WiredWX Hobby Weather ToolsLog in

 


Infected with Antivirus Soft

3 posters

descriptionInfected with Antivirus Soft EmptyInfected with Antivirus Soft

more_horiz
Hi last night my computer got infected with the antivirus soft virus and I tried to run avast and it would run but not do anything to clean the infection, I tried to run malwarebytes but it wouldn't let it run, and i tried to run hijackthis but it would not let it run fully I could get it running but then the virus would close it before it could finish. Please help I'm a big gamer and my computer means a lot, thanks for any help.

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
When I try it says "Application cannot be executed. The file (file name) is infected. Do you want to activate your antivirus software now?", just like the other anti-virus programs.

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
Rename OTL.exe as iexplore.exe & run it.

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
Okay it worked


OTL logfile created on: 1/31/2010 9:50:23 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 15.38 Gb Free Space | 22.21% Space Free | Partition Type: NTFS
Drive D: | 659.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOEY-6F5C874A00
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 20:01:37 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\iexplore.exe
PRC - [2010/01/21 14:45:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/05 20:00:27 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 17:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/20 20:32:14 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/11/07 15:40:52 | 017,421,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/05/26 21:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/15 14:59:14 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
PRC - [2007/09/12 10:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
PRC - [2007/08/16 16:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe
PRC - [2007/06/05 09:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe
PRC - [2006/11/27 15:44:48 | 000,135,221 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/11/27 15:44:26 | 000,065,593 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/13 14:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2010/01/31 20:01:37 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\iexplore.exe
MOD - [2009/11/21 09:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2008/04/14 06:00:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/21 14:45:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/20 20:32:14 | 000,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2006/11/27 15:44:48 | 000,135,221 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/11/27 15:44:26 | 000,065,593 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/13 14:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 17:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 17:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 17:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 17:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 17:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 17:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/20 20:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/03 07:56:07 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2009/05/13 15:56:18 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/11/11 16:21:52 | 004,946,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/14 06:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 06:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/08/08 10:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2004/02/25 22:27:04 | 000,038,904 | ---- | M] (Razer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\razerusb.sys -- (razerusb)
DRV - [2001/08/17 11:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========



FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/05 20:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/21 14:45:08 | 000,000,000 | ---D | M]

[2009/08/05 09:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/01/22 17:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f094zcze.default\extensions
[2010/01/28 18:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [razertra] C:\Program Files\Razer\razertra.exe (Razer Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ugvchtxa] C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco\rllmsysguard.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 69.1.30.43 69.1.30.42
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 16:06:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/02/05 11:15:22 | 000,000,022 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/29 19:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/29 18:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/01/29 18:24:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/29 18:24:42 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/29 18:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/29 18:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/29 17:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco
[2010/01/29 17:37:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/01/21 22:19:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/21 22:18:22 | 000,069,632 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/01/21 22:18:20 | 011,374,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/01/21 14:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/01/21 14:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/01/21 14:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/01/21 14:45:08 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/21 14:45:08 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/21 14:45:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/21 14:45:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/21 14:45:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/21 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/21 14:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2010/01/21 14:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2010/01/19 14:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/01/19 14:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AOL
[2010/01/19 14:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AIM
[2010/01/19 14:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/01/19 14:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/01/19 14:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/01/19 14:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/01/16 17:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DivX
[2009/09/04 13:39:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/27 09:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/23 15:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/31 16:08:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/31 16:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/31 21:49:55 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/01/31 21:48:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/31 21:48:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/31 20:04:34 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/01/31 19:58:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/29 19:32:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/01/29 18:24:45 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/29 18:01:01 | 000,016,504 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/29 10:35:02 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/01/29 02:18:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/28 10:09:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/23 19:30:16 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CoreTemp.ini
[2010/01/23 17:25:16 | 003,466,752 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Combat_1.4.4.xls
[2010/01/23 11:50:50 | 000,000,011 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Plugins.ini
[2010/01/23 01:27:26 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 09:49:08 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/21 22:14:44 | 001,735,680 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mutilate_1.3.2.xls
[2010/01/21 14:47:40 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2010/01/21 14:46:23 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2010/01/21 14:44:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/21 14:44:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/21 14:44:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/21 14:44:59 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/21 14:44:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/21 01:43:22 | 004,812,614 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/01/19 14:16:50 | 000,000,460 | -H-- | M] () -- C:\IPH.PH
[2010/01/19 14:16:43 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/01/13 03:01:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/29 19:28:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/01/29 18:24:45 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 13:33:58 | 003,466,752 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Combat_1.4.4.xls
[2010/01/23 11:50:50 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Plugins.ini
[2010/01/23 11:50:49 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CoreTemp.ini
[2010/01/23 03:46:15 | 000,378,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Core Temp.exe
[2010/01/21 22:18:22 | 000,008,743 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/01/21 14:49:10 | 001,735,680 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Mutilate_1.3.2.xls
[2010/01/21 14:47:40 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2010/01/21 14:46:23 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2010/01/19 14:16:43 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/01/19 14:16:27 | 000,000,460 | -H-- | C] () -- C:\IPH.PH
[2009/08/23 19:42:15 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/05 17:50:11 | 000,206,557 | ---- | C] () -- C:\Program Files\g13.jpg
[2009/08/05 17:30:52 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/14 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >



-------------





OTL Extras logfile created on: 1/31/2010 9:50:23 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 15.38 Gb Free Space | 22.21% Space Free | Partition Type: NTFS
Drive D: | 659.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOEY-6F5C874A00
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Steam\steamapps\rivertam337\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\rivertam337\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- File not found
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- File not found
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Steam\steamapps\rivertam337\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\rivertam337\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{85C6CE1E-2A22-4C5A-A8A1-9DBFBEA81DE1}" = Razer
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"avast!" = avast! Antivirus
"D44822B3621EFD220D3A7DDA72DE5A4B6476748F" = Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Station Launcher" = Station Launcher
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"VLC media player" = VLC media player 1.0.2
"Warcraft III" = Warcraft III
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/9/2009 11:53:36 AM | Computer Name = JOEY-6F5C874A00 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
https://www.youtube.com/get_video_info?&video_id=sFVjyEfp7nY&el=embedded&ps=default&eurl=http%3A%2F%2Fwww%2Emmo%2Dchampion%2Ecom%2F&hl=en
failed, 0000A413.

[ Application Events ]
Error - 1/15/2010 2:06:11 AM | Computer Name = JOEY-6F5C874A00 | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module datacache.dll,
version 0.0.0.0, fault address 0x0000b423.

[ System Events ]
Error - 1/10/2010 4:36:44 PM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/10/2010 4:41:29 PM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/10/2010 5:56:36 PM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/21/2010 7:05:41 PM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/21/2010 7:27:40 PM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/26/2010 1:02:21 AM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/26/2010 1:10:36 AM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/26/2010 1:35:12 AM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/26/2010 2:06:01 AM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/26/2010 2:06:50 AM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).


< End of report >

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
The virus seems to be just gone, it doesn't stop me from opening hijackthis.exe or Malewarebytes' Anti-Malware.exe like it used to and it doesn't close the add or remove programs application in the control panel. Could the virus just be gone or does the OldTimer clean viruses too?

EDIT: While I was posting this the Malewarebytes' Anti-Maleware was finishing, and it found a registry error so I told it to fix selected.

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2007/10/15 14:59:14 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
    PRC - [2007/09/12 10:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
    O4 - HKLM..\Run: [razertra] C:\Program Files\Razer\razertra.exe (Razer Inc.)
    O4 - HKCU..\Run: [ugvchtxa] C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco\rllmsysguard.exe File not found
    O32 - AutoRun File - [2003/02/05 11:15:22 | 000,000,022 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    [2010/01/29 17:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco

    :files
    C:\Program Files\Razer\razertra.exe
    C:\Program Files\Razer\Lachesis\razerhid.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Last edited by Belahzur on 2nd February 2010, 8:21 pm; edited 1 time in total

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
The first time I tried, I copied from :OTL through razerhid.exe and OTL stopped responding then about a minute later a blue screen popped up and said "A problem has been detected and windows has been shut down to prevent damage to your computer" and when I copied from PRC through razerhid.exe it worked and the log is

Code:

Error: Unable to interpret <PRC - [2007/10/15 14:59:14 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe> in the current context!
Error: Unable to interpret <PRC - [2007/09/12 10:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" => in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [razertra] C:\Program Files\Razer\razertra.exe (Razer Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [ugvchtxa] C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco\rllmsysguard.exe File not found> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2003/02/05 11:15:22 | 000,000,022 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]> in the current context!
Error: Unable to interpret <[2010/01/29 17:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco> in the current context!
========== FILES ==========
C:\Program Files\Razer\razertra.exe moved successfully.
C:\Program Files\Razer\Lachesis\razerhid.exe moved successfully.
 
OTL by OldTimer - Version 3.1.27.1 log created on 02012010_142541

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
Hello.
When it ran that time, did you miss :OTL as the top line?

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
Belahzur wrote:
Hello.
When it ran that time, did you miss :OTL as the top line?

Yes, when I tried it as the top line it stopped responding and I assume that if i let it stay not responding it would go into the blue screen again.

EDIT: I tried again to make it work, OTL stopped responding again so i exited it and after a few minutes I got another blue screen saying what it did before same "Technical Information" and everything. OTL seems to stop right around the proxyoverride or proxysever.

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
Okay, I have edited my post that contains my script and removed the proxy part, we'll deal with that later.

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
Okay it worked, and the log is:

Code:

========== OTL ==========
No active process named razertra.exe was found!
No active process named razerhid.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
C:\WINDOWS\ALCMTR.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Lachesis deleted successfully.
File C:\Program Files\Razer\Lachesis\razerhid.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\razertra deleted successfully.
File C:\Program Files\Razer\razertra.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ugvchtxa not found.
File D:\AUTORUN.INF not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Razer\razertra.exe not found.
File\Folder C:\Program Files\Razer\Lachesis\razerhid.exe not found.
 
OTL by OldTimer - Version 3.1.27.1 log created on 02022010_163350

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
Bump

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Infected with Antivirus Soft CF_download_FF

    Infected with Antivirus Soft CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Infected with Antivirus Soft Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Infected with Antivirus Soft Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
The first time I loaded it I went afk after combofix started the scan and came back to a blue screen with "DRIVER_IRQL_NOT_LESS_OR_EQUAL" (and I did not click any during the scan) but when I restarted and ran it again it worked and the log is

Code:

ComboFix 10-02-04.03 - Owner 02/04/2010  18:17:31.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1543 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1368 [VPS 100204-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\driver

.
(((((((((((((((((((((((((  Files Created from 2010-01-05 to 2010-02-05  )))))))))))))))))))))))))))))))
.

2010-02-01 20:13 . 2010-02-01 20:13   --------   d-----w-   C:\_OTL
2010-01-30 01:28 . 2010-01-30 01:28   --------   d-----w-   c:\program files\Trend Micro
2010-01-30 00:24 . 2010-01-30 00:24   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
2010-01-30 00:24 . 2010-01-07 22:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 00:24 . 2010-01-30 00:24   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-30 00:24 . 2010-01-30 00:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 00:24 . 2010-01-07 22:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-29 23:37 . 2010-01-29 23:37   --------   d-----w-   c:\windows\Sun
2010-01-22 04:18 . 2009-11-21 02:34   69632   ----a-w-   c:\windows\system32\OpenCL.dll
2010-01-22 04:18 . 2009-11-21 02:34   11374592   ----a-w-   c:\windows\system32\nvcompiler.dll
2010-01-21 20:47 . 2010-02-04 00:52   1   ----a-w-   c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-21 20:47 . 2010-01-21 20:47   --------   d-----w-   c:\documents and settings\Owner\Application Data\OpenOffice.org
2010-01-21 20:45 . 2010-01-21 20:45   --------   d-----w-   c:\program files\JRE
2010-01-21 20:45 . 2010-01-21 20:45   --------   d-----w-   c:\program files\OpenOffice.org 3
2010-01-21 20:45 . 2010-01-21 20:44   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-01-21 20:44 . 2010-01-21 20:44   --------   d-----w-   c:\program files\Java
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\documents and settings\Owner\Application Data\acccore
2010-01-19 20:16 . 2010-01-19 20:18   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AIM
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AOL
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\AIM
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\program files\AIM
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\program files\Common Files\Software Update Utility
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\program files\Common Files\AOL
2010-01-16 23:10 . 2010-01-16 23:10   --------   d-----w-   c:\documents and settings\Owner\Application Data\DivX

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 23:45 . 2009-09-28 21:12   --------   d-----w-   c:\program files\World of Warcraft
2010-02-01 20:25 . 2009-08-05 23:20   --------   d-----w-   c:\program files\Razer
2010-01-30 00:01 . 2009-08-23 22:07   16504   ----a-w-   c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 23:37 . 2009-08-05 18:40   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-01-23 07:26 . 2009-10-13 14:55   --------   d-----w-   c:\documents and settings\Owner\Application Data\vlc
2010-01-22 04:19 . 2009-08-03 14:00   --------   d-----w-   c:\program files\NVIDIA Corporation
2010-01-22 04:19 . 2009-08-03 14:31   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-01-22 04:19 . 2009-08-03 14:31   --------   d-----w-   c:\program files\AGEIA Technologies
2010-01-16 01:13 . 2009-08-04 18:30   --------   d-----w-   c:\program files\WoW
2010-01-15 05:40 . 2009-08-05 17:57   --------   d-----w-   c:\program files\Steam
2009-12-21 19:14 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-12-17 00:27 . 2009-12-17 00:12   --------   d-----w-   c:\documents and settings\Owner\Application Data\GetRightToGo
2009-11-24 23:54 . 2009-12-22 16:31   1280480   ----a-w-   c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-12-22 16:32   93424   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-12-22 16:32   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-12-22 16:32   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-12-22 16:32   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-12-22 16:32   48560   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-12-22 16:32   23120   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-12-22 16:32   27408   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-12-22 16:32   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2008-04-14 12:00   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
2009-11-21 02:34 . 2009-08-03 14:30   592488   ----a-w-   c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2009-08-03 14:30   2259560   ----a-w-   c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2009-08-03 14:30   1989224   ----a-w-   c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34 . 2009-08-03 14:30   13602816   ----a-w-   c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2009-08-03 14:30   10235968   ----a-w-   c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 02:34 . 2009-08-03 14:30   6282752   ----a-w-   c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2009-08-03 14:30   4038656   ----a-w-   c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2009-08-03 14:30   2293286   ----a-w-   c:\windows\system32\nvdata.bin
2009-11-21 02:34 . 2009-08-03 14:30   182888   ----a-w-   c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2009-08-03 14:30   182888   ----a-w-   c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2009-08-03 14:30   1056768   ----a-w-   c:\windows\system32\nvapi.dll
2009-11-21 02:32 . 2009-11-21 02:32   278120   ----a-w-   c:\windows\system32\nvmccs.dll
2009-11-21 02:32 . 2009-11-21 02:32   154216   ----a-w-   c:\windows\system32\nvsvc32.exe
2009-11-21 02:32 . 2009-11-21 02:32   145000   ----a-w-   c:\windows\system32\nvcolor.exe
2009-11-21 02:32 . 2009-11-21 02:32   12669544   ----a-w-   c:\windows\system32\nvcpl.dll
2009-11-21 02:32 . 2009-11-21 02:32   110184   ----a-w-   c:\windows\system32\nvmctray.dll
2009-11-21 02:32 . 2009-11-21 02:32   81920   ----a-w-   c:\windows\system32\nvwddi.dll
2009-11-20 03:42 . 2009-08-03 13:56   592488   ----a-w-   c:\windows\system32\NVUNINST.EXE
2009-08-05 23:50 . 2009-08-05 23:50   206557   ----a-w-   c:\program files\g13.jpg
2009-05-13 21:55 . 2009-05-13 21:55   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 17421824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\rivertam337\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\rivertam337\\counter-strike\\hl.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/22/2009 10:32 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/22/2009 10:32 AM 20560]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [8/9/2009 4:55 PM 12032]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [8/3/2009 7:50 AM 20160]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f094zcze.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-{CB4532F7-A1BD-46D2-9938-3E7D4656FB18} - c:\program files\InstallShield Installation Information\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 18:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ... 

scanning hȋdden autostart entries ...

scanning hȋdden files ... 

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-04  18:20:34
ComboFix-quarantined-files.txt  2010-02-05 00:20

Pre-Run: 16,652,570,624 bytes free
Post-Run: 16,615,489,536 bytes free

- - End Of File - - F61CF46E7064F01E19E6E6078B91B838

descriptionInfected with Antivirus Soft EmptyRe: Infected with Antivirus Soft

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum