Log in

jeannot18 · 1 I have got 2 viruses - need some help on Sun Mar 21, 2010 9:45 am

jeannot18

Member
Member

I have seen a couple of post regarding the first one. I have downloaded Malwarebytes, and other mentioned in the following post:
http://www.helpmyos.com/malware-threat-removal-f6/packeddelfcrypt-infection-t1793.htm?sid=b568bd83bc34f8179687f26c4810c963

Could someone tell me if I should do the same process? Many thanks

JC

DragonMaster Jay · 2 Re: I have got 2 viruses - need some help on Sun Mar 21, 2010 4:33 pm

DragonMaster Jay

Site Owner

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

jeannot18 · 3 Re: I have got 2 viruses - need some help on Sun Mar 21, 2010 5:19 pm

jeannot18

Member
Member

DragonMaster Jay wrote:Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Thanks Jay, I am at work right now but will do it once i get home

JC

jeannot18 · 4 Re: I have got 2 viruses - need some help on Sun Mar 21, 2010 11:49 pm

jeannot18

Member
Member

Hi Jay, here is the log

ComboFix 10-03-21.02 - Owner 22/03/2010 3:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1084 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\020000004ce736bb857C.manifest
c:\documents and settings\Owner\Application Data\020000004ce736bb857O.manifest
c:\documents and settings\Owner\Application Data\020000004ce736bb857P.manifest
c:\documents and settings\Owner\Application Data\020000004ce736bb857S.manifest
c:\documents and settings\Owner\Application Data\SystemProc
c:\documents and settings\Owner\Application Data\SystemProc\lsass.exe
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\GnuHashes.ini
c:\windows\system32\1522948448
c:\windows\system32\cmutil32.dll
c:\windows\system32\COMSNAP32.DLL
c:\windows\system32\d3dim70032.dll
c:\windows\system32\devmgr32.dll
c:\windows\System32\dfrgsnap32.dll
c:\windows\system32\DFRGUI32.DLL
c:\windows\system32\dfshim32.dll
c:\windows\system32\DINPUT32.DLL
c:\windows\system32\DMLOADER32.DLL
c:\windows\system32\dmutil32.dll
c:\windows\system32\dnssd32.dll
c:\windows\system32\drprov32.dll
c:\windows\system32\dxtmsft32.dll
c:\windows\system32\E_FD4BEFE32.dll
c:\windows\system32\eappprxy32.dll
c:\windows\system32\EPPicMgr32.dll
c:\windows\system32\es32.dll
c:\windows\system32\hnetwiz32.dll
c:\windows\system32\ialmgdev32.dll
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\mu850289757v4
c:\windows\system32\SysWoW32\mu850289757v4.kwd
c:\windows\system32\SysWoW32\mu850289757v5
c:\windows\system32\SysWoW32\mu850289757v5.kwd
c:\windows\system32\SysWoW32\mu850289757v6
c:\windows\system32\SysWoW32\mu850289757v6.kwd
c:\windows\system32\SysWoW32\mu850289757v7
c:\windows\system32\SysWoW32\mu850289757v7.kwd
c:\windows\system32\SysWoW32\wu850289757v0
c:\windows\system32\SysWoW32\wu850289757v0.kwd
c:\windows\system32\SysWoW32\wu850289757v1
c:\windows\system32\SysWoW32\wu850289757v1.kwd
c:\windows\system32\SysWoW32\wu850289757v2
c:\windows\system32\SysWoW32\wu850289757v2.kwd
c:\windows\system32\SysWoW32\wu850289757v3
c:\windows\system32\SysWoW32\wu850289757v3.kwd
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-03-22 00:04 . 2010-03-22 00:04 118 ----a-w- C:\autoexec.exe
2010-03-21 13:09 . 2010-03-21 13:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-21 13:09 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 13:09 . 2010-03-21 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-21 13:09 . 2010-03-21 13:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-21 13:09 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 09:24 . 2010-03-17 09:24 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-17 09:24 . 2010-03-17 09:24 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-17 09:24 . 2010-03-17 09:24 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-17 09:24 . 2010-03-17 09:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 14:13 . 2010-03-12 14:13 -------- d-----w- c:\documents and settings\Jenni and Boris\Local Settings\Application Data\Roxio
2010-03-10 22:41 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-23 17:25 . 2010-02-23 17:25 -------- d-----w- c:\program files\iPod
2010-02-23 17:08 . 2010-02-23 17:08 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-21 13:41 . 2010-03-20 09:49 256 ----a-w- c:\windows\system32\pool.bin
2010-02-21 13:41 . 2010-02-21 13:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Research In Motion
2010-02-21 11:41 . 2010-02-21 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-02-21 11:40 . 2009-01-09 16:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-02-21 11:39 . 2010-02-21 11:39 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-02-21 11:39 . 2010-02-21 11:39 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-02-21 11:39 . 2010-02-21 11:39 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-02-21 11:39 . 2010-02-21 11:39 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-02-21 11:39 . 2010-02-21 11:39 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-02-21 11:39 . 2010-02-21 11:39 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-02-21 11:39 . 2010-02-21 11:39 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-02-21 11:39 . 2010-02-21 11:39 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\DesktopMgr.exe
2010-02-21 11:39 . 2010-02-21 11:39 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-02-21 11:39 . 2010-02-21 11:39 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-02-21 11:39 . 2010-02-21 11:39 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-02-21 11:38 . 2010-02-21 11:39 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-02-21 11:38 . 2010-02-21 11:41 -------- d-----w- c:\program files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 13:04 . 2008-11-07 15:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-21 12:52 . 2008-11-07 15:52 -------- d-----w- c:\program files\SpywareBlaster
2010-03-20 10:01 . 2009-10-06 13:39 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-03-20 10:00 . 2010-03-20 10:00 750080 --sha-w- c:\windows\system32\CD.tmp
2010-03-20 10:00 . 2010-03-20 10:00 809984 --sha-w- c:\windows\system32\CC.tmp
2010-03-17 17:04 . 2008-11-07 15:28 34376 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-17 09:24 . 2008-11-07 15:43 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 09:24 . 2008-11-07 15:43 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 09:22 . 2008-11-07 15:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-14 15:03 . 2009-08-15 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-02-23 17:27 . 2009-12-15 11:09 -------- d-----w- c:\program files\iTunes
2010-02-23 17:25 . 2009-12-15 11:04 -------- d-----w- c:\program files\Common Files\Apple
2010-02-21 11:39 . 2010-01-05 13:51 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-02-16 18:10 . 2009-12-30 17:55 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-02-12 10:19 . 2010-02-12 10:19 -------- d-----w- c:\program files\MSECache
2010-02-11 14:01 . 2009-10-28 12:11 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2010-02-03 23:27 . 2010-02-03 23:17 -------- d--h--w- c:\program files\Zero G Registry
2010-02-03 23:27 . 2010-02-03 23:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Plazmic
2010-02-03 23:27 . 2010-02-03 23:18 -------- d-----w- c:\program files\Plazmic CDK 4.7
2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 16:00 . 2009-10-28 10:04 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-22 16:00 . 2009-10-28 09:45 38784 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-08-04 1691648]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-01 623960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ClientManager3.lnk - c:\program files\BUFFALO\Client Manager3\cm3_tray.exe [2008-11-7 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 09:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Plazmic CDK 4.7\\_jvm\\bin\\java.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/12/2009 20:26 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/11/2008 15:43 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/11/2008 15:43 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 09:24 308064]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\CBG54.SYS [01/11/2005 08:13 372480]
.
Contents of the 'Scheduled Tasks' folder

2010-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090923095023
.
- - - - ORPHANS REMOVED - - - -

BHO-{04CAE2A2-A708-4A5C-8BEA-5C16AA1335D5} - c:\windows\System32\dfrgsnap32.dll
HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\Owner\Application Data\SystemProc\lsass.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 03:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = c:\documents and settings\Owner\Application Data\SystemProc\lsass.exe???????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spug.sys hal.dll >>UNKNOWN [0x898CA938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7496cb8
\Driver\atapi -> atapi.sys @ 0xf7849b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: BUFFALO WLI2-PCI-G54S Wireless LAN Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7a37bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7a44a21
SendHandler -> NDIS.sys @ 0xf7a2287b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2616)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-22 03:46:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-22 03:46

Pre-Run: 7,779,545,088 bytes free
Post-Run: 9,453,948,928 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 8BB43959F50811496BCD6F0CE36F4643

I am off to bed now, I wait for you to get back to me, I won't do anything on the computer. Thanks

JC

DragonMaster Jay · 5 Re: I have got 2 viruses - need some help on Mon Mar 22, 2010 12:57 am

DragonMaster Jay

Site Owner

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

jeannot18 · 6 Re: I have got 2 viruses - need some help on Mon Mar 22, 2010 6:01 am

jeannot18

Member
Member

Jay first file (OTL)
OTL logfile created on: 22/03/2010 09:34:37 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 8.83 Gb Free Space | 23.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.52 Gb Total Space | 18.17 Gb Free Space | 24.38% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 1.92 Gb Total Space | 1.10 Gb Free Space | 57.33% Space Free | Partition Type: FAT
Drive H: | 931.28 Gb Total Space | 869.37 Gb Free Space | 93.35% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: JEAN-VSNO3O82TH
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/22 09:30:52 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/03/17 09:24:26 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 09:24:25 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/17 09:24:20 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 09:22:51 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/17 09:22:48 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/08/15 10:26:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/07/01 23:12:46 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/06/04 17:41:22 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 21:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/16 02:53:32 | 000,462,848 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
PRC - [2006/10/19 00:14:38 | 000,471,040 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2004/08/04 20:36:08 | 001,691,648 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

========== Modules (SafeList) ==========

MOD - [2010/03/22 09:30:52 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010/03/17 09:24:20 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/15 10:26:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/04 17:41:22 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/16 02:53:32 | 000,462,848 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe -- (Bwsvc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A2 E2 CA 04 08 A7 5C 4A 8B EA 5C 16 AA 13 35 D5 [binary data]
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2009/10/06 13:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/10/06 13:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/22 03:22:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/22 03:36:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe (BUFFALO INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090923095023 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/16 12:05:34 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/22 00:04:17 | 000,000,118 | ---- | M] () - C:\autoexec.exe -- [ NTFS ]
O32 - AutoRun File - [2009/02/26 14:50:16 | 000,000,050 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/11/07 14:25:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/22 09:33:50 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/03/22 03:13:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/22 03:11:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/22 03:11:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/22 03:11:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/22 03:11:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/22 03:11:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/22 03:05:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/21 13:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/03/21 13:09:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/21 13:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/21 13:09:15 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/21 13:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/20 10:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/17 09:24:25 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/15 16:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/11/05 16:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/11/07 15:42:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/07 15:42:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/07 15:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/22 09:38:06 | 057,487,854 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/22 09:33:43 | 000,066,560 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 09:30:52 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/03/22 09:30:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/22 09:29:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/22 03:53:40 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/03/22 03:53:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/22 03:37:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/22 03:36:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/22 03:16:44 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\5343ed9e
[2010/03/22 03:13:12 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/22 03:11:51 | 000,000,688 | -HS- | M] () -- C:\WINDOWS\System32\950300247
[2010/03/22 03:11:47 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\1760837127
[2010/03/22 03:03:20 | 003,896,616 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/03/22 00:04:17 | 000,000,118 | ---- | M] () -- C:\autoexec.exe
[2010/03/21 13:09:22 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/21 12:55:27 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\38743900
[2010/03/20 09:59:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/20 09:49:33 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/03/20 09:47:47 | 003,212,402 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-03-20)Linda.ipd
[2010/03/17 17:04:45 | 000,034,376 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/17 09:24:29 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/17 09:24:25 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/17 09:24:25 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/17 09:22:51 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/17 08:45:28 | 000,364,955 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Oilhead_Maintenance_2-25-02.pdf
[2010/03/17 08:38:20 | 001,465,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/16 16:49:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/16 16:43:37 | 004,422,377 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\joe pic birthday invite.psd
[2010/03/16 16:03:03 | 004,850,815 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\joe pic birthday invite.jpg
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 11:30:02 | 006,440,838 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\samsung fridge manual.pdf
[2010/03/10 17:16:31 | 003,908,036 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\IMG_0161.jpg
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/22 03:13:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/22 03:13:07 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/22 03:11:43 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/22 03:11:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/22 03:11:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/22 03:11:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/22 03:11:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/22 03:04:23 | 003,896,616 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/03/22 00:04:17 | 000,000,118 | ---- | C] () -- C:\autoexec.exe
[2010/03/21 13:09:22 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/21 12:55:27 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\38743900
[2010/03/20 10:01:48 | 000,000,688 | -HS- | C] () -- C:\WINDOWS\System32\950300247
[2010/03/20 10:01:46 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\1760837127
[2010/03/20 10:00:38 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\5343ed9e
[2010/03/20 09:47:47 | 003,212,402 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Backup-(2010-03-20)Linda.ipd
[2010/03/17 08:45:28 | 000,364,955 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Oilhead_Maintenance_2-25-02.pdf
[2010/03/16 16:05:36 | 004,422,377 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\joe pic birthday invite.psd
[2010/03/16 16:02:50 | 004,850,815 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\joe pic birthday invite.jpg
[2010/03/11 11:30:02 | 006,440,838 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\samsung fridge manual.pdf
[2010/03/10 17:16:26 | 003,908,036 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\IMG_0161.jpg
[2010/02/23 17:47:51 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/02/03 23:27:36 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\net_rim_plazmic_flint_dialog.dll
[2010/01/05 14:25:57 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2009/12/09 20:26:17 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/25 14:01:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/11/25 13:56:42 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini
[2009/11/14 15:58:31 | 000,001,650 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2009/09/16 15:22:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/16 12:06:00 | 000,066,560 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/07 15:31:27 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\bwsvc_event.dll
[2008/02/19 06:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/01/11 13:20:28 | 000,026,096 | ---- | C] () -- C:\WINDOWS\UN800114.INI
[2004/07/13 04:49:02 | 000,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\BFAIFILT.SYS
[2004/05/28 02:43:42 | 000,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\AIFILT.SYS
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini

========== LOP Check ==========

[2009/11/05 18:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/05 18:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/08/18 20:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/11/25 14:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/12/27 20:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2009/02/16 12:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/02/21 11:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/03/21 13:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/25 14:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/12/15 11:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 22:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Any Video Converter
[2009/12/31 18:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/12/20 10:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InfraRecorder
[2010/03/20 10:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/10/28 09:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
[2008/11/07 15:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2010/02/03 23:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Plazmic
[2010/02/21 13:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2010/03/22 00:04:17 | 000,000,118 | ---- | M] () -- C:\autoexec.exe

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-11 00:21:05

< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 20:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/07/16 20:24:25 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2003/07/16 20:24:35 | 000,565,760 | ---- | M] (Microsoft Corporation) MD5=C29EA308913FEC2AF4F977EF718A3574 -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2003/07/16 20:24:45 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2003/07/16 20:24:45 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2003/07/16 20:24:45 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2003/07/16 20:28:04 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2003/07/16 20:28:11 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2003/07/16 20:30:19 | 000,103,936 | ---- | M] (Microsoft Corporation) MD5=C9F9E3E6B59C6D6CBCE7F14494A4518A -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2003/07/16 20:31:42 | 000,930,304 | ---- | M] (Microsoft Corporation) MD5=8F162DC91D67D87C1A481BF602A9DAC8 -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 14:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 13:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2003/07/16 20:37:01 | 000,228,352 | ---- | M] (Microsoft Corporation) MD5=18A8BE5A66B93F9C9615F7D4C148EDE2 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 17:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 17:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 17:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 17:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2003/03/06 10:30:58 | 000,162,432 | ---- | M] (Microsoft Corporation) MD5=09B38768036508B51564201AFB000950 -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2003/07/16 20:38:12 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2003/07/16 20:39:41 | 000,561,920 | ---- | M] (Microsoft Corporation) MD5=E3AE9C79498210A5F39FE5A9AD62BC55 -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2003/07/16 20:39:53 | 000,392,704 | ---- | M] (Microsoft Corporation) MD5=AAC49EF5C84A2EBD7409A51A1B65C542 -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2003/07/16 20:42:11 | 000,045,056 | ---- | M] (Microsoft Corporation) MD5=B2A23CE7706D4B4A7D192761CD3DB3E1 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2003/07/16 20:42:27 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

< MD5 for: SCECLI.DLL >
[2003/07/16 20:43:57 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2003/07/16 20:44:34 | 001,157,632 | ---- | M] (Microsoft Corporation) MD5=2564949DBE5F643F50913BBE45D346E2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2003/07/16 20:46:20 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=9B4155BA58192D4073082B8FC5D42612 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2003/07/16 20:46:33 | 000,158,720 | ---- | M] (Microsoft Corporation) MD5=38E9CFAC7881435764051FD7B1F010FB -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2003/07/16 20:47:02 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TERMSRV.DLL >
[2003/07/16 20:48:01 | 000,200,192 | ---- | M] (Microsoft Corporation) MD5=FE84E045A09A4ABC4DEEF7270448B64E -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2003/07/16 20:49:24 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2003/07/16 20:53:07 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=8529C295DF59B564D37A73B5629162B1 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

jeannot18 · 7 Re: I have got 2 viruses - need some help on Mon Mar 22, 2010 6:02 am

jeannot18

Member
Member

Second file (Extras)

OTL Extras logfile created on: 22/03/2010 09:34:37 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 8.83 Gb Free Space | 23.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.52 Gb Total Space | 18.17 Gb Free Space | 24.38% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 1.92 Gb Total Space | 1.10 Gb Free Space | 57.33% Space Free | Partition Type: FAT
Drive H: | 931.28 Gb Total Space | 869.37 Gb Free Space | 93.35% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: JEAN-VSNO3O82TH
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BUFFALO\Client Manager3\BWSVC\bwsvc.exe" = C:\Program Files\BUFFALO\Client Manager3\BWSVC\bwsvc.exe:*:Enabled:ClientMgr3 -- (BUFFALO INC.)
"C:\Program Files\BUFFALO\Client Manager3\AOSS\aoss.exe" = C:\Program Files\BUFFALO\Client Manager3\AOSS\aoss.exe:*:Enabled:Aoss -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Plazmic CDK 4.7\_jvm\bin\java.exe" = C:\Program Files\Plazmic CDK 4.7\_jvm\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5}" = Roxio Easy Media Creator 7 Basic DVD Edition
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF81A6CC-F27F-2E0C-8B9A-5F6DA8687E0E}" = MrSmooth
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Any Video Converter_is1" = Any Video Converter 2.7.6
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.5
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImTOO MPEG Encoder" = ImTOO MPEG Encoder
"InfraRecorder" = InfraRecorder
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mr Smooth_is1" = Mr Smooth v1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"Plazmic CDK 4.7 for BlackBerry" = Plazmic CDK 4.7 for BlackBerry
"PSP Video 9" = PSP Video 9 5.03
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ReNamer_is1" = ReNamer
"SopCast" = SopCast 3.0.3
"SpywareBlaster_is1" = SpywareBlaster 4.1
"TEFView_is1" = TEFView 2.64
"UN800114" = BUFFALO Client Manager 3
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YouTube Downloader App" = YouTube Downloader App 2.03
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/01/2010 13:25:54 | Computer Name = JEAN-VSNO3O82TH | Source = Application Error | ID = 1000
Description = Faulting application dvdbuilder7.exe, version 7.1.0.136, faulting
module dxtrans.dll, version 8.0.6001.18702, fault address 0x0000a4f1.

Error - 05/01/2010 13:26:04 | Computer Name = JEAN-VSNO3O82TH | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 05/01/2010 13:26:43 | Computer Name = JEAN-VSNO3O82TH | Source = Application Hang | ID = 1002
Description = Hanging application DVDBuilder7.exe, version 7.1.0.136, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/01/2010 13:27:09 | Computer Name = JEAN-VSNO3O82TH | Source = Application Error | ID = 1000
Description = Faulting application dvdbuilder7.exe, version 7.1.0.136, faulting
module dxtrans.dll, version 8.0.6001.18702, fault address 0x0000a4f1.

Error - 05/01/2010 13:34:38 | Computer Name = JEAN-VSNO3O82TH | Source = Application Error | ID = 1000
Description = Faulting application dvdbuilder7.exe, version 7.1.0.136, faulting
module dxtrans.dll, version 8.0.6001.18702, fault address 0x0000a4f1.

Error - 05/01/2010 13:34:49 | Computer Name = JEAN-VSNO3O82TH | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 05/01/2010 13:35:10 | Computer Name = JEAN-VSNO3O82TH | Source = Application Hang | ID = 1002
Description = Hanging application DVDBuilder7.exe, version 7.1.0.136, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/01/2010 15:01:43 | Computer Name = JEAN-VSNO3O82TH | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/01/2010 07:01:12 | Computer Name = JEAN-VSNO3O82TH | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/01/2010 07:01:12 | Computer Name = JEAN-VSNO3O82TH | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 26/01/2010 07:06:39 | Computer Name = JEAN-VSNO3O82TH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 26/01/2010 07:06:45 | Computer Name = JEAN-VSNO3O82TH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 26/01/2010 07:06:52 | Computer Name = JEAN-VSNO3O82TH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 26/01/2010 07:06:58 | Computer Name = JEAN-VSNO3O82TH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 26/01/2010 07:07:05 | Computer Name = JEAN-VSNO3O82TH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 26/01/2010 07:07:12 | Computer Name = JEAN-VSNO3O82TH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 26/01/2010 07:07:18 | Computer Name = JEAN-VSNO3O82TH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/02/2010 10:25:11 | Computer Name = JEAN-VSNO3O82TH | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{399892A5-1B27-4882-A6D7-0E0C90803DD2}
because another computer on the network has the same name. The server could not
start.

Error - 16/02/2010 10:11:47 | Computer Name = JEAN-VSNO3O82TH | Source = DCOM | ID = 10010
Description = The server {855B6281-563C-4462-8C6D-5326CA1D4FE4} did not register
with DCOM within the required timeout.

Error - 17/02/2010 06:57:44 | Computer Name = JEAN-VSNO3O82TH | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.11.5 on
the Network Card with network address 001601E817E8.

< End of report >

Thanks
JC

DragonMaster Jay · 8 Re: I have got 2 viruses - need some help on Mon Mar 22, 2010 3:58 pm

DragonMaster Jay

Site Owner

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:folders
C:\WINDOWS\System32\5343ed9e
C:\WINDOWS\System32\950300247
C:\WINDOWS\System32\1760837127
C:\WINDOWS\System32\38743900

:files
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:commands
[purity]
[emptytemp]
[startexplorer]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

jeannot18 · 9 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 7:05 am

jeannot18

Member
Member

Hi Jay, here is the log

All processes killed
Error: Unable to interpret <:folders> in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
========== FILES ==========
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Jenni and Boris
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 42376 bytes

User: Joe
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Opera cache emptied: 5459085 bytes
->Flash cache emptied: 1224 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Olivia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Opera cache emptied: 7425408 bytes
->Flash cache emptied: 4477 bytes

User: Owner
->Temp folder emptied: 276318867 bytes
->Temporary Internet Files folder emptied: 8677585 bytes
->Java cache emptied: 37870532 bytes
->Opera cache emptied: 35217227 bytes
->Flash cache emptied: 79923 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1126405 bytes
%systemroot%\System32 .tmp files removed: 5430801 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1676 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 182747 bytes

Total Files Cleaned = 361.00 mb

Error: Unable to interpret <[startexplorer]> in the current context!

OTL by OldTimer - Version 3.1.37.3 log created on 03232010_105420

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

DragonMaster Jay · 10 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 1:10 pm

DragonMaster Jay

Site Owner

Please delete these folders:

C:\WINDOWS\System32\5343ed9e
C:\WINDOWS\System32\950300247
C:\WINDOWS\System32\1760837127
C:\WINDOWS\System32\38743900

=======

then let me know how your computer is running.

jeannot18 · 11 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 2:02 pm

jeannot18

Member
Member

DragonMaster Jay wrote:Please delete these folders:

C:\WINDOWS\System32\950300247
=======

then let me know how your computer is running.

BTW thanks very much for the help so far.

The only one I could not find is the one above, deleted the other ones, they are still in the Recycling bin, shall i delete them completely? Thanks.
PC seems ok now but sometimes seems to slow down. I have downloaded the following softwares to get some extra protection. I had already AVG 9.0 for my antivirus, for malware i have now: Malwarebytes, Super Antispyware, Spybot and Ad-aware. Are those decent protection for my pc? or would you recommend others?

EDIT: I think I am still having problems actually, just run Malwarebytes and results of a fast scan shows Trojan.Dropper. Internet wise, If i click on some links it says that it cannot locate remote server, this happens quite a bit

Thanks again
JC

jeannot18 · 12 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 2:20 pm

jeannot18

Member
Member

Jay, this was the log from MBAM

Malwarebytes' Anti-Malware 1.44
Database version: 3890
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/03/2010 18:18:56
mbam-log-2010-03-23 (18-18-56).txt

Scan type: Quick Scan
Objects scanned: 156879
Time elapsed: 13 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\autoexec.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

DragonMaster Jay · 13 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 4:31 pm

DragonMaster Jay

Site Owner

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results, click Yes to the Optional_Scan
Please follow the instructions that pop up for posting the results. Post only the contents of both logs. There is no way to attach.
Close the program window, and delete the program from your Desktop.

jeannot18 · 14 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 5:34 pm

jeannot18

Member
Member

Hi again Jay, this is the Attach report

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 07/11/2008 14:38:44
System Uptime: 23/03/2010 21:24:13 (0 hours ago)

Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.60GHz | Microprocessor | 2591/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 8.262 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 75 GiB total, 18.171 GiB free.
F: is CDROM ()
G: is Removable
H: is FIXED (FAT32) - 931 GiB total, 869.371 GiB free.
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Service:

==== System Restore Points ===================

RP158: 02/01/2010 16:08:41 - System Checkpoint
RP159: 03/01/2010 16:37:04 - System Checkpoint
RP160: 05/01/2010 13:49:06 - Installed Roxio Easy Media Creator 7 Basic DVD Edition
RP161: 06/01/2010 16:26:54 - System Checkpoint
RP162: 06/01/2010 20:48:00 - Software Distribution Service 3.0
RP163: 07/01/2010 21:05:19 - System Checkpoint
RP164: 09/01/2010 13:28:26 - System Checkpoint
RP165: 11/01/2010 13:06:08 - System Checkpoint
RP166: 12/01/2010 13:35:21 - System Checkpoint
RP167: 13/01/2010 14:58:01 - System Checkpoint
RP168: 13/01/2010 19:15:09 - Installed Microsoft Works 6-9 Converter
RP169: 13/01/2010 21:03:18 - Software Distribution Service 3.0
RP170: 15/01/2010 15:01:44 - System Checkpoint
RP171: 18/01/2010 10:50:21 - Avg8 Update
RP172: 19/01/2010 12:39:05 - System Checkpoint
RP173: 20/01/2010 12:45:06 - System Checkpoint
RP174: 21/01/2010 13:14:36 - System Checkpoint
RP175: 22/01/2010 14:25:29 - System Checkpoint
RP176: 22/01/2010 15:57:03 - Software Distribution Service 3.0
RP177: 24/01/2010 11:22:48 - System Checkpoint
RP178: 26/01/2010 11:41:29 - System Checkpoint
RP179: 26/01/2010 18:19:00 - Avg8 Update
RP180: 27/01/2010 18:21:40 - System Checkpoint
RP181: 28/01/2010 19:46:35 - System Checkpoint
RP182: 30/01/2010 21:33:56 - System Checkpoint
RP183: 31/01/2010 22:15:21 - System Checkpoint
RP184: 02/02/2010 10:47:31 - System Checkpoint
RP185: 03/02/2010 10:50:59 - System Checkpoint
RP186: 04/02/2010 12:36:31 - System Checkpoint
RP187: 05/02/2010 13:46:57 - System Checkpoint
RP188: 06/02/2010 15:48:47 - System Checkpoint
RP189: 07/02/2010 16:00:08 - System Checkpoint
RP190: 09/02/2010 13:56:46 - System Checkpoint
RP191: 10/02/2010 15:15:53 - System Checkpoint
RP192: 10/02/2010 20:52:11 - Software Distribution Service 3.0
RP193: 12/02/2010 10:19:24 - Installed Compatibility Pack for the 2007 Office system
RP194: 13/02/2010 10:53:05 - System Checkpoint
RP195: 14/02/2010 11:07:52 - System Checkpoint
RP196: 15/02/2010 11:35:34 - System Checkpoint
RP197: 16/02/2010 15:10:31 - System Checkpoint
RP198: 17/02/2010 15:29:06 - System Checkpoint
RP199: 18/02/2010 16:22:26 - System Checkpoint
RP200: 20/02/2010 15:19:44 - System Checkpoint
RP201: 21/02/2010 11:38:06 - Installed BlackBerry Desktop Software 5.0.
RP202: 22/02/2010 12:00:59 - System Checkpoint
RP203: 23/02/2010 13:07:57 - System Checkpoint
RP204: 24/02/2010 03:00:27 - Software Distribution Service 3.0
RP205: 25/02/2010 16:43:25 - System Checkpoint
RP206: 28/02/2010 12:31:28 - System Checkpoint
RP207: 01/03/2010 15:39:42 - System Checkpoint
RP208: 02/03/2010 16:19:50 - System Checkpoint
RP209: 03/03/2010 17:46:59 - System Checkpoint
RP210: 04/03/2010 18:37:19 - System Checkpoint
RP211: 05/03/2010 19:37:17 - System Checkpoint
RP212: 07/03/2010 11:10:52 - System Checkpoint
RP213: 08/03/2010 14:07:13 - System Checkpoint
RP214: 09/03/2010 14:45:39 - System Checkpoint
RP215: 10/03/2010 19:47:14 - System Checkpoint
RP216: 11/03/2010 00:17:19 - Software Distribution Service 3.0
RP217: 12/03/2010 09:30:40 - System Checkpoint
RP218: 14/03/2010 12:39:13 - System Checkpoint
RP219: 15/03/2010 15:16:01 - System Checkpoint
RP220: 16/03/2010 16:59:41 - System Checkpoint
RP221: 17/03/2010 09:21:59 - Avg8 Update
RP222: 17/03/2010 09:24:42 - Avg Update
RP223: 18/03/2010 09:59:21 - System Checkpoint
RP224: 20/03/2010 10:34:56 - System Checkpoint
RP225: 21/03/2010 11:04:55 - System Checkpoint
RP226: 22/03/2010 11:34:16 - System Checkpoint
RP227: 23/03/2010 12:05:36 - System Checkpoint

==== Installed Programs ======================

3ivx MPEG-4 5.0.3 (remove only)
ABBYY FineReader 6.0 Sprint
Active@ ISO Burner
Ad-Aware
Ad-Aware Email Scanner for Outlook
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Any Video Converter 2.7.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
AviSynth 2.5
BlackBerry Desktop Software 5.0
BlackBerry® Media Sync
Bonjour
BUFFALO Client Manager 3
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compatibility Pack for the 2007 Office system
Dell ResourceCD
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Stylus SX200 Series Printer Uninstall
EPSON Stylus SX200_SX400_TX200_TX400 Manual
EPSON Web-To-Page
FlipShare
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
ImTOO MPEG Encoder
InfraRecorder
Intel(R) Extreme Graphics Driver
iTunes
Java(TM) 6 Update 17
LimeWire 5.1.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Standard
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
Microsoft XML Parser
Mr Smooth v1.0
MrSmooth
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Plugin 1.0
Opera 10.10
PDF Settings
Plazmic CDK 4.7 for BlackBerry
PSP Video 9 5.03
QuickTime
ReNamer
Roxio Easy Media Creator 7 Basic DVD Edition
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SopCast 3.0.3
Spybot - Search & Destroy
SpywareBlaster 4.2
TEFView 2.64
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
YouTube Downloader App 2.03

==== Event Viewer Messages From Past Week ========

23/03/2010 18:23:16, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
23/03/2010 10:54:28, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
23/03/2010 10:54:28, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
23/03/2010 10:54:28, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
23/03/2010 10:54:28, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
23/03/2010 10:54:27, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
23/03/2010 10:54:27, error: Service Control Manager [7034] - The Bwsvc service terminated unexpectedly. It has done this 1 time(s).
23/03/2010 10:54:27, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
23/03/2010 10:54:27, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
23/03/2010 10:54:27, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
23/03/2010 10:54:27, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================
And this is the DDS report

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 21:30:02.42 on 23/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.704 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090923095023
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-22 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-7 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-7 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-7 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1263728]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\CBG54.SYS [2005-11-1 372480]

=============== Created Last 30 ================

2010-03-23 17:20:02 5120 --sha-w- c:\windows\system32\Thumbs.db
2010-03-23 10:54:20 0 d-----w- C:\_OTL
2010-03-22 20:47:57 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-22 15:38:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-22 15:38:41 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-22 15:35:58 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-22 15:35:17 0 d-----w- c:\program files\Lavasoft
2010-03-22 15:24:22 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-22 15:24:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-22 15:16:25 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-03-22 03:13:02 0 d-sha-r- C:\cmdcons
2010-03-22 03:11:43 98816 ----a-w- c:\windows\sed.exe
2010-03-22 03:11:43 77312 ----a-w- c:\windows\MBR.exe
2010-03-22 03:11:43 261632 ----a-w- c:\windows\PEV.exe
2010-03-22 03:11:43 161792 ----a-w- c:\windows\SWREG.exe
2010-03-21 13:09:25 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-03-21 13:09:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 13:09:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-21 13:09:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-21 13:09:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-20 10:01:48 688 --sha-w- c:\windows\system32\950300247
2010-03-17 09:24:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 22:41:40 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-23 17:47:51 29 ----a-w- c:\windows\DEBUGSM.INI
2010-02-23 17:25:46 0 d-----w- c:\program files\iPod

==================== Find3M ====================

2010-03-17 09:24:29 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 09:22:51 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

============= FINISH: 21:31:27.60 ===============

DragonMaster Jay · 15 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 10:23 pm

DragonMaster Jay

Site Owner

Please go to Start > Run and type in CMD and click OK.

Type in this exactly and hit enter after each line:

del c:\windows\system32\950300247
if exist "c:\windows\system32\950300247" echo Found!

=======

Then, post back here and let me know if it said Found!

====================

There are some programs on your system that are potentially harmful that are your option to remove.

I see you are running LimeWire. I suggest to read the following, and then decided whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm

These programs distribute malware:
ImTOO MPEG Encoder
SopCast 3.0.3

I recommend to remove those programs via Control Panel > Add or Remove Programs.

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==========

Let me know which programs you removed, please. Also, tell me if Command Prompt responded with Found!

Ad Bot

Ad Bot

1 I have got 2 viruses - need some help on Sun Mar 21, 2010 9:45 am

jeannot18

2 Re: I have got 2 viruses - need some help on Sun Mar 21, 2010 4:33 pm

DragonMaster Jay

3 Re: I have got 2 viruses - need some help on Sun Mar 21, 2010 5:19 pm

jeannot18

4 Re: I have got 2 viruses - need some help on Sun Mar 21, 2010 11:49 pm

jeannot18

5 Re: I have got 2 viruses - need some help on Mon Mar 22, 2010 12:57 am

DragonMaster Jay

6 Re: I have got 2 viruses - need some help on Mon Mar 22, 2010 6:01 am

jeannot18

7 Re: I have got 2 viruses - need some help on Mon Mar 22, 2010 6:02 am

jeannot18

8 Re: I have got 2 viruses - need some help on Mon Mar 22, 2010 3:58 pm

DragonMaster Jay

9 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 7:05 am

jeannot18

10 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 1:10 pm

DragonMaster Jay

11 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 2:02 pm

jeannot18

12 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 2:20 pm

jeannot18

13 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 4:31 pm

DragonMaster Jay

14 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 5:34 pm

jeannot18

15 Re: I have got 2 viruses - need some help on Tue Mar 23, 2010 10:23 pm

DragonMaster Jay

Ad Bot

Log in