Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help! I hate VIRUSES!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help! I hate VIRUSES!

Unread postby -DEMON- » November 6th, 2010, 8:10 am

Hello, I seem to have come across a couple of viruses. I ran my mbam and it picked up three. I then ran avira and it found just one. I'm posting my HJT, Uninstall list, mbam, and avira logs here. I would really appreciate the help.. Thank you very much in advanced.





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:06:21 AM, on 11/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Arc Angel\My Documents\Hjt\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Documents and Settings\Arc Angel\My Documents\toolbar\Gamers Unite! Snag Bar\Helper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FCTBPos00Pos - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Documents and Settings\Arc Angel\My Documents\toolbar\Gamers Unite! Snag Bar\Toolbar.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O3 - Toolbar: Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Documents and Settings\Arc Angel\My Documents\toolbar\Gamers Unite! Snag Bar\Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\Arc Angel\My Documents\Programs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8473691578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8531583203
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10871 bytes






Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Conexant HD Audio
Customer Experience Enhancement
DivX Setup
ESPNMotion
Gamers Unite! Snag Bar
GemMaster Mystic
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Help and Support
HP Imaging Device Functions 6.0
HP Pavilion Webcam Demo
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Rhapsody
HP Update
HP User Guides 0036
HP Wireless Assistant 2.00 G2
Intel(R) PRO Network Connections Drivers
Java(TM) 6 Update 22
Junk Mail filter update
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Click-to-Run 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
NetWaiting
NVIDIA Drivers
NVIDIA PhysX
Office 2003 Trial Assistant
Otto
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Synaptics Pointing Device Driver
System Requirements Lab
TourSetup
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
Vegas Pro 9.0
Vongo
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wireless Home Network Setup
Zynga Toolbar







Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5058

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/6/2010 7:31:36 AM
mbam-log-2010-11-06 (07-31-36).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 213798
Time elapsed: 1 hour(s), 16 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Arc Angel\My Documents\Vegas 9\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP62\A0016922.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Vegas 9\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.









Avira AntiVir Personal
Report file date: Saturday, November 06, 2010 06:32

Scanning for 3020684 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DEMON

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 11/5/2010 01:05:48
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 04:30:05
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 04:30:35
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 19:06:32
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 18:47:02
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 01:05:47
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 01:05:47
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 01:05:47
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 01:05:47
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 01:05:47
VBASE014.VDF : 7.10.13.117 2048 Bytes 11/4/2010 01:05:47
VBASE015.VDF : 7.10.13.118 2048 Bytes 11/4/2010 01:05:47
VBASE016.VDF : 7.10.13.119 2048 Bytes 11/4/2010 01:05:47
VBASE017.VDF : 7.10.13.120 2048 Bytes 11/4/2010 01:05:47
VBASE018.VDF : 7.10.13.121 2048 Bytes 11/4/2010 01:05:47
VBASE019.VDF : 7.10.13.122 2048 Bytes 11/4/2010 01:05:47
VBASE020.VDF : 7.10.13.123 2048 Bytes 11/4/2010 01:05:47
VBASE021.VDF : 7.10.13.124 2048 Bytes 11/4/2010 01:05:47
VBASE022.VDF : 7.10.13.125 2048 Bytes 11/4/2010 01:05:47
VBASE023.VDF : 7.10.13.126 2048 Bytes 11/4/2010 01:05:47
VBASE024.VDF : 7.10.13.127 2048 Bytes 11/4/2010 01:05:47
VBASE025.VDF : 7.10.13.128 2048 Bytes 11/4/2010 01:05:47
VBASE026.VDF : 7.10.13.129 2048 Bytes 11/4/2010 01:05:47
VBASE027.VDF : 7.10.13.130 2048 Bytes 11/4/2010 01:05:47
VBASE028.VDF : 7.10.13.131 2048 Bytes 11/4/2010 01:05:47
VBASE029.VDF : 7.10.13.132 2048 Bytes 11/4/2010 01:05:47
VBASE030.VDF : 7.10.13.133 2048 Bytes 11/4/2010 01:05:47
VBASE031.VDF : 7.10.13.145 130048 Bytes 11/5/2010 10:28:50
Engineversion : 8.2.4.92
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 00:54:21
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/5/2010 01:05:48
AESCN.DLL : 8.1.6.1 127347 Bytes 7/7/2010 04:31:37
AESBX.DLL : 8.1.3.1 254324 Bytes 7/7/2010 04:31:44
AERDL.DLL : 8.1.9.2 635252 Bytes 9/24/2010 15:33:38
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/14/2010 14:05:16
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/21/2010 19:40:23
AEHEUR.DLL : 8.1.2.38 2990455 Bytes 11/5/2010 01:05:48
AEHELP.DLL : 8.1.14.0 246134 Bytes 10/14/2010 14:05:00
AEGEN.DLL : 8.1.3.24 401781 Bytes 11/5/2010 01:05:47
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/7/2010 04:31:06
AECORE.DLL : 8.1.17.0 196982 Bytes 9/24/2010 15:33:12
AEBB.DLL : 8.1.1.0 53618 Bytes 7/7/2010 04:31:04
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 11/5/2010 01:05:48
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 11/5/2010 01:05:48
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/5/2010 01:05:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, Q:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, November 06, 2010 06:32

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'avscan.exe' - '69' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '57' Module(s) have been scanned
Scan process 'mbam.exe' - '64' Module(s) have been scanned
Scan process 'chrome.exe' - '71' Module(s) have been scanned
Scan process 'chrome.exe' - '36' Module(s) have been scanned
Scan process 'chrome.exe' - '36' Module(s) have been scanned
Scan process 'chrome.exe' - '36' Module(s) have been scanned
Scan process 'chrome.exe' - '65' Module(s) have been scanned
Scan process 'OSPPSVC.EXE' - '28' Module(s) have been scanned
Scan process 'OfficeVirt.exe' - '24' Module(s) have been scanned
Scan process 'cvh.exe' - '73' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'dllhost.exe' - '62' Module(s) have been scanned
Scan process 'WMPNetwk.exe' - '53' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '63' Module(s) have been scanned
Scan process 'mqtgsvc.exe' - '38' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '34' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'ehmsas.exe' - '31' Module(s) have been scanned
Scan process 'sftlist.exe' - '60' Module(s) have been scanned
Scan process 'mqsvc.exe' - '57' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '30' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '98' Module(s) have been scanned
Scan process 'sftvsa.exe' - '22' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '39' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '21' Module(s) have been scanned
Scan process 'avshadow.exe' - '27' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '23' Module(s) have been scanned
Scan process 'jqs.exe' - '35' Module(s) have been scanned
Scan process 'ehSched.exe' - '40' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '44' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'WMPNSCFG.exe' - '32' Module(s) have been scanned
Scan process 'ctfmon.exe' - '32' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '60' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'jusched.exe' - '29' Module(s) have been scanned
Scan process 'avgnt.exe' - '58' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '27' Module(s) have been scanned
Scan process 'QlbCtrl.exe' - '46' Module(s) have been scanned
Scan process 'issch.exe' - '13' Module(s) have been scanned
Scan process 'QPService.exe' - '55' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '32' Module(s) have been scanned
Scan process 'rundll32.exe' - '40' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '36' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '44' Module(s) have been scanned
Scan process 'ehtray.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'Explorer.EXE' - '111' Module(s) have been scanned
Scan process 'spoolsv.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '166' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '29' Module(s) have been scanned
Scan process 'winlogon.exe' - '68' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'Q:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1776' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
Begin scan in 'D:\' <Data>
D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP133\A0025659.exe
[DETECTION] Is the TR/Trash.Gen Trojan
Begin scan in 'E:\' <HP_RECOVERY>
Begin scan in 'Q:\'
Search path Q:\ could not be opened!
System error [5]: Access is denied.

Beginning disinfection:
D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP133\A0025659.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f9ce7b9.qua'.


End of the scan: Saturday, November 06, 2010 07:58
Used time: 1:25:24 Hour(s)

The scan has been done completely.

8024 Scanned directories
414502 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
414501 Files not concerned
10581 Archives were scanned
0 Warnings
1 Notes
366538 Objects were scanned with rootkit scan
0 Hidden objects were found




Thank you again.
-DEMON-
Regular Member
 
Posts: 71
Joined: June 23rd, 2007, 7:38 pm
Advertisement
Register to Remove

Re: Help! I hate VIRUSES!

Unread postby deltalima » November 9th, 2010, 4:46 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help! I hate VIRUSES!

Unread postby deltalima » November 9th, 2010, 5:00 am

Hi -DEMON-,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help! I hate VIRUSES!

Unread postby -DEMON- » November 9th, 2010, 1:21 pm

Here are the two logs that were previously asked for.



CkFiles



CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\arc angel\my documents\downloads\sony.vegas.pro.9.+.crack.and.keygen.rar.torrent
c:\documents and settings\arc angel\my documents\vegas 9\sony_vegaspro8_dvdarchitect45_soundforge9_crack.exe
scanner sequence 3.LB.11
----- EOF -----




MGADiag




Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-9TCCK-JPCBM-B2FQ8
Windows Product Key Hash: B/IohRcCzV6LJrex8WpCdnxgTvg=
Windows Product ID: 76487-OEM-2211906-00803
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.med
ID: {552AC9E6-37FB-415F-B35A-A369286C2AA5}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{552AC9E6-37FB-415F-B35A-A369286C2AA5}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.med</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B2FQ8</PKey><PID>76487-OEM-2211906-00803</PID><PIDType>2</PIDType><SID>S-1-5-21-3383821861-1699414857-1321467403</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv9000 (RG343UA#ABA) </Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.04 </Version><SMBIOSVersion major="2" minor="4"/><Date>20060918000000.000000+000</Date><SLPBIOS>Compaq,Hewlett,Hewlett,Compaq</SLPBIOS></BIOS><HWID>03793AFF0184607A</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>HP</name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: C180:Compaq Computer Corporation|14988:Compaq Computer Corporation|14988:Compaq Computer Corporation|C180:Hewlett-Packard Company|149A4:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: Compaq,Hewlett,Hewlett,Compaq

OEM Activation 2.0 Data-->
N/A
-DEMON-
Regular Member
 
Posts: 71
Joined: June 23rd, 2007, 7:38 pm

Re: Help! I hate VIRUSES!

Unread postby deltalima » November 9th, 2010, 1:44 pm

Hi -DEMON-,

Please remove the files

c:\documents and settings\arc angel\my documents\downloads\sony.vegas.pro.9.+.crack.and.keygen.rar.torrent
c:\documents and settings\arc angel\my documents\vegas 9\sony_vegaspro8_dvdarchitect45_soundforge9_crack.exe

and any other crack software that may be on the computer.

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Gamers Unite! Snag Bar
    click Remove
    highlight Zynga Toolbar
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help! I hate VIRUSES!

Unread postby -DEMON- » November 9th, 2010, 10:07 pm

Here are the three logs.


Gmer



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-09 21:05:16
Windows 5.1.2600 Service Pack 3
Running: llj410tr.exe; Driver: C:\DOCUME~1\ARCANG~1\LOCALS~1\Temp\pxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT F126232E ZwCreateKey
SSDT F1262324 ZwCreateThread
SSDT F1262333 ZwDeleteKey
SSDT F126233D ZwDeleteValueKey
SSDT F1262342 ZwLoadKey
SSDT F1262310 ZwOpenProcess
SSDT F1262315 ZwOpenThread
SSDT F126234C ZwReplaceKey
SSDT F1262347 ZwRestoreKey
SSDT F1262338 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF591F360, 0x33AACD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3080] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3108] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5244] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5528] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5632] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5656] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5776] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




Otl text.


OTL logfile created on: 11/9/2010 7:35:22 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Arc Angel\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.82 Gb Total Space | 37.26 Gb Free Space | 60.27% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 73.99 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive E: | 11.67 Gb Total Space | 1.31 Gb Free Space | 11.23% Space Free | Partition Type: FAT32

Computer Name: DEMON | User Name: Arc Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Arc Angel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Arc Angel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Sftvol) -- C:\WINDOWS\system32\drivers\Sftvolxp.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\WINDOWS\system32\drivers\Sftredirxp.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\WINDOWS\system32\drivers\Sftplayxp.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\WINDOWS\system32\drivers\Sftfsxp.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (5U870CAP_VID_1262&PID_25FD) -- C:\WINDOWS\system32\drivers\5U870CAP.sys (Ricoh)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3383821861-1699414857-1321467403-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3383821861-1699414857-1321467403-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKU\S-1-5-21-3383821861-1699414857-1321467403-1005\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3383821861-1699414857-1321467403-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.346
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 11:48:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/06 02:40:21 | 000,000,000 | ---D | M]

[2010/07/07 00:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arc Angel\Application Data\Mozilla\Extensions
[2010/11/09 19:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arc Angel\Application Data\Mozilla\Firefox\Profiles\9naxji1l.default\extensions
[2010/07/09 17:47:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Arc Angel\Application Data\Mozilla\Firefox\Profiles\9naxji1l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/09 19:12:15 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Documents and Settings\Arc Angel\Application Data\Mozilla\Firefox\Profiles\9naxji1l.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2010/07/08 01:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arc Angel\Application Data\Mozilla\Firefox\Profiles\9naxji1l.default\extensions\illimitux@illimitux.net
[2010/11/09 19:12:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/01 13:27:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 03:02:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/07 00:38:36 | 000,608,415 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16056 more lines...
O3 - HKU\S-1-5-21-3383821861-1699414857-1321467403-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3383821861-1699414857-1321467403-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3383821861-1699414857-1321467403-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8473691578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8531583203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 19:34:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Arc Angel\Desktop\OTL.exe
[2010/11/09 12:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/11/09 12:16:34 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Arc Angel\Desktop\MGADiag.exe
[2010/11/02 03:02:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/02 03:02:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/02 03:02:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/20 17:56:21 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/10/20 17:56:21 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/10/20 17:56:21 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010/10/20 17:56:21 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010/10/20 17:56:21 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/10/20 17:56:21 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/10/20 17:56:21 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/10/20 17:56:21 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/10/20 17:56:21 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/10/20 17:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/10/20 17:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arc Angel\Desktop\DivX
[2010/10/20 17:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/10/15 11:47:52 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/15 11:47:52 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/15 11:47:52 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/15 11:47:46 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

========== Files - Modified Within 30 Days ==========

[2010/11/09 19:35:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3383821861-1699414857-1321467403-1005UA.job
[2010/11/09 19:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arc Angel\Desktop\OTL.exe
[2010/11/09 18:04:09 | 000,541,216 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 18:04:09 | 000,100,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/09 18:00:01 | 000,001,345 | ---- | M] () -- C:\hpqp.ini
[2010/11/09 17:59:20 | 000,194,730 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/09 17:59:18 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/11/09 17:59:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/09 17:59:08 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/09 12:35:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3383821861-1699414857-1321467403-1005Core.job
[2010/11/09 12:17:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 12:16:40 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Arc Angel\Desktop\MGADiag.exe
[2010/11/09 12:13:07 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Arc Angel\Desktop\CKScanner.exe
[2010/11/08 09:31:50 | 000,103,815 | ---- | M] () -- C:\Documents and Settings\Arc Angel\Desktop\bros2.jpg
[2010/11/06 20:41:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/06 07:06:08 | 000,002,470 | ---- | M] () -- C:\Documents and Settings\Arc Angel\Desktop\HiJackThis.lnk
[2010/11/06 03:36:32 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/06 02:43:52 | 000,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/11/05 11:35:44 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\Arc Angel\Desktop\Google Chrome.lnk
[2010/11/04 20:05:48 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/04 20:05:48 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/28 16:21:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/24 22:43:19 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Arc Angel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/15 13:41:23 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2010/11/09 12:13:07 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Arc Angel\Desktop\CKScanner.exe
[2010/11/08 09:31:58 | 000,103,815 | ---- | C] () -- C:\Documents and Settings\Arc Angel\Desktop\bros2.jpg
[2010/08/21 19:26:49 | 000,143,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/09 17:57:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Arc Angel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 01:17:49 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Arc Angel\Local Settings\Application Data\fusioncache.dat
[2010/07/07 01:17:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Arc Angel\Local Settings\Application Data\DSwitch.txt
[2010/07/07 01:17:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Arc Angel\Local Settings\Application Data\AtStart.txt
[2010/07/07 01:17:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Arc Angel\Local Settings\Application Data\QSwitch.txt
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/17 11:13:22 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/17 11:09:09 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/17 10:54:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/17 10:42:07 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/20 00:58:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/20 00:58:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/20 00:58:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/20 00:58:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/06 05:28:58 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2006/06/29 14:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 13:49:18 | 000,001,398 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 13:46:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 13:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 13:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/04 02:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 13:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 13:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

< End of report >



Extras txt.


OTL Extras logfile created on: 11/9/2010 7:35:22 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Arc Angel\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.82 Gb Total Space | 37.26 Gb Free Space | 60.27% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 73.99 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive E: | 11.67 Gb Total Space | 1.31 Gb Free Space | 11.23% Space Free | Partition Type: FAT32

Computer Name: DEMON | User Name: Arc Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3383821861-1699414857-1321467403-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4180B60-0239-48DE-89EF-2CE4C3650A71}" = HP User Guides 0036
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VENICE_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX Setup
"ESPNMotion" = ESPNMotion
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PROSet" = Intel(R) PRO Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Veetle TV" = Veetle TV 0.9.17
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3383821861-1699414857-1321467403-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2010 6:37:17 AM | Computer Name = DEMON | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{93d31e30-a1a9-11df-b96f-0016368f6c14},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 11/6/2010 6:37:18 AM | Computer Name = DEMON | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

Error - 11/6/2010 6:42:46 AM | Computer Name = DEMON | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{93d31e30-a1a9-11df-b96f-0016368f6c14},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 11/6/2010 6:42:48 AM | Computer Name = DEMON | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

Error - 11/6/2010 6:46:03 AM | Computer Name = DEMON | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{93d31e30-a1a9-11df-b96f-0016368f6c14},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 11/6/2010 6:46:05 AM | Computer Name = DEMON | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

Error - 11/6/2010 7:55:27 AM | Computer Name = DEMON | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{93d31e30-a1a9-11df-b96f-0016368f6c14},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 11/6/2010 7:55:29 AM | Computer Name = DEMON | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

Error - 11/6/2010 7:56:57 AM | Computer Name = DEMON | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{93d31e30-a1a9-11df-b96f-0016368f6c14},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 11/6/2010 7:56:58 AM | Computer Name = DEMON | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

[ System Events ]
Error - 11/8/2010 11:50:21 AM | Computer Name = DEMON | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
3 time(s).

Error - 11/9/2010 8:51:50 AM | Computer Name = DEMON | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/9/2010 8:51:50 AM | Computer Name = DEMON | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 11/9/2010 8:51:50 AM | Computer Name = DEMON | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/9/2010 8:51:50 AM | Computer Name = DEMON | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Service Agent service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/9/2010 8:51:50 AM | Computer Name = DEMON | Source = Service Control Manager | ID = 7034
Description = The hpqwmiex service terminated unexpectedly. It has done this 1
time(s).

Error - 11/9/2010 8:51:50 AM | Computer Name = DEMON | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.

Error - 11/9/2010 8:51:50 AM | Computer Name = DEMON | Source = Service Control Manager | ID = 7034
Description = The Client Virtualization Handler service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/9/2010 8:51:52 AM | Computer Name = DEMON | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Client service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/9/2010 1:11:06 PM | Computer Name = DEMON | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >
-DEMON-
Regular Member
 
Posts: 71
Joined: June 23rd, 2007, 7:38 pm

Re: Help! I hate VIRUSES!

Unread postby deltalima » November 10th, 2010, 4:39 am

Hi -DEMON-,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O3 - HKU\S-1-5-21-3383821861-1699414857-1321467403-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-3383821861-1699414857-1321467403-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.


Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help! I hate VIRUSES!

Unread postby -DEMON- » November 10th, 2010, 2:45 pm

Here are the three logs.


OTL



All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3383821861-1699414857-1321467403-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-3383821861-1699414857-1321467403-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Arc Angel
->Temp folder emptied: 553296 bytes
->Temporary Internet Files folder emptied: 1403805 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61128258 bytes
->Google Chrome cache emptied: 332075098 bytes
->Flash cache emptied: 3496 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 95682 bytes

Total Files Cleaned = 377.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11102010_075814

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





MBR Check



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0001003c

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF798D000 viaide.sys
0xF798F000 aliide.sys
0xF7329000 pcmcia.sys
0xF74B7000 MountMgr.sys
0xF730A000 ftdisk.sys
0xF7991000 dmload.sys
0xF72E4000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF72CC000 atapi.sys
0xF71F6000 iaStor.sys
0xF74D7000 disk.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF71D6000 fltmgr.sys
0xF71C4000 sr.sys
0xF74F7000 PxHelp20.sys
0xF71AD000 KSecDD.sys
0xF719A000 WudfPf.sys
0xF710D000 Ntfs.sys
0xF70E0000 NDIS.sys
0xF7507000 Serial.sys
0xF70C6000 Mup.sys
0xF7527000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7537000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7035000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7031000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF591F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF590B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF58E3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF556B000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xF552E000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF550A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7807000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF54F6000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF780F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF7587000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF54AA000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF7021000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF652E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7817000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF651E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF781F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5473000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7827000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF650E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF64FE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF64EE000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5450000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7AAD000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF64DE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7019000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5439000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF64CE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF64BE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF782F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5428000 \SystemRoot\system32\DRIVERS\psched.sys
0xF64AE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7837000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF783F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF53F8000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF649E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79CD000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF539A000 \SystemRoot\system32\DRIVERS\update.sys
0xF795F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF3241000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF17E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEBDAD000 \SystemRoot\system32\drivers\CHDAud.sys
0xEBD89000 \SystemRoot\system32\drivers\portcls.sys
0xF17C7000 \SystemRoot\system32\drivers\drmk.sys
0xEBD55000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xEBC63000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xEBBB0000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF1702000 \SystemRoot\System32\Drivers\Modem.SYS
0xF15C4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xEF2CA000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7A03000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEEBD7000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A05000 \SystemRoot\System32\Drivers\Beep.SYS
0xEE301000 \SystemRoot\System32\drivers\vga.sys
0xF7A07000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A09000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEE2F9000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEE2F1000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEF2C6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEBB2B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEBAD2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEBAAA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEBA84000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEBA62000 \SystemRoot\System32\drivers\afd.sys
0xF2104000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7A0B000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0xF20F4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEE2E9000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xEBA37000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF20E4000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEB9C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEED68000 \SystemRoot\System32\Drivers\Fips.SYS
0xEB9A4000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A1B000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xEB991000 \SystemRoot\System32\Drivers\5U870CAP.sys
0xEED08000 \SystemRoot\System32\Drivers\STREAM.SYS
0xF126B000 \SystemRoot\System32\Drivers\USBCAMD.SYS
0xEB96D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEB897000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF1E2E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF1E4A000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xEDF31000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB706F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xEF7FB000 \SystemRoot\system32\DRIVERS\Sftvolxp.sys
0xF151C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB700A000 \SystemRoot\system32\drivers\wdmaud.sys
0xF75A7000 \SystemRoot\system32\drivers\sysaudio.sys
0xB6E6F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB6DDE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB6D36000 \SystemRoot\system32\DRIVERS\srv.sys
0xB6E1F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB6CCF000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0xB6C75000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0xB6BEF000 \SystemRoot\system32\DRIVERS\Sftfsxp.sys
0xB6AF4000 \SystemRoot\system32\DRIVERS\Sftplayxp.sys
0xB6784000 \SystemRoot\system32\DRIVERS\Sftredirxp.sys
0xF75C7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB5102000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 55):
0 System Idle Process
4 System
836 C:\WINDOWS\system32\smss.exe
916 csrss.exe
948 C:\WINDOWS\system32\winlogon.exe
992 C:\WINDOWS\system32\services.exe
1004 C:\WINDOWS\system32\lsass.exe
1200 C:\WINDOWS\system32\svchost.exe
1268 svchost.exe
1412 C:\WINDOWS\system32\svchost.exe
1452 C:\WINDOWS\system32\svchost.exe
1612 svchost.exe
1896 C:\WINDOWS\system32\spoolsv.exe
1968 C:\Program Files\Avira\AntiVir Desktop\sched.exe
384 svchost.exe
768 msdtc.exe
900 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1148 C:\WINDOWS\ehome\ehrecvr.exe
1224 C:\WINDOWS\ehome\ehSched.exe
1664 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2060 svchost.exe
2080 C:\WINDOWS\system32\svchost.exe
2264 C:\WINDOWS\system32\searchindexer.exe
2416 mcrdsvc.exe
2460 C:\WINDOWS\system32\mqsvc.exe
2604 C:\WINDOWS\system32\wuauclt.exe
2932 C:\WINDOWS\system32\mqtgsvc.exe
3380 C:\WINDOWS\ehome\ehtray.exe
3428 C:\WINDOWS\ehome\ehmsas.exe
3532 C:\WINDOWS\system32\rundll32.exe
3588 wmiprvse.exe
3768 C:\WINDOWS\system32\rundll32.exe
496 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
184 alg.exe
2788 C:\WINDOWS\system32\ctfmon.exe
708 C:\Program Files\Windows Media Player\wmpnscfg.exe
3564 C:\WINDOWS\system32\svchost.exe
688 wmpnetwk.exe
568 C:\WINDOWS\explorer.exe
616 C:\WINDOWS\system32\wuauclt.exe
192 C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3884 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2832 C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2824 C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3512 C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3748 C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
576 C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3076 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
816 C:\Program Files\Mozilla Firefox\firefox.exe
412 C:\Documents and Settings\Arc Angel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1240 C:\Program Files\Mozilla Firefox\plugin-container.exe
2356 C:\WINDOWS\system32\dllhost.exe
3964 C:\WINDOWS\system32\searchprotocolhost.exe
4020 searchfilterhost.exe
2408 C:\Documents and Settings\Arc Angel\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000f`74ed8e00 (FAT32)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: ST98823AS, Rev: 7.24
PhysicalDrive1 Model Number: ST98823AS, Rev: 7.24

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F19F100B4DC860880BDC331CC9D56B1C13F605D5
74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!




Kaspersky




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 10, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, November 10, 2010 09:22:46
Records in database: 4249348
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
Q:\

Scan statistics:
Objects scanned: 63074
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:19:13

No threats found. Scanned area is clean.

Selected area has been scanned.
-DEMON-
Regular Member
 
Posts: 71
Joined: June 23rd, 2007, 7:38 pm

Re: Help! I hate VIRUSES!

Unread postby deltalima » November 10th, 2010, 3:16 pm

Hi -DEMON-,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop, it will be named llj410tr.exe

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help! I hate VIRUSES!

Unread postby Wingman » November 11th, 2010, 5:32 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware