000 I C:\Documents and Settings\sean.DC59QB2J\Application Data\Macromedia\Common\81d6602c19.exe Win32/Agent.QHS trojan 00000000000000000000000000000000 I C:\multiAVCHD\tools\process.exe Win32/PrcView application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\70686633\70686633.exe.vir a variant of Win32/Kryptik.BBZ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir a variant of Win32/Kryptik.BCX trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\msb.exe.vir a variant of Win32/Kryptik.BCX trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\msc.exe.vir a variant of Win32/Kryptik.BCX trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Win32/Sirefef.A trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.PV trojan 00000000000000000000000000000000 I C:\_OTL\MovedFiles\11162009_114940\C_\didx.exe a variant of Win32/Kryptik.BAS trojan 00000000000000000000000000000000 I C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\excom.exe Win32/TrojanDownloader.FakeAlert.ADA trojan 00000000000000000000000000000000 I C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\gload.exe a variant of Win32/Injector.AFH trojan 00000000000000000000000000000000 I C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\opdriver.exe a variant of Win32/Injector.AFH trojan 00000000000000000000000000000000 I C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\sysdrive.exe a variant of Win32/Injector.AFH trojan 00000000000000000000000000000000 I C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\sysint.exe a variant of Win32/Kryptik.BAV trojan 00000000000000000000000000000000 I C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\updateset.exe a variant of Win32/Injector.AFH trojan 00000000000000000000000000000000 I C:\_OTL\MovedFiles\11162009_114940\C_Documents and Settings\fabi\Application Data\vnsys.exe a variant of Win32/Injector.AFH trojan 00000000000000000000000000000000 I C:\_OTL\MovedFiles\11162009_114940\C_Program Files\Common Files\openfile.exe a variant of Win32/Injector.AHI trojan 00000000000000000000000000000000 I

    Advertisements

Register to Remove


#131 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 17 November 2009 - 04:17 AM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Files
    C:\Documents and Settings\fabi\Application Data\driverload.exe
    C:\Documents and Settings\fabi\Application Data\loader.exe
    C:\Documents and Settings\fabi\Application Data\rnfiles.exe
    C:\Documents and Settings\sean.DC59QB2J\Application Data\Macromedia\Common\81d6602c19.exe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Please download and install a free anti-virus software from one these excellent vendors (or your preferred vendor) now:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#132 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 17 November 2009 - 04:45 AM

OK, thats done - my computer is running much better now :D I have downloaded avast - does that mean I should not bother with mcafee?

#133 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 17 November 2009 - 04:46 AM

The otl log file said all process's killed - shall I post up the log file?

#134 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 17 November 2009 - 04:49 AM

No need for the log file.

Try this... I want to make sure it works, with the flakey experience we've had with Combofix so far.

The following will implement some cleanup procedures as well as reset System Restore points:

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#135 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 17 November 2009 - 04:56 AM

I copy and pasted 'Combofix /Uninstall' into the run box but ended up with combofix trying to run again (the same old error message) not un-install

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users