Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I`m pretty sure I got a virus,spyware something.

Started by IdeIchigo , Jun 04 2011 08:18 PM

  • This topic is locked This topic is locked

#1
IdeIchigo
Posted 04 June 2011 - 08:18 PM

IdeIchigo

    New Member

  • Member
  • Pip
  • 8 posts
Hello, this virus thing just recently occurd after I lend my cousin my PC for an hour few days ago.
She used a USB device(micro SD inserted) and import/exported some files, musics and such.

And what happend is, suddenly my computer starts to send group messages to all my buddy`s in my friend list of my Yahoo Messenger.
I then turned my anti virus program`s shield on. And fully scanned my system. (I use aVast! Antivirus)
Which exposed 3 viruses, I deleted them.

And I ran my "CCleaner" PC cleaning program. And refreshed my PC or whatever the case it does to speed up or whatever.
And restarted my PC.

That simple task didn`t solve my problem.

This also wouldn`t allow me to let visit any antivirus, or even microsoft websites.
Not to mention It won`t even let me install MMORPG-online games. (When I run the installer no installer setup pops out, and does not show on my Task Manager`s "Applications" but shows on the "Processes" tab but with only a small memory usage size of below 100kb)

Before I ended up here in your forum, I by the way, System restored just around 4hours ago.
To May,26,2011 system checkpoint.

Thinking it might go back to "none infected".Though I was stupid, it also didn`t work out.
Oh! Also, hours ago my TaskManager went "taskmanager has been disabled by the administrator". And trying to edit my computer config were also disabled for some reason. "Start"->"Run" thingy.



So here I am, I appreciate it if ya`ll can help me with this :/

And here is my OTL.txt copy paste *bows* :



OTL logfile created on: 6/5/2011 9:28:00 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kevin\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.65% Memory free
3.85 Gb Paging File | 3.04 Gb Available in Paging File | 79.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 2.21 Gb Free Space | 5.93% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 09:11:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\My Documents\Downloads\Programs\OTL.exe
PRC - [2011/05/20 13:54:14 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/03/04 04:21:45 | 002,548,864 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe
PRC - [2011/03/03 18:39:06 | 003,278,232 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/02/17 21:45:02 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/01/01 04:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/01 04:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/11/14 00:46:38 | 000,107,008 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2010/11/09 23:09:08 | 006,174,008 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/05/25 23:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NlsSrv32.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/11/13 00:47:00 | 005,296,128 | ---- | M] () -- C:\Program Files\Audacity\audacity.exe
PRC - [2006/08/30 10:58:38 | 000,049,152 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\vmsnap3.exe
PRC - [2006/06/28 17:54:06 | 000,049,152 | ---- | M] (Vimicro) -- C:\WINDOWS\Domino.exe
PRC - [2004/08/04 06:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 09:11:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\My Documents\Downloads\Programs\OTL.exe
MOD - [2011/03/04 04:21:41 | 000,545,408 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlls.dll
MOD - [2011/02/17 21:45:17 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2011/02/11 22:11:36 | 000,034,208 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2011/01/01 04:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2004/08/04 06:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/01 04:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/04 08:10:00 | 003,539,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NlsSrv32.exe -- (nlsX86cc)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/19 08:37:16 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/01/25 18:40:06 | 000,097,112 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2011/01/01 04:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/01 03:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/01 03:59:11 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/01 03:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/01 03:56:29 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/01 03:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/17 19:00:30 | 001,399,680 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/01 11:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 11:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2006/12/01 14:23:58 | 000,392,122 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006/04/25 10:57:42 | 000,428,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303)
DRV - [2001/08/17 20:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)
DRV - [2001/08/17 13:58:12 | 000,022,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\umaxpcls.sys -- (UMAXPCLS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.facemoods.com/?a=ddr [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2737658
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Jookz"
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.order.1: "Jookz"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.jp/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {C8431CD2-C25A-45F3-BEA9-A9103C31409A}:1.0
FF - prefs.js..extensions.enabledItems: {d7521926-ede3-4a77-9073-e9374fc439a3}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.329.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4.0024
FF - prefs.js..extensions.enabledItems: {f999a48b-1950-4d81-9971-79018f807b4b}:2.7.2.0


FF - HKLM\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2011/06/05 07:52:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/17 21:45:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/26 11:34:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/06 19:23:53 | 000,000,000 | ---D | M]

[2010/06/13 00:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2011/05/20 07:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions
[2011/01/14 18:39:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/14 11:42:18 | 000,000,000 | ---D | M] (Avanquest EN Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\{d7521926-ede3-4a77-9073-e9374fc439a3}
[2011/04/20 15:18:31 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2011/03/10 18:54:32 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\[email protected]
[2011/03/09 05:07:40 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\[email protected]
[2011/03/10 18:54:27 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\searchplugins\daemon-search.xml
[2011/06/05 07:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 02:30:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/13 12:05:27 | 000,000,000 | ---D | M] (ResultUrl) -- C:\Program Files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}
[2010/06/13 01:16:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/17 21:45:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/03/07 21:02:32 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\IDM\IDMMZCC3
[2010/06/13 01:16:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/05 07:52:06 | 000,000,000 | ---D | M] (RelevantKnowledge) -- C:\PROGRAM FILES\RELEVANTKNOWLEDGE
[2010/06/13 01:16:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/09 05:08:13 | 000,002,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
[2010/09/02 16:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
[2011/01/21 17:11:52 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jookz.xml
[2011/01/21 17:11:52 | 000,002,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jookz.xml.bak

O1 HOSTS File: ([2011/06/03 22:29:46 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 68.71.46.227 rohan.xor-net.com
O1 - Hosts: 68.71.46.227 xor-net.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.exe (Vimicro)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\vmsnap3.exe (ZSMCSNAP)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.78.97.41 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - C:\Program Files\RelevantKnowledge\rlls.dll - C:\Program Files\RelevantKnowledge\rlls.dll (TMRG, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/12 15:59:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8f10dba2-4b05-11e0-8c8b-1078d284f316}\Shell - "" = AutoRun
O33 - MountPoints2\{8f10dba2-4b05-11e0-8c8b-1078d284f316}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f10dba2-4b05-11e0-8c8b-1078d284f316}\Shell\AutoRun\command - "" = E:\FSETUP3.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 07:50:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kevin\Recent
[2011/06/05 07:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge
[2011/06/05 07:23:11 | 000,000,000 | ---D | C] -- C:\Pcsx2
[2011/06/05 07:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\neoncube
[2011/06/05 07:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/05 02:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/06/03 23:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\RohanScreenShot
[2011/06/03 22:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\XorNetworks Rohan
[2011/05/29 18:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\New Folder
[2011/05/19 20:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Solveig Multimedia
[2011/05/19 20:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2011/05/19 20:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/05 08:52:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 07:32:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/05 07:28:33 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/05 07:28:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 07:28:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/05 03:52:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 02:08:31 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1284227242-725345543-1003.job
[2011/06/05 02:08:26 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1284227242-725345543-1003.job
[2011/06/05 02:07:32 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1284227242-725345543-1004.job
[2011/06/04 23:14:05 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1284227242-725345543-1004.job
[2011/06/04 20:04:11 | 000,238,358 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\47388_149839795034443_100000252699155_412300_2762573_n.jpg
[2011/06/03 23:49:04 | 000,071,736 | ---- | M] () -- C:\romini.dmp
[2011/06/03 09:04:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/03 08:12:49 | 000,243,959 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\47388_149839761701113_100000252699155_412291_6542489_n.jpg
[2011/06/03 05:37:15 | 000,122,295 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\208e55k.png
[2011/05/30 23:59:56 | 000,092,006 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\216296_1913498046737_1520514783_32034096_3002769_n.jpg
[2011/05/26 11:37:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/22 17:12:08 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/19 20:50:26 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\SolveigMM AVI Trimmer.lnk
[2011/05/19 05:23:51 | 002,641,317 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\DSC02956.JPG
[2011/05/16 19:31:20 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to nos32 - multiclient.exe.lnk
[2011/05/10 07:35:39 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\96acoo.lnk
[2011/05/10 07:33:11 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\69merch.lnk
[2011/05/09 08:34:07 | 000,866,901 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\asdf.mp3
[2011/05/09 04:35:02 | 004,414,806 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\asdf.wav
[2011/05/09 04:31:12 | 013,954,126 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\ppf.wav
[2011/05/06 15:38:39 | 002,902,362 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\aloneshaha.mp3
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/03 23:32:19 | 000,071,736 | ---- | C] () -- C:\romini.dmp
[2011/06/03 05:37:17 | 000,122,295 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\208e55k.png
[2011/06/01 23:19:16 | 000,238,358 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\47388_149839795034443_100000252699155_412300_2762573_n.jpg
[2011/06/01 23:18:27 | 000,243,959 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\47388_149839761701113_100000252699155_412291_6542489_n.jpg
[2011/05/31 00:00:01 | 000,092,006 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\216296_1913498046737_1520514783_32034096_3002769_n.jpg
[2011/05/19 20:50:26 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\SolveigMM AVI Trimmer.lnk
[2011/05/19 05:21:49 | 002,641,317 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\DSC02956.JPG
[2011/05/16 19:31:19 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to nos32 - multiclient.exe.lnk
[2011/05/10 07:35:39 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\96acoo.lnk
[2011/05/10 07:33:11 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\69merch.lnk
[2011/05/09 04:38:00 | 000,866,901 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\asdf.mp3
[2011/05/09 04:35:01 | 004,414,806 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\asdf.wav
[2011/05/09 04:31:11 | 013,954,126 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\ppf.wav
[2011/02/26 19:52:18 | 000,000,261 | ---- | C] () -- C:\WINDOWS\wpepro.INI
[2011/01/29 23:00:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\setupfilter.exe
[2011/01/16 05:16:07 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/14 13:54:13 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/14 13:54:09 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/14 13:54:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/14 13:24:39 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/01/14 11:30:00 | 000,002,462 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/01/13 14:17:53 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/13 03:15:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 00:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/12 23:38:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/12 23:36:20 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 16:53:13 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/12 16:50:04 | 000,006,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/06/12 16:02:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/12 15:55:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 07:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:56:44 | 000,162,793 | RHS- | C] () -- C:\WINDOWS\System32\ktumb.dll
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 17:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 20:00:00 | 000,314,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 20:00:00 | 000,040,836 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/01/21 10:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\035B
[2010/06/12 17:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/19 07:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/19 08:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/02/18 04:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GetRight
[2011/04/14 21:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HighAndes
[2011/03/10 19:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/01/27 17:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultUrl
[2011/04/27 01:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/16 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/14 21:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Blue Cat Audio
[2011/03/10 19:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Lite
[2011/03/19 08:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Pro
[2011/06/05 09:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DMCache
[2011/03/09 21:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\facemoods.com
[2011/04/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\FALCOM
[2011/04/25 13:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\FileZilla
[2011/04/21 05:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Free Audio Editor
[2011/05/03 04:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\FrostWire
[2011/02/18 04:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\GetRight
[2011/04/14 21:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\HighAndes
[2011/03/16 04:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IDM
[2011/01/23 13:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\imeshbandmltbpi
[2011/01/31 11:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Moyea
[2011/02/24 13:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\OpenCandy
[2011/02/24 08:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PriceGong
[2011/01/14 13:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SystemRequirementsLab
[2011/04/07 08:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TeamViewer

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
IdeIchigo
Posted 04 June 2011 - 08:20 PM

IdeIchigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I forgot to say, THANK YOU in advance. :)
  • 0

#3
Essexboy
Posted 08 June 2011 - 06:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2011/03/04 04:21:41 | 000,545,408 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlls.dll
    FF - prefs.js..browser.search.defaultengine: "Jookz"
    FF - prefs.js..browser.search.order.1: "Jookz"
    [2011/06/05 07:52:06 | 000,000,000 | ---D | M] (RelevantKnowledge) -- C:\PROGRAM FILES\RELEVANTKNOWLEDGE
    [2011/03/09 05:08:13 | 000,002,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
    [2011/01/21 17:11:52 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jookz.xml
    [2011/01/21 17:11:52 | 000,002,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jookz.xml.bak
    O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O20 - Winlogon\Notify\RelevantKnowledge: DllName - C:\Program Files\RelevantKnowledge\rlls.dll - C:\Program Files\RelevantKnowledge\rlls.dll (TMRG, Inc.)
    [2011/06/05 07:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge
    [2011/02/24 08:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PriceGong

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#4
IdeIchigo
Posted 08 June 2011 - 04:33 PM

IdeIchigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL Quick Scan result :

OTL logfile created on: 6/9/2011 6:26:51 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.09% Memory free
3.85 Gb Paging File | 3.53 Gb Available in Paging File | 91.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 4.52 Gb Free Space | 12.14% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 06:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
PRC - [2011/06/06 13:28:58 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/02/17 21:45:02 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/01/01 04:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/01 04:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/25 23:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NlsSrv32.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/08/30 10:58:38 | 000,049,152 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\vmsnap3.exe
PRC - [2006/06/28 17:54:06 | 000,049,152 | ---- | M] (Vimicro) -- C:\WINDOWS\Domino.exe
PRC - [2004/08/04 06:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/09 06:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
MOD - [2011/02/17 21:45:17 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2011/02/11 22:11:36 | 000,034,208 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2011/01/01 04:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2004/08/04 06:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/01 04:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/04 08:10:00 | 003,539,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NlsSrv32.exe -- (nlsX86cc)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/19 08:37:16 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/01/25 18:40:06 | 000,097,112 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2011/01/01 04:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/01 03:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/01 03:59:11 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/01 03:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/01 03:56:29 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/01 03:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/17 19:00:30 | 001,399,680 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/01 11:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 11:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2006/12/01 14:23:58 | 000,392,122 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006/04/25 10:57:42 | 000,428,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303)
DRV - [2001/08/17 20:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)
DRV - [2001/08/17 13:58:12 | 000,022,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\umaxpcls.sys -- (UMAXPCLS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.facemoods.com/?a=ddr [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2737658
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.jp/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {C8431CD2-C25A-45F3-BEA9-A9103C31409A}:1.0
FF - prefs.js..extensions.enabledItems: {d7521926-ede3-4a77-9073-e9374fc439a3}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.329.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4.0024
FF - prefs.js..extensions.enabledItems: {f999a48b-1950-4d81-9971-79018f807b4b}:2.7.2.0


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/17 21:45:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/26 11:34:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/06 19:23:53 | 000,000,000 | ---D | M]

[2010/06/13 00:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2011/05/20 07:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions
[2011/01/14 18:39:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/14 11:42:18 | 000,000,000 | ---D | M] (Avanquest EN Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\{d7521926-ede3-4a77-9073-e9374fc439a3}
[2011/04/20 15:18:31 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2011/03/10 18:54:32 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\[email protected]
[2011/03/09 05:07:40 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\[email protected]
[2011/03/10 18:54:27 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\searchplugins\daemon-search.xml
[2011/06/05 07:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 02:30:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/13 12:05:27 | 000,000,000 | ---D | M] (ResultUrl) -- C:\Program Files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}
[2010/06/13 01:16:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/17 21:45:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/03/07 21:02:32 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\IDM\IDMMZCC3
[2010/06/13 01:16:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\RELEVANTKNOWLEDGE
[2010/06/13 01:16:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/02 16:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml

O1 HOSTS File: ([2011/06/09 06:21:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.exe (Vimicro)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\vmsnap3.exe (ZSMCSNAP)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.78.97.41 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/12 15:59:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8f10dba2-4b05-11e0-8c8b-1078d284f316}\Shell - "" = AutoRun
O33 - MountPoints2\{8f10dba2-4b05-11e0-8c8b-1078d284f316}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f10dba2-4b05-11e0-8c8b-1078d284f316}\Shell\AutoRun\command - "" = E:\FSETUP3.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/09 06:19:44 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2011/06/09 06:17:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kevin\Recent
[2011/06/09 06:03:57 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kevin\Desktop\aswMBR.exe
[2011/06/09 05:36:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/05 07:23:11 | 000,000,000 | ---D | C] -- C:\Pcsx2
[2011/06/05 07:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\neoncube
[2011/06/05 07:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/05 02:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/06/03 23:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\RohanScreenShot
[2011/06/03 22:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\XorNetworks Rohan
[2011/05/29 18:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\New Folder
[2011/05/19 20:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Solveig Multimedia
[2011/05/19 20:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2011/05/19 20:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia

========== Files - Modified Within 30 Days ==========

[2011/06/09 06:23:50 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1284227242-725345543-1003.job
[2011/06/09 06:23:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1284227242-725345543-1003.job
[2011/06/09 06:23:44 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 06:23:43 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1284227242-725345543-1004.job
[2011/06/09 06:23:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/09 06:21:24 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/09 06:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2011/06/09 06:04:06 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kevin\Desktop\aswMBR.exe
[2011/06/09 04:57:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/08 23:40:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/06 02:20:22 | 000,067,194 | ---- | M] () -- C:\romini.dmp
[2011/06/05 21:37:03 | 002,027,574 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\hahaha.mp3
[2011/06/05 19:22:50 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to XorRohan.lnk
[2011/06/05 14:22:18 | 001,823,610 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Illbe.mp3
[2011/06/05 14:18:05 | 002,253,690 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\herwou.mp3
[2011/06/05 11:46:56 | 000,011,555 | RHS- | M] () -- C:\WINDOWS\System32\setting.ini
[2011/06/05 07:32:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/05 07:28:33 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 23:14:05 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1284227242-725345543-1004.job
[2011/06/03 09:04:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/26 11:37:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/22 17:12:08 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/19 05:23:51 | 002,641,317 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\DSC02956.JPG
[2011/05/16 19:31:20 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to nos32 - multiclient.exe.lnk
[2011/05/10 07:35:39 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\96acoo.lnk
[2011/05/10 07:33:11 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\69merch.lnk

========== Files Created - No Company Name ==========

[2011/06/05 19:22:50 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to XorRohan.lnk
[2011/06/05 14:18:05 | 001,823,610 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Illbe.mp3
[2011/06/05 14:18:04 | 002,253,690 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\herwou.mp3
[2011/06/05 11:46:51 | 000,011,555 | RHS- | C] () -- C:\WINDOWS\System32\setting.ini
[2011/06/03 23:32:19 | 000,067,194 | ---- | C] () -- C:\romini.dmp
[2011/05/19 05:21:49 | 002,641,317 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\DSC02956.JPG
[2011/05/16 19:31:19 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to nos32 - multiclient.exe.lnk
[2011/05/10 07:35:39 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\96acoo.lnk
[2011/05/10 07:33:11 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\69merch.lnk
[2011/02/26 19:52:18 | 000,000,261 | ---- | C] () -- C:\WINDOWS\wpepro.INI
[2011/01/29 23:00:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\setupfilter.exe
[2011/01/16 05:16:07 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/14 13:54:13 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/14 13:54:09 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/14 13:54:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/14 13:24:39 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/01/14 11:30:00 | 000,002,462 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/01/13 14:17:53 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/13 03:15:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 00:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/12 23:38:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/12 23:36:20 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 16:53:13 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/12 16:50:04 | 000,006,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/06/12 16:02:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/12 15:55:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 07:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 17:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 20:00:00 | 000,314,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 20:00:00 | 000,040,836 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/01/21 10:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\035B
[2010/06/12 17:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/19 07:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/19 08:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/02/18 04:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GetRight
[2011/04/14 21:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HighAndes
[2011/03/10 19:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/01/27 17:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultUrl
[2011/04/27 01:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/16 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/14 21:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Blue Cat Audio
[2011/03/10 19:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Lite
[2011/03/19 08:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Pro
[2011/06/09 06:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DMCache
[2011/03/09 21:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\facemoods.com
[2011/04/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\FALCOM
[2011/04/25 13:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\FileZilla
[2011/04/21 05:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Free Audio Editor
[2011/05/03 04:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\FrostWire
[2011/02/18 04:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\GetRight
[2011/04/14 21:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\HighAndes
[2011/03/16 04:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IDM
[2011/01/23 13:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\imeshbandmltbpi
[2011/01/31 11:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Moyea
[2011/02/24 13:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\OpenCandy
[2011/01/14 13:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SystemRequirementsLab
[2011/04/07 08:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TeamViewer

========== Purity Check ==========



< End of report >


And here is the result from aswMBR :

Attached File  aswMBRlog.txt   1.53KB   161 downloads

Thank you!
  • 0

#5
Essexboy
Posted 09 June 2011 - 04:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK phase two as the taskmanager has beeen disabled again

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#6
IdeIchigo
Posted 09 June 2011 - 04:55 AM

IdeIchigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Attached File  ComboFix.txt   15.12KB   142 downloads

Thanks, here you go.

ComboFix 11-06-06.02 - Kevin 06/09/2011 18:36:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1381 [GMT 8:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\All Users\Application Data\ResultUrl
c:\documents and settings\Ide Ichvonn\Application Data\facemoods.com
c:\documents and settings\Kevin\Application Data\facemoods.com
c:\windows\system32\kernel1.exe
c:\windows\system32\setting.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RESULTURL_SERVICE
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-09 09:45 . 2011-06-09 09:45 -------- d-----w- c:\program files\Evolution Games
2011-06-09 04:05 . 2011-06-09 04:05 -------- d-----w- c:\program files\Microsoft.NET
2011-06-09 00:19 . 2011-06-09 00:19 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-09 00:19 . 2011-06-09 00:19 -------- d-----w- c:\program files\Reference Assemblies
2011-06-09 00:11 . 2007-03-22 12:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-09 00:11 . 2006-06-29 05:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-06-09 00:08 . 2011-06-09 00:08 -------- d-----w- c:\program files\MSXML 6.0
2011-06-08 23:30 . 2011-06-08 23:33 -------- d-----w- C:\Warcraft III
2011-06-08 21:36 . 2011-06-08 21:36 -------- d-----w- C:\_OTL
2011-06-04 23:26 . 2011-06-04 23:26 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-04 23:22 . 2011-06-04 23:22 -------- d-----w- c:\documents and settings\Kevin\neoncube
2011-06-04 18:00 . 2011-06-04 23:22 -------- d-----w- c:\windows\system32\GroupPolicy
2011-05-19 12:50 . 2011-05-19 12:50 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2011-05-19 12:50 . 2011-05-19 12:50 -------- d-----w- c:\program files\Solveig Multimedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-28 02:49 . 2011-04-25 18:11 172032 ----a-w- c:\windows\system32\dzip32.dll
2011-03-28 02:49 . 2011-04-25 18:11 139264 ----a-w- c:\windows\system32\dunzip32.dll
2011-03-19 00:37 . 2011-03-19 00:37 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-09 6174008]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-03-03 3278232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-09-21 33673216]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-17 273544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1881:TCP"= 1881:TCP:iyogvcot
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/12/2010 5:00 PM 293968]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2/12/2011 6:10 AM 97112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/12/2010 5:00 PM 17744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [4/14/2011 9:20 PM 61440]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6/12/2010 4:55 PM 1399680]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2010 2:32 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2010 2:32 AM 136176]
S3 MemAccDrv32;MemAccDrv32;\??\e:\drivers\Install\Drivers\MemAccDrv32.sys --> e:\drivers\Install\Drivers\MemAccDrv32.sys [?]
S3 NPFW;NPFW;\??\c:\windows\system32\NPFW.SYS --> c:\windows\system32\NPFW.SYS [?]
S3 NPFWFLT;NPFWFLT;\??\c:\windows\system32\NPFWFLT.SYS --> c:\windows\system32\NPFWFLT.SYS [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NPIDS;NPIDS;\??\c:\windows\system32\NPIDS.SYS --> c:\windows\system32\NPIDS.SYS [?]
S3 TKFsAvM;TKFsAvM;\??\c:\windows\system32\TKFsAv.sys --> c:\windows\system32\TKFsAv.sys [?]
S3 TkFsFtM;MiniFilter Driver;c:\windows\system32\TKFsFt.sys --> c:\windows\system32\TKFsFt.sys [?]
S3 TKPcFt;TKPcFt;\??\c:\windows\system32\TKPcFtHk.sys --> c:\windows\system32\TKPcFtHk.sys [?]
S3 TKRgAc;TKRgAc;\??\c:\windows\system32\TKRgAc2k.sys --> c:\windows\system32\TKRgAc2k.sys [?]
S3 TKRgFt;TKRgFt;\??\c:\windows\system32\TKRgFtXp.sys --> c:\windows\system32\TKRgFtXp.sys [?]
S3 TKTool;TKTool;\??\c:\windows\system32\TKTool2k.sys --> c:\windows\system32\TKTool2k.sys [?]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [1/29/2011 11:00 PM 428160]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
alkvnt
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 18:31]
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 18:31]
.
2011-06-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1284227242-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 06:25]
.
2011-06-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1284227242-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 06:25]
.
2011-06-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1284227242-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 06:25]
.
2011-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1284227242-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 06:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 202.78.97.41 192.168.0.1
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ResultUrl: {C8431CD2-C25A-45F3-BEA9-A9103C31409A} - c:\program files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Avanquest EN Toolbar: {d7521926-ede3-4a77-9073-e9374fc439a3} - %profile%\extensions\{d7521926-ede3-4a77-9073-e9374fc439a3}
FF - Ext: DAEMON Tools Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: IDM CC: [email protected] - c:\documents and settings\Kevin\Application Data\IDM\idmmzcc3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Dekaron Evolution - c:\program files\Evolution Games\Dekaron Evolution\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-09 18:45
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{32105292-3c6f-4b45-a060-68a41c4228af}]
@Denied: (Full) (Everyone)
"Model"=dword:00000028
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,7c,a3,58,23,ec,af,2d,15,15,ef,a1,46,54,19,6c,0d,35,95,e0,f3,7c,6d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):79,4d,f7,f4,4f,52,cf,86,d6,14,67,ec,fd,16,86,8a,2a,d2,0c,e9,9f,
62,35,ab,88,b2,fc,9f,f9,6e,26,d4,ff,de,c6,28,92,32,00,3b,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):72,f8,2f,45,5d,9c,ab,11,aa,cd,ce,61,bd,5f,b8,a2,5a,75,19,65,d9,
25,69,bd,77,e9,a1,40,d2,14,71,5d,df,9a,da,de,76,68,82,51,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{aa8b1c84-319c-4453-880a-349415736842}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006f
"Therad"=dword:00000009
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2011-06-09 18:51:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-09 10:50
.
Pre-Run: 6,202,048,512 bytes free
Post-Run: 6,588,379,136 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FB39BE15CBB5F7CA3864C73F197482CA
  • 0

#7
Essexboy
Posted 09 June 2011 - 05:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks better - what are your current problems ?

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1881:TCP"=-


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

#8
IdeIchigo
Posted 09 June 2011 - 06:15 AM

IdeIchigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix.txt :
Attached File  ComboFix.txt   13.32KB   217 downloads

OTL.txt :
Attached File  OTL.Txt   61.84KB   139 downloads

Annnnd we`re done?! I can open AntiVirus websites and also Microsoft websites, not to mention my spyware or whatever it was does not send random IM`s to my friends any longer! Thank you so much for your help.

I did not reboot because it did not tell me to.
But I will do now, it seems I still have one problem left.(Maybe restarting might fix it? Or not) :

weird.JPG

So I try to run my online game installer(setup) program. Double click, enter, run as administrator.
But results are the same. Nothing appears in my screen, or a presence of it starting up.

I run it again, and my PC freezes (But my NumLock key still works, green light turns ON and OFF)
So I restart my PC every time it happends and try a different method)

Now I figured out, running it once was enough. Because it actually runs, but not fully or whatever.
In the screenshot. The TaskManager shows that my installer(set up) is running, but with a very low memory usage.

Though I set the priority to "High". It didn`t help.
So I "End Process" and run the program installer/set up again, and loop loop. Untill I left it once without "End Process"-ing it.
The set up appears, and so I continue, but the install freezes on the first few seconds/percent(%).

I have tried running my old previous game installer/set ups. But it results the same. It does not boot properly.
(This happend about the same time I got the virus/malware/spyware, I could properly, neatly run any kind of set ups just few weeks ago)
Sorry for the long story-like. Kinda hard to eplain ;x

Once again Thank you so much!

OTL logfile created on: 6/9/2011 7:51:04 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.10% Memory free
3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 5.69 Gb Free Space | 15.28% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 06:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
PRC - [2011/02/17 21:45:02 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/01/01 04:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/01 04:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NlsSrv32.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/08/30 10:58:38 | 000,049,152 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\vmsnap3.exe
PRC - [2006/06/28 17:54:06 | 000,049,152 | ---- | M] (Vimicro) -- C:\WINDOWS\Domino.exe
PRC - [2004/08/04 06:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/09 06:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
MOD - [2011/02/17 21:45:17 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2011/01/01 04:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2004/08/04 06:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/01 04:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/04 08:10:00 | 003,539,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NlsSrv32.exe -- (nlsX86cc)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/09 15:38:27 | 000,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/03/19 08:37:16 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/01/25 18:40:06 | 000,097,112 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2011/01/01 04:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/01 03:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/01 03:59:11 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/01 03:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/01 03:56:29 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/01 03:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/17 19:00:30 | 001,399,680 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/01 11:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 11:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2006/12/01 14:23:58 | 000,392,122 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006/04/25 10:57:42 | 000,428,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303)
DRV - [2001/08/17 20:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)
DRV - [2001/08/17 13:58:12 | 000,022,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\umaxpcls.sys -- (UMAXPCLS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2737658
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.jp/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {C8431CD2-C25A-45F3-BEA9-A9103C31409A}:1.0
FF - prefs.js..extensions.enabledItems: {d7521926-ede3-4a77-9073-e9374fc439a3}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4.0024
FF - prefs.js..extensions.enabledItems: {f999a48b-1950-4d81-9971-79018f807b4b}:2.7.2.0


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/17 21:45:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/26 11:34:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/06 19:23:53 | 000,000,000 | ---D | M]

[2010/06/13 00:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2011/06/09 16:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions
[2011/01/14 18:39:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/14 11:42:18 | 000,000,000 | ---D | M] (Avanquest EN Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\{d7521926-ede3-4a77-9073-e9374fc439a3}
[2011/04/20 15:18:31 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Toolbar) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2011/03/10 18:54:32 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\extensions\[email protected]
[2011/03/10 18:54:27 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\sktc4vuw.default\searchplugins\daemon-search.xml
[2011/06/05 07:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 02:30:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/13 12:05:27 | 000,000,000 | ---D | M] (ResultUrl) -- C:\Program Files\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}
[2010/06/13 01:16:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/17 21:45:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/03/07 21:02:32 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\IDM\IDMMZCC3
[2010/06/13 01:16:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/06/13 01:16:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/02 16:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml

O1 HOSTS File: ([2011/06/09 18:44:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.exe (Vimicro)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\vmsnap3.exe (ZSMCSNAP)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.78.97.41 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/12 15:59:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/09 19:37:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/09 19:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/09 18:48:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/09 18:44:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kevin\Recent
[2011/06/09 18:31:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/09 18:26:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/09 18:26:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/09 18:26:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/09 18:26:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/09 18:25:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/09 18:25:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/09 18:24:11 | 004,113,977 | R--- | C] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
[2011/06/09 17:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Evolution Games
[2011/06/09 16:51:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kevin\Start Menu\Programs\Administrative Tools
[2011/06/09 12:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/06/09 08:19:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/06/09 08:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/06/09 08:10:10 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/06/09 08:09:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/06/09 08:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/06/09 07:30:27 | 000,000,000 | ---D | C] -- C:\Warcraft III
[2011/06/09 06:19:44 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2011/06/09 06:03:57 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kevin\Desktop\aswMBR.exe
[2011/06/09 05:36:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/05 07:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\neoncube
[2011/06/05 07:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/05 02:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/06/03 23:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\RohanScreenShot
[2011/06/03 22:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\XorNetworks Rohan
[2011/05/29 18:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\New Folder
[2011/05/19 20:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Solveig Multimedia
[2011/05/19 20:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2011/05/19 20:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia

========== Files - Modified Within 30 Days ==========

[2011/06/09 19:52:32 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 19:39:27 | 000,220,532 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\weird.JPG
[2011/06/09 19:17:16 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/09 19:13:02 | 000,531,408 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/09 19:13:01 | 000,091,704 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/09 18:57:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 18:45:49 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1284227242-725345543-1003.job
[2011/06/09 18:45:43 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1284227242-725345543-1003.job
[2011/06/09 18:44:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/09 18:43:42 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 18:43:41 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1284227242-725345543-1004.job
[2011/06/09 18:43:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/09 18:32:01 | 000,000,470 | RHS- | M] () -- C:\boot.ini
[2011/06/09 18:24:57 | 004,113,977 | R--- | M] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
[2011/06/09 13:19:31 | 000,041,922 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\34hgjkh.jpg
[2011/06/09 10:47:23 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/09 09:03:41 | 005,187,224 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\tamscritownage.gif
[2011/06/09 06:19:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2011/06/09 06:04:06 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kevin\Desktop\aswMBR.exe
[2011/06/08 23:40:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/06 02:20:22 | 000,067,194 | ---- | M] () -- C:\romini.dmp
[2011/06/05 21:37:03 | 002,027,574 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\hahaha.mp3
[2011/06/05 19:22:50 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to XorRohan.lnk
[2011/06/05 14:22:18 | 001,823,610 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Illbe.mp3
[2011/06/05 14:18:05 | 002,253,690 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\herwou.mp3
[2011/06/05 07:32:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/05 07:28:33 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 23:14:05 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1284227242-725345543-1004.job
[2011/06/04 19:45:50 | 1678,075,817 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Dekaron-Evolution-SetupV7R2.exe
[2011/06/03 09:04:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/26 11:37:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/16 19:31:20 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to nos32 - multiclient.exe.lnk

========== Files Created - No Company Name ==========

[2011/06/09 19:34:07 | 000,220,532 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\weird.JPG
[2011/06/09 19:05:12 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/09 18:32:01 | 000,000,354 | ---- | C] () -- C:\Boot.bak
[2011/06/09 18:31:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/09 18:26:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/09 18:26:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/09 18:26:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/09 18:26:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/09 18:26:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/09 17:52:03 | 1678,075,817 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Dekaron-Evolution-SetupV7R2.exe
[2011/06/09 13:19:30 | 000,041,922 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\34hgjkh.jpg
[2011/06/09 09:03:48 | 005,187,224 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\tamscritownage.gif
[2011/06/09 08:20:57 | 000,161,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/05 19:22:50 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to XorRohan.lnk
[2011/06/05 14:18:05 | 001,823,610 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Illbe.mp3
[2011/06/05 14:18:04 | 002,253,690 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\herwou.mp3
[2011/06/03 23:32:19 | 000,067,194 | ---- | C] () -- C:\romini.dmp
[2011/05/16 19:31:19 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to nos32 - multiclient.exe.lnk
[2011/02/26 19:52:18 | 000,000,261 | ---- | C] () -- C:\WINDOWS\wpepro.INI
[2011/01/29 23:00:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\setupfilter.exe
[2011/01/16 05:16:07 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/14 13:54:13 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/14 13:54:09 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/14 13:54:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/14 13:24:39 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/01/14 11:30:00 | 000,002,462 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/01/13 14:17:53 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/13 03:15:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 00:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/12 23:38:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/12 23:36:20 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 16:53:13 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/12 16:50:04 | 000,006,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/06/12 16:02:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/12 15:55:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 07:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 17:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 20:00:00 | 000,531,408 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 20:00:00 | 000,091,704 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/01/21 10:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\035B
[2010/06/12 17:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/19 07:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/19 08:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/02/18 04:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GetRight
[2011/04/14 21:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HighAndes
[2011/03/10 19:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/27 01:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/16 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/14 21:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Blue Cat Audio
[2011/03/10 19:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Lite
[2011/03/19 08:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Pro
[2011/06/09 19:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DMCache
[2011/04/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\FALCOM
[2011/04/25 13:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\FileZilla
[2011/04/21 05:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Free Audio Editor
[2011/05/03 04:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\FrostWire
[2011/02/18 04:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\GetRight
[2011/04/14 21:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\HighAndes
[2011/03/16 04:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IDM
[2011/01/23 13:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\imeshbandmltbpi
[2011/01/31 11:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Moyea
[2011/02/24 13:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\OpenCandy
[2011/01/14 13:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SystemRequirementsLab
[2011/04/07 08:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TeamViewer

========== Purity Check ==========



< End of report >
  • 0

#9
Essexboy
Posted 09 June 2011 - 06:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have you tried a full uninstall and reinstall of the programme ?

Looks like the last one now

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

NetSvc::
alkvnt

Driver::
alkvnt


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt .

  • 0

#10
IdeIchigo
Posted 09 June 2011 - 07:20 AM

IdeIchigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Attached File  ComboFix.txt   314.62KB   123 downloads

Here we go :)


Actually, I haven`t even installed the game yet. So there isn`t anything I can uninstall about it.
The program I`m running is a installer.

So yeah ;/ Weird.
  • 0

#11
Essexboy
Posted 09 June 2011 - 07:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have you tried to download a fresh copy of the installer ? I would recommend updating to SP3 as well :yes:


Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#12
IdeIchigo
Posted 09 June 2011 - 08:40 AM

IdeIchigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you, thank you sooo much! Man, I`m amazed how easy to follow those guides you`ve gave me.
I can`t thank you enough!

About the game, I`ll just find a different download mirror. Whatever, I can handle it :unsure:

Once again thank you! Great site, awesome community. Great job! And good work me that I ended up here Lol.
Anyway yes, I will come back. When I get a similar problem. Hopefully I don`t, I won`t probably.

With all this awesome stuffs.
God bless ya`ll and take care!

Ciao! *bows* :)
  • 0

#13
Essexboy
Posted 09 June 2011 - 09:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you for the kind words :) ... SP3 may assist in the installation of the programme as SP2 is very old now and not quite current
  • 0

#14
Essexboy
Posted 11 June 2011 - 09:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP