Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

garda virus, How can i tell if it's all gone

Options
  • 19-10-2012 2:29pm
    #1
    carrigy
    Closed Accounts Posts: 42


    I got the Garda virus this morning. Didnt even know what it was until i googled it. It was just a screen i couldnt get out of all in the irish language.
    Anyway I googled how to get rid of it. Found a removal guide.
    I went into safe mode
    downloaded and ran Rkill,( supposed to stop all malware process that are running so you can remove them with anti malware software)
    ran Mbam (which found the virus and deleted it apparently)
    restarted the computer but it was still there.

    Then i remembered i got another stubborn virus that lodged itself in the system restore, so i
    ran msconfig and stopped all startup programs
    stopped the system restore( deleting all restore points in the process), ran Mbam again, removed the virus again.
    restarted the system normally and the screen is gone and Mbam cant find the virus anymore.
    I assume its gone but i'm not sure. I re-enabled the system restore anyway.

    So does that mean its actually gone, or is it still there but I cant find it anymore. The garda screen doesn't come back up anymore.


Comments

  • Options
    #2
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    it's still there



    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Options
    #3
    carrigy
    Closed Accounts Posts: 42 carrigy


    OTL logfile created on: 19/10/2012 16:34:10 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop\OTL
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1022.48 Mb Total Physical Memory | 632.18 Mb Available Physical Memory | 61.83% Memory free
    2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.43% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 48.83 Gb Total Space | 28.38 Gb Free Space | 58.13% Space Free | Partition Type: NTFS
    Drive D: | 249.25 Gb Total Space | 241.60 Gb Free Space | 96.93% Space Free | Partition Type: NTFS

    Computer Name: CARRS-6BAF887BF | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/19 16:32:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\desktop\OTL\OTL.exe
    PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/03/14 05:07:58 | 012,761,392 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/18 00:06:44 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll
    MOD - [2012/03/01 00:58:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
    MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2012/10/09 20:37:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/08/01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2012/03/01 00:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/05/28 21:24:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
    SRV - [2011/05/28 21:24:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [File_System | Auto | Stopped] -- -- (StarOpen)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
    DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F2BA62B-F74D-4205-B0A5-59E21DA1E5B3}\MpKsldedb41dd.sys -- (MpKsldedb41dd)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (at5fwp1u)
    DRV - [2012/06/27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2012/04/24 12:40:03 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2012/03/21 21:52:55 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2011/10/02 14:30:42 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV - [2011/09/21 10:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
    DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
    DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/07/12 22:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    IE - HKCU\..\SearchScopes,DefaultScope = {6ED63527-AB7D-42BE-A571-D693074DB792}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6ED63527-AB7D-42BE-A571-D693074DB792}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKCU\..\SearchScopes\{BCBFEAD7-F260-4ADF-9CE7-65648006DBB4}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?crg=3.1010000.10001"
    FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
    FF - prefs.js..extensions.enabledAddons: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.32.1
    FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll File not found
    FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/22 00:00:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/26 14:12:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/01 21:33:18 | 000,000,000 | ---D | M]

    [2012/03/26 14:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
    [2012/06/18 20:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\sgvdtvp7.default\extensions
    [2012/03/26 14:09:08 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\sgvdtvp7.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    [2012/03/26 14:12:36 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\sgvdtvp7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2012/03/26 14:19:30 | 000,634,964 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\sgvdtvp7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/06/18 20:23:42 | 000,172,310 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\sgvdtvp7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
    [2012/06/18 20:23:43 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\sgvdtvp7.default\searchplugins\sweetim.xml
    [2012/03/26 15:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/03/26 15:18:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2012/06/21 23:02:15 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
    [2011/12/22 00:00:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2012/03/26 15:18:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/03/26 14:12:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/01/12 09:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
    [2012/03/26 15:18:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/03/26 14:12:14 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/03/26 14:12:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/03/26 14:12:14 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/03/26 14:12:14 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/03/26 14:12:14 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Downloaders plugin (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\npdmb.dll
    CHR - plugin: Download Helper (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\plugin/download_helper.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AdBlock = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
    CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
    CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
    CHR - Extension: Downloaders = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
    CHR - Extension: Download Assistant = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\
    CHR - Extension: Google Mail Checker = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AdBlock = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
    CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
    CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
    CHR - Extension: Downloaders = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
    CHR - Extension: Download Assistant = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\
    CHR - Extension: Google Mail Checker = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/04/17 21:00:35 | 000,442,579 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15209 more lines...
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\user\Application Data\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
    O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
    O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342143375742 (MUWebControl Class)
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://mabiui.nexoneu.com:88/renderer/mabiweb.2010.5.24.cab (MabinogiWebAvatarRenderer Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59A1464D-A948-49D9-B2C8-053C08DEFDDD}: DhcpNameServer = 8.8.8.8 8.8.4.4
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/07/28 22:44:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/19 16:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\OTL
    [2012/10/19 13:24:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/10/19 12:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/10/19 12:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
    [2012/10/19 12:39:54 | 000,203,120 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\PCTSD.sys
    [2012/10/19 12:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012/10/19 12:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2012/10/19 12:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TestApp
    [2012/10/19 12:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2012/10/19 12:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2012/10/19 12:24:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
    [2012/10/19 11:37:45 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\user\Desktop\rkill.exe
    [2012/10/01 21:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Nokia
    [2012/10/01 21:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\PC Suite
    [2012/10/01 21:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2012/10/01 21:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia
    [2012/10/01 21:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
    [2012/10/01 21:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2012/10/01 21:39:32 | 000,019,072 | ---- | C] (Nokia) -- C:\windows\System32\drivers\pccsmcfd.sys
    [2012/10/01 21:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
    [2012/10/01 21:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
    [2012/10/01 21:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
    [2012/09/28 12:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\FlashGet3.7
    [2012/09/28 12:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\BITS
    [2012/09/28 12:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FlashgetSetup
    [2012/09/28 12:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FlashGetBHO
    [2012/09/28 12:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network
    [2012/09/28 12:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FlashGet
    [2011/09/14 19:34:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\user\Application Data\pcouffin.sys
    [5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/19 16:31:27 | 000,481,634 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2012/10/19 16:31:27 | 000,079,708 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2012/10/19 16:31:15 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/10/19 16:28:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/19 16:27:15 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/19 16:27:12 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/10/19 16:27:10 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/19 15:02:00 | 000,000,426 | -H-- | M] () -- C:\windows\tasks\Windows Driver Foundation.job
    [2012/10/19 14:28:06 | 000,000,384 | -H-- | M] () -- C:\windows\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/10/19 12:56:38 | 000,013,646 | ---- | M] () -- C:\windows\System32\wpa.dbl
    [2012/10/19 12:48:02 | 000,001,324 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
    [2012/10/19 12:23:53 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/10/19 11:41:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/19 11:37:49 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\user\Desktop\rkill.exe
    [2012/10/18 15:40:24 | 000,000,598 | ---- | M] () -- C:\windows\System32\secushr.dat
    [2012/10/15 17:59:33 | 000,000,248 | ---- | M] () -- C:\windows\System32\secustat.dat
    [2012/10/08 01:01:49 | 000,128,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [2012/10/01 21:41:18 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk
    [2012/10/01 21:37:29 | 000,001,917 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2012/09/28 12:46:46 | 000,000,025 | ---- | M] () -- C:\windows\libem.INI
    [2012/09/28 12:46:29 | 000,001,124 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashGet3.lnk
    [2012/09/28 12:46:28 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\user\Desktop\FlashGet3.lnk
    [5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/19 12:56:34 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
    [2012/10/01 21:53:07 | 000,000,384 | -H-- | C] () -- C:\windows\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/10/01 21:41:18 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk
    [2012/09/28 13:17:41 | 000,000,248 | ---- | C] () -- C:\windows\System32\secustat.dat
    [2012/09/28 12:58:05 | 000,000,598 | ---- | C] () -- C:\windows\System32\secushr.dat
    [2012/09/28 12:46:46 | 000,000,025 | ---- | C] () -- C:\windows\libem.INI
    [2012/09/28 12:46:28 | 000,001,124 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashGet3.lnk
    [2012/09/28 12:46:28 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\user\Desktop\FlashGet3.lnk
    [2012/07/03 14:04:26 | 000,000,754 | ---- | C] () -- C:\windows\WORDPAD.INI
    [2012/06/22 00:03:07 | 000,033,758 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\dt.dat
    [2012/05/18 00:06:44 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
    [2012/04/24 16:23:01 | 000,293,992 | ---- | C] () -- C:\windows\System32\nvdrsdb1.bin
    [2012/04/24 16:23:01 | 000,293,992 | ---- | C] () -- C:\windows\System32\nvdrsdb0.bin
    [2012/04/24 16:23:01 | 000,000,001 | ---- | C] () -- C:\windows\System32\nvdrssel.bin
    [2012/04/24 16:22:45 | 002,784,050 | ---- | C] () -- C:\windows\System32\nvdata.data
    [2012/04/19 02:09:07 | 000,399,872 | ---- | C] () -- C:\windows\c4dstand.dll
    [2012/04/19 02:08:59 | 000,003,330 | ---- | C] () -- C:\windows\splash.ini
    [2012/03/06 22:08:46 | 000,003,840 | ---- | C] () -- C:\windows\System32\drivers\BANTExt.sys
    [2012/02/16 02:44:54 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
    [2011/10/26 01:45:58 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/04 22:05:13 | 000,000,000 | ---- | C] () -- C:\windows\iPlayer.INI
    [2011/10/04 19:08:39 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2011/09/14 19:34:30 | 000,000,022 | ---- | C] () -- C:\windows\System32\systeminfo3.dll
    [2011/09/14 19:34:24 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\user\Application Data\inst.exe
    [2011/09/14 19:34:24 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.cat
    [2011/09/14 19:34:24 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pcouffin.inf
    [2011/07/29 13:10:23 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
    [2011/07/29 00:46:23 | 000,004,212 | -H-- | C] () -- C:\windows\System32\zllictbl.dat
    [2011/07/28 23:58:35 | 000,001,324 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
    [2011/07/28 23:58:34 | 000,000,552 | ---- | C] () -- C:\windows\System32\d3d8caps.dat
    [2011/07/28 23:31:15 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
    [2011/07/28 23:30:18 | 000,128,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
    [2011/07/28 22:46:51 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
    [2011/07/28 22:40:09 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
    [2011/05/31 07:39:50 | 000,058,368 | ---- | C] () -- C:\windows\System32\bdmpegv.dll
    [2011/05/31 07:38:18 | 000,015,360 | ---- | C] () -- C:\windows\System32\bdmjpeg.dll

    ========== ZeroAccess Check ==========

    [2011/07/28 22:40:27 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/07/26 21:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/09/14 20:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2011/07/29 00:42:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/04/18 17:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2012/06/25 21:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2011/10/04 22:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2012/07/26 20:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/10/24 21:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
    [2012/07/26 20:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
    [2012/07/26 20:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2012/10/01 21:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2012/10/01 21:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
    [2012/10/01 21:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2012/05/03 18:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2012/07/06 16:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SimulationExams.com
    [2012/10/19 13:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/09/14 19:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2011/08/03 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Airytec
    [2012/10/19 16:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BitComet
    [2012/10/15 17:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BITS
    [2011/09/14 20:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canneverbe Limited
    [2012/06/28 16:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Certblaster
    [2012/05/18 15:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DAEMON Tools Lite
    [2011/12/22 03:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DDMSettings
    [2011/10/04 21:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ElevatedDiagnostics
    [2012/09/28 13:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FlashGet
    [2012/09/28 12:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FlashGetBHO
    [2012/09/28 12:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FlashgetSetup
    [2011/08/02 17:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\fltk.org
    [2011/09/14 20:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FreeBurner
    [2011/09/13 15:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GanymedeNet
    [2011/07/29 15:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GlarySoft
    [2012/01/02 18:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GOL_byHasbro
    [2011/10/04 22:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IObit
    [2011/07/29 17:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MotioninJoy
    [2012/08/09 20:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
    [2012/10/01 21:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PC Suite
    [2012/06/25 21:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Samsung
    [2012/10/19 12:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TestApp
    [2011/09/14 21:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Toolbar4
    [2011/08/01 17:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Unity
    [2011/09/23 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\VBA-M
    [2011/09/14 19:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Vso
    [2012/03/06 22:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinAVI

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >


  • Options
    #4
    carrigy
    Closed Accounts Posts: 42 carrigy


    OTL Extras logfile created on: 19/10/2012 16:34:10 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop\OTL
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1022.48 Mb Total Physical Memory | 632.18 Mb Available Physical Memory | 61.83% Memory free
    2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.43% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 48.83 Gb Total Space | 28.38 Gb Free Space | 58.13% Space Free | Partition Type: NTFS
    Drive D: | 249.25 Gb Total Space | 241.60 Gb Free Space | 96.93% Space Free | Partition Type: NTFS

    Computer Name: CARRS-6BAF887BF | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htafile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "8026:TCP" = 8026:TCP:*:Enabled:BitComet 8026 TCP
    "8026:UDP" = 8026:UDP:*:Enabled:BitComet 8026 UDP
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager
    "C:\Nexon\Vindictus EU\en-EU\Vindictus.exe" = C:\Nexon\Vindictus EU\en-EU\Vindictus.exe:*:Enabled:Vindictus Launcher
    "C:\Nexon\Vindictus EU\en-EU\NMService.exe" = C:\Nexon\Vindictus EU\en-EU\NMService.exe:*:Enabled:Nexon Messenger Core
    "C:\Program Files\Valve\Portal 2\portal2.exe" = C:\Program Files\Valve\Portal 2\portal2.exe:*:Enabled:portal2
    "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
    "C:\Documents and Settings\user\Local Settings\Temp\BundleSweetIMSetup.exe" = C:\Documents and Settings\user\Local Settings\Temp\BundleSweetIMSetup.exe:*:Enabled:InHouseSDM Setup
    "C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
    "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager
    "C:\Documents and Settings\user\desktop\DesMuME 0.9.7\WinPcap_4_1_2.exe" = C:\Documents and Settings\user\desktop\DesMuME 0.9.7\WinPcap_4_1_2.exe:*:Enabled:WinPcap_4_1_2
    "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Airytec Switch Off" = Airytec Switch Off
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "Belarc Advisor" = Belarc Advisor 8.2
    "BitComet" = BitComet 1.32
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
    "CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DivX Setup" = DivX Setup
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "FlashGet3.7" = FlashGet3.7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Nokia Suite" = Nokia Suite
    "SpeedFan" = SpeedFan (remove only)
    "VLC media player" = VLC media player 2.0.2
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 22/02/2012 09:15:52 | Computer Name = CARRS-6BAF887BF | Source = Application Error | ID = 1000
    Description = Faulting application white.exe, version 1.2.0.0, faulting module ntdll.dll,
    version 5.1.2600.6055, fault address 0x00029f07.

    Error - 22/02/2012 20:26:26 | Computer Name = CARRS-6BAF887BF | Source = Application Error | ID = 1000
    Description = Faulting application white.exe, version 1.2.0.0, faulting module white.exe,
    version 1.2.0.0, fault address 0x007037fb.

    Error - 23/02/2012 17:14:14 | Computer Name = CARRS-6BAF887BF | Source = Application Error | ID = 1000
    Description = Faulting application white.exe, version 1.2.0.0, faulting module white.exe,
    version 1.2.0.0, fault address 0x006d4403.

    Error - 25/02/2012 11:59:02 | Computer Name = CARRS-6BAF887BF | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 25/02/2012 11:59:03 | Computer Name = CARRS-6BAF887BF | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The specified server cannot perform the requested operation.

    Error - 26/02/2012 15:01:04 | Computer Name = CARRS-6BAF887BF | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 26/02/2012 15:01:05 | Computer Name = CARRS-6BAF887BF | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    [ System Events ]
    Error - 19/10/2012 06:28:19 | Computer Name = CARRS-6BAF887BF | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 19/10/2012 07:24:29 | Computer Name = CARRS-6BAF887BF | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 19/10/2012 07:25:38 | Computer Name = CARRS-6BAF887BF | Source = Service Control Manager | ID = 7000
    Description = The StarOpen service failed to start due to the following error: %%2

    Error - 19/10/2012 07:30:10 | Computer Name = CARRS-6BAF887BF | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 19/10/2012 07:30:37 | Computer Name = CARRS-6BAF887BF | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 19/10/2012 07:31:38 | Computer Name = CARRS-6BAF887BF | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AmdPPM BANTExt Fips MpFilter Processor SASDIFSV SASKUTIL

    Error - 19/10/2012 07:55:44 | Computer Name = CARRS-6BAF887BF | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 19/10/2012 07:56:51 | Computer Name = CARRS-6BAF887BF | Source = Service Control Manager | ID = 7000
    Description = The StarOpen service failed to start due to the following error: %%2

    Error - 19/10/2012 09:18:17 | Computer Name = CARRS-6BAF887BF | Source = Service Control Manager | ID = 7000
    Description = The StarOpen service failed to start due to the following error: %%2

    Error - 19/10/2012 11:27:27 | Computer Name = CARRS-6BAF887BF | Source = Service Control Manager | ID = 7000
    Description = The StarOpen service failed to start due to the following error: %%2


    < End of report >


  • Options
    #5
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Seems MBAM did its job. Do you have the log from when MBAM found anything ? Its in the Logs tab, post it if possible.


  • Options
    #6
    carrigy
    Closed Accounts Posts: 42 carrigy


    Thats great news, Mbam works a treat as always. That Rkill program also helped im sure.

    found the last log which it removed them. did 2 others after this one a quick and full and it found nothing. I'm assuming the virus lodges itself into system restore and when i disabled it, I was able to remove it using Mbam.

    anyway here is the log when it go rid of them.


    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.19.04

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    user :: CARRS-6BAF887BF [administrator]

    19/10/2012 12:32:07
    mbam-log-2012-10-19 (12-32-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224080
    Time elapsed: 3 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Documents and Settings\user\Application Data\hellomoto (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

    Files Detected: 2
    C:\Documents and Settings\user\Application Data\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
    C:\Documents and Settings\user\Application Data\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

    (end)


  • Advertisement
  • Options
    #7
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    looks good, open OTL click the cleanup button and all done.


  • Options
    #8
    carrigy
    Closed Accounts Posts: 42 carrigy


    ok all done, thanks for your help


Advertisement