Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

recurring zbot,g virus again

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: recurring zbot,g virus again

Unread postby swiiper » December 21st, 2011, 7:26 pm

OTL logfile created on: 21/12/2011 23:24:37 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows 2000 Professional Edition (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 641.73 Mb Available Physical Memory | 63.27% Memory free
2.39 Gb Paging File | 2.00 Gb Available in Paging File | 83.84% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 45.04 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 65.83 Gb Free Space | 91.44% Space Free | Partition Type: NTFS

Computer Name: JACK | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< c:\windows\system32|java;true;false;true /FP >
[2010/03/09 03:28:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
[2010/03/09 01:16:10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javacpl.cpl
[2010/03/09 03:28:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe
[2010/03/09 03:28:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaws.exe

< End of report >
swiiper
Regular Member
 
Posts: 36
Joined: November 3rd, 2011, 12:44 pm
Advertisement
Register to Remove

Re: recurring zbot,g virus again

Unread postby mambass » December 21st, 2011, 9:24 pm

Hi swiiper,

Please post the contents of the RKreport.txt log from Step I of the instructions.

Thank you. :)

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: recurring zbot,g virus again

Unread postby swiiper » December 22nd, 2011, 9:59 am

It's in the previous post (page 2)
swiiper
Regular Member
 
Posts: 36
Joined: November 3rd, 2011, 12:44 pm

Re: recurring zbot,g virus again

Unread postby mambass » December 22nd, 2011, 10:40 pm

Hi swiiper, :)

Thank you for your posts. I apologize for not having seen the RogueKiller log on the previous page.

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Perform a Custom Fix with OTL
    1. Close all running applications.
    2. Double-click the OTL icon on your Desktop to run the program.
    3. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      :Files
      C:\WINDOWS\system32\java.exe
      C:\WINDOWS\system32\javacpl.cpl
      C:\WINDOWS\system32\javaw.exe
      C:\WINDOWS\system32\javaws.exe
      
      :Commands
      [EMPTYTEMP]
      [CREATERESTOREPOINT]
      
    4. Close all running applications other than OTL.
    5. Click the Run Fix button at the top.
    6. Let the program run unhindered and reboot the PC when it is done.
    7. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  2. Run RogueKiller Delete
    1. Quit all running programs.
    2. Double click RogueKiller.exe to run it.
    3. When prompted, type 2 and hit Enter.
    4. A RKreport.txt should appear on your desktop.
    5. Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe .
    6. Please post the contents of the RKreport.txt in your next Reply.

  3. Remove Programs Using Control Panel
    1. Click Start > Settings > Control Panel or Start > Control Panel then double-click Add/Remove Programs.
    2. Highlight each Entry, as follows, one by one, if it exists, and choose Remove

      Adobe Reader 8.1.4

      Take extra care in answering questions posed by any Uninstaller.
    3. Close both the Add or Remove Programs window and the Control Panel window.

  4. Install Java Runtime Environment
    1. Please goto http://www.oracle.com/technetwork/java/javase/downloads/index.html
    2. Find the section labeled Java SE 6 Update 30 and click on the JRE Download button. (DO NOT click the JDK Download button).
    3. Click the Accept License Agreement option.
    4. Find the Windows x86 Offline entry, click the jre-6u30-windows-i586.exe link and save the installer on your Desktop.
    5. Double-click the jre-6u30-windows-i586.exe icon on your Desktop and it will install the newest version of Java for you to use.
      1. During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus. It's just adware.
      2. Also always UNCHECK any offer for Ask Toolbar during the installation of Java or any other product.
    6. When it finishes, you can remove the Installer from your desktop.

  5. Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
    All versions numbered lower than 10.1 are vulnerable.
    1. Please click here to download the AdbeRdr1011_en_US.exe installer and save it to your desktop.
    2. Double-click the installer to install the latest version of Adobe Reader.
    3. After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
    4. Click on Edit and select Preferences.
    5. On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    6. Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    7. Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    8. Click the OK button
    9. When it finishes, you can remove the Installer from your desktop.

  6. Run a Scan with OTL
    1. Double-click the OTL icon on your Desktop to run the program.
    2. Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    3. Make sure all other windows are closed so that it can run uninterrupted.
    4. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
    5. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    6. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL Fix log.
  3. The contents of the OTL.txt and Extras.txt logs.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: recurring zbot,g virus again

Unread postby swiiper » December 24th, 2011, 7:34 am

All processes killed
========== FILES ==========
C:\WINDOWS\system32\java.exe moved successfully.
C:\WINDOWS\system32\javacpl.cpl moved successfully.
C:\WINDOWS\system32\javaw.exe moved successfully.
C:\WINDOWS\system32\javaws.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Michael
->Temp folder emptied: 61054164 bytes
->Temporary Internet Files folder emptied: 156883 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42476447 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1478 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 99.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12242011_113101

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
swiiper
Regular Member
 
Posts: 36
Joined: November 3rd, 2011, 12:44 pm

Re: recurring zbot,g virus again

Unread postby swiiper » December 24th, 2011, 9:16 am

RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Michael [Admin rights]
Mode: Remove -- Date : 12/24/2011 13:12:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\WINDOWS\IMAGIN~1.SCR) -> REPLACED (c:\windows\system32\logon.scr)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] e440afe817fb10031fe366013ca4d1d4
[BSP] 7bd015c98f4f065643ac0b63e9cbbd28 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 63 | Size: 6448 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 12594960 | Size: 76282 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 161585152 | Size: 77308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
swiiper
Regular Member
 
Posts: 36
Joined: November 3rd, 2011, 12:44 pm

Re: recurring zbot,g virus again

Unread postby swiiper » December 26th, 2011, 8:31 am

Extras file is not being created. I ran OTL twice nd it wasn't created either time.


OTL logfile created on: 26/12/2011 11:55:39 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows 2000 Professional Edition (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 382.84 Mb Available Physical Memory | 37.74% Memory free
2.39 Gb Paging File | 1.80 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 44.56 Gb Free Space | 62.73% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 65.83 Gb Free Space | 91.44% Space Free | Partition Type: NTFS

Computer Name: JACK | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 13:01:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2011/11/10 23:48:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/19 16:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 16:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/03 14:03:22 | 002,680,104 | ---- | M] (Hercules®) -- C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
PRC - [2011/08/02 09:22:18 | 000,020,480 | ---- | M] () -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
PRC - [2010/12/25 11:10:54 | 006,529,024 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\SSSAudioControl.exe
PRC - [2010/12/25 11:10:48 | 000,102,400 | ---- | M] (SSS) -- C:\WINDOWS\system32\AudioDeviceService.exe
PRC - [2008/10/20 18:32:54 | 002,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008/09/17 13:25:46 | 000,580,200 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 04:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 23:48:01 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/19 16:56:38 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/08/02 09:22:18 | 000,020,480 | ---- | M] () -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
MOD - [2010/05/19 20:59:52 | 000,552,960 | ---- | M] () -- C:\WINDOWS\system32\splitter.ax
MOD - [2010/05/19 20:59:20 | 000,150,528 | ---- | M] () -- C:\WINDOWS\system32\mkx.dll
MOD - [2010/05/19 20:59:02 | 000,141,824 | ---- | M] () -- C:\WINDOWS\system32\mp4.dll
MOD - [2010/05/19 20:55:40 | 000,080,384 | ---- | M] () -- C:\WINDOWS\system32\mkzlib.dll
MOD - [2010/05/19 20:55:36 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/01/10 22:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2008/10/20 18:32:54 | 002,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
MOD - [2008/09/17 13:20:08 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/02 09:22:18 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2010/12/25 11:10:48 | 000,102,400 | ---- | M] (SSS) [Auto | Running] -- C:\WINDOWS\system32\AudioDeviceService.exe -- (AudioDeviceService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/24 13:12:37 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/12/15 15:02:22 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/19 16:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 16:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/02 09:22:20 | 000,225,408 | ---- | M] (© Guillemot R&D, 2011. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2011/08/02 09:22:14 | 000,160,384 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2010/12/25 11:10:54 | 000,014,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UAExt.sys -- (UAExt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/11/07 09:04:00 | 000,291,328 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/10/13 20:21:24 | 001,506,304 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CM106.sys -- (USBMULCD)
DRV - [2008/10/08 06:35:10 | 001,334,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/09/23 20:23:58 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/08/26 23:35:00 | 004,753,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/29 15:59:08 | 000,879,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/07/29 15:59:02 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/26 23:29:54 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/26 23:29:36 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/07/26 23:29:28 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/01/15 03:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2006/08/01 23:57:24 | 000,019,840 | ---- | M] (Samsung) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SUE_PD.sys -- (SUEPD)
DRV - [2005/10/27 04:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michael\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michael\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Michael\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 23:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/26 11:23:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[2009/12/31 10:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/12/17 17:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\lxf46fc4.default\extensions
[2011/12/12 21:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/29 17:21:21 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/10 23:48:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/11 21:20:04 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/11 21:20:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/11 21:20:04 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/11 21:20:04 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/11 21:20:04 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [SSSAudioControl] C:\WINDOWS\system32\SSSAudioControl.exe (TODO: <Company name>)
O4 - HKLM..\Run: [SUPBackGround] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [Facebook Update] "C:\Documents and Settings\Michael\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FEAA65E-B36D-4070-A6F7-E3FEC90F45F3}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/12 19:26:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 11:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/12/25 00:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/25 00:47:40 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2011/12/25 00:47:40 | 000,567,184 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/12/25 00:47:40 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/12/25 00:47:40 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/12/25 00:47:40 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/12/25 00:47:40 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/25 00:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/12 20:32:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/12 19:58:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/12 19:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\ERUNT
[2011/12/07 19:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Malwarebytes
[2011/12/07 19:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/07 19:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/07 19:23:54 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/07 19:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/06 21:19:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/12/06 21:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Avira
[2011/12/06 21:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/12/06 21:06:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/12/06 21:06:37 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/06 21:06:37 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/12/06 21:06:37 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/12/06 21:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/12/06 21:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/11/29 07:59:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Administrative Tools
[2011/11/29 07:59:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\dds.scr
[2011/11/27 13:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\tdsskiller
[2011/11/27 13:01:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/11/27 12:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\RK_Quarantine

========== Files - Modified Within 30 Days ==========

[2011/12/26 11:57:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3870564424-1140265585-552937611-1005UA.job
[2011/12/26 11:34:00 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3870564424-1140265585-552937611-1005UA.job
[2011/12/26 11:23:55 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/12/25 00:47:25 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2011/12/25 00:47:25 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/12/25 00:47:25 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/12/25 00:47:25 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/12/25 00:47:25 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/12/25 00:47:25 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/24 13:18:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/24 13:18:29 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/24 13:12:37 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/21 23:39:38 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\SystemLook(1).exe
[2011/12/18 17:11:34 | 000,000,250 | ---- | M] () -- C:\WINDOWS\System\Cm106.ini
[2011/12/18 15:53:39 | 006,603,671 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\One Direction - What Makes You Beautiful.mp3
[2011/12/18 14:10:26 | 242,054,306 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\2011DISCO-CHART.zip
[2011/12/18 13:48:35 | 045,664,189 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\DISNEY DISCO 2010.zip
[2011/12/18 13:48:29 | 042,873,905 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\GENERAL DISCO 2010 - (UK & IRELAND).zip
[2011/12/18 10:32:19 | 000,771,072 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\RogueKiller.exe
[2011/12/17 17:22:27 | 000,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/17 01:23:40 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/15 15:02:22 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/15 14:58:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/12 21:57:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3870564424-1140265585-552937611-1005Core.job
[2011/12/12 20:34:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3870564424-1140265585-552937611-1005Core.job
[2011/12/12 19:51:12 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\erunt.zip
[2011/12/12 19:50:23 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\SystemLook.exe
[2011/12/07 19:24:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 22:26:37 | 000,003,377 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\attach.zip
[2011/12/06 22:25:09 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\jZip.lnk
[2011/12/06 21:06:56 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/12/06 20:51:45 | 084,358,288 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\avira_free_antivirus_en.exe
[2011/12/04 14:14:54 | 007,809,901 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Drake - Headlines (Explicit).mp3
[2011/12/04 13:18:00 | 002,158,386 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\TooBeautiful.mp3
[2011/12/04 13:16:44 | 005,893,140 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Drake - The Motto ft. Lil Wayne.mp3
[2011/12/03 19:16:07 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Virtual DJ (DJConsole).lnk
[2011/11/29 23:04:33 | 002,817,171 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\HipHopScary.mp3
[2011/11/29 22:56:54 | 002,340,407 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\CaptainBirdseye(1).mp3
[2011/11/29 07:59:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\dds.scr
[2011/11/27 13:12:24 | 001,547,774 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\tdsskiller.zip
[2011/11/27 13:07:02 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\rkill.com
[2011/11/27 13:01:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/11/27 12:54:04 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\HiJackThis.lnk
[2011/11/26 23:46:24 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/12/26 11:23:55 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/12/26 11:23:54 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/21 23:39:42 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\SystemLook(1).exe
[2011/12/18 15:52:35 | 006,603,671 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\One Direction - What Makes You Beautiful.mp3
[2011/12/18 13:34:18 | 042,873,905 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\GENERAL DISCO 2010 - (UK & IRELAND).zip
[2011/12/18 13:33:40 | 045,664,189 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\DISNEY DISCO 2010.zip
[2011/12/18 13:33:31 | 242,054,306 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\2011DISCO-CHART.zip
[2011/12/18 10:32:15 | 000,771,072 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\RogueKiller.exe
[2011/12/12 19:51:15 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\erunt.zip
[2011/12/12 19:50:43 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\SystemLook.exe
[2011/12/07 19:24:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 22:26:37 | 000,003,377 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\attach.zip
[2011/12/06 21:06:56 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/12/06 20:42:11 | 084,358,288 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\avira_free_antivirus_en.exe
[2011/12/04 14:12:17 | 007,809,901 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Drake - Headlines (Explicit).mp3
[2011/12/04 13:15:53 | 005,893,140 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Drake - The Motto ft. Lil Wayne.mp3
[2011/11/29 23:03:59 | 002,817,171 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\HipHopScary.mp3
[2011/11/29 22:59:32 | 002,158,386 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\TooBeautiful.mp3
[2011/11/27 13:12:18 | 001,547,774 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\tdsskiller.zip
[2011/11/27 13:06:56 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\rkill.com
[2011/11/27 12:33:32 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2010/12/29 17:56:13 | 000,000,250 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfl
[2010/12/29 17:55:40 | 000,001,249 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfg
[2010/12/29 17:55:36 | 000,000,490 | ---- | C] () -- C:\WINDOWS\cm106.ini
[2010/12/29 17:55:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SSSAudioEQAndMicData.dat
[2010/12/25 11:10:54 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\UAExt.sys
[2010/05/24 19:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 19:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 19:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 19:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 19:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 19:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 19:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 19:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 19:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 19:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 19:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 19:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 19:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 19:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 19:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 19:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 19:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 20:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 20:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 20:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 20:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 20:58:24 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2010/05/19 20:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 20:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 20:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 20:57:38 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2010/05/19 20:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 20:57:20 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2010/05/19 20:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 20:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/03/08 15:20:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/31 10:31:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/11 21:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/07/10 19:22:53 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 23:00:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/07 16:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/30 17:14:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/01 12:37:35 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Michael_KBD.ini
[2009/04/04 00:42:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/12 19:44:36 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SetDisplayResolution.exe
[2009/02/12 19:37:53 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/02/12 19:37:53 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2009/02/12 19:37:51 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/02/12 19:37:51 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/02/12 19:37:51 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/02/12 19:37:51 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/02/12 19:37:51 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/02/12 19:37:51 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/02/12 19:37:51 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/02/12 19:37:51 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/02/12 19:37:51 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/02/12 19:37:51 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/02/12 19:37:51 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/02/12 19:37:51 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/02/12 19:37:51 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/02/12 19:37:51 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/02/12 19:37:51 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/02/12 19:37:51 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/02/12 19:37:51 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/02/12 19:35:41 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/02/12 19:35:41 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/02/12 19:32:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/02/12 19:29:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Marker.exe
[2009/02/12 19:29:56 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/02/12 19:28:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/12 19:23:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/12 18:06:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/02/12 18:05:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/02/12 18:05:39 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/12 18:05:39 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/02/12 18:05:39 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/12 18:05:39 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/02/12 18:05:38 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/02/12 18:05:38 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/02/12 18:05:38 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/02/12 18:05:37 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/02/12 18:05:37 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/02/12 18:05:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/02/12 18:05:31 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/02/12 11:18:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/12 11:17:50 | 000,134,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/10 22:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 15:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/17 13:20:08 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/10/13 09:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/02/27 00:49:12 | 006,139,774 | ---- | C] () -- C:\WINDOWS\imagine digital freedom.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >
swiiper
Regular Member
 
Posts: 36
Joined: November 3rd, 2011, 12:44 pm

Re: recurring zbot,g virus again

Unread postby mambass » December 26th, 2011, 1:00 pm

Hi swiiper,

By default, the Extras.txt log is only generated the first time you run OTL. Step 2 within the instructions indicated that the Use Safelist option within the Extra Registry area should be selected. This option will result in the Extras.txt log being created. After OTL runs, the OTL.txt log is displayed and the Extras.txt log is opened but is minimized.

Please try running OTL again and make sure the Use Safelist option within the Extra Registry area is selected. You do not need to post the OTL.txt log from the new run but please do post the Extras.txt log.

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: recurring zbot,g virus again

Unread postby askey127 » December 29th, 2011, 5:48 pm

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware