Jump to content

Dtown

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Dtown
    One last thing. Can you suggest a good anti virus program? I'd like to minimize the chances of this happening again.
  2. Dtown

    Thanks for the help man. BIG HELP. Cute dogs btw!!!

  3. Dtown
    Thanks man. You were a big help. This is one of the worst viruses i've ever seen and i've been using computers my whole life.
  4. Dtown
    Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java 6 Update 33 Java 7 Update 9 Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (18.0) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` results of security check
  5. Dtown
    # AdwCleaner v2.105 - Logfile created 01/13/2013 at 16:20:07 # Updated 08/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Derek - DTOWN-0B10F865B # Boot Mode : Normal # Running from : C:\Documents and Settings\Derek\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\cnovkmrq.default\extensions\crossriderapp2258@crossrider.com Folder Deleted : C:\Documents and Settings\Derek\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0 ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\cnovkmrq.default\prefs.js Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search"); ************************* AdwCleaner[R1].txt - [2067 octets] - [13/01/2013 16:17:24] AdwCleaner[R2].txt - [2127 octets] - [13/01/2013 16:19:30] AdwCleaner[s1].txt - [2084 octets] - [13/01/2013 16:20:07] ########## EOF - C:\AdwCleaner[s1].txt - [2144 octets] ########## results after deletion and reboot
  6. Dtown
    # AdwCleaner v2.105 - Logfile created 01/13/2013 at 16:17:24 # Updated 08/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Derek - DTOWN-0B10F865B # Boot Mode : Normal # Running from : C:\Documents and Settings\Derek\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\cnovkmrq.default\extensions\crossriderapp2258@crossrider.com Folder Found : C:\Documents and Settings\Derek\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0 ***** [Registry] ***** Key Found : HKCU\Software\1ClickDownload Key Found : HKCU\Software\IGearSettings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\cnovkmrq.default\prefs.js Found : user_pref("browser.search.selectedEngine", "AVG Secure Search"); ************************* AdwCleaner[R1].txt - [1938 octets] - [13/01/2013 16:17:24] ########## EOF - C:\AdwCleaner[R1].txt - [1998 octets] ########## adwcleaner results
  7. Dtown
    ComboFix 13-01-13.01 - Derek 01/13/2013 15:47:26.1.2 - x86 Running from: c:\documents and settings\Derek\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\24ff93ad.dat c:\windows\system32\SET1A3.tmp . . ((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 ))))))))))))))))))))))))))))))) . . 2013-01-13 19:51 . 2013-01-13 19:51 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-01-13 18:55 . 2013-01-13 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-01-13 07:56 . 2013-01-13 07:56 -------- d-----w- C:\_OTL 2013-01-12 03:51 . 2013-01-12 03:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2013-01-10 18:28 . 2013-01-10 18:28 -------- d-----w- c:\program files\The Walking Dead 2013-01-10 18:28 . 2012-08-30 22:57 81 ----a-w- c:\program files\update-walking-dead.bat 2013-01-02 08:38 . 2013-01-09 03:37 -------- d-----w- c:\program files\Common Files\BioWare 2013-01-02 08:38 . 2013-01-02 08:38 -------- d-----w- c:\program files\Electronic Arts 2013-01-02 08:38 . 2013-01-02 08:38 -------- d-----w- C:\Users 2012-12-26 18:57 . 2004-10-22 07:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2012-12-26 18:57 . 2004-10-22 07:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2012-12-26 18:57 . 2004-10-22 07:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2012-12-26 18:57 . 2004-10-22 07:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2012-12-26 18:57 . 2004-10-22 07:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2012-12-26 18:57 . 2012-12-26 18:57 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2012-12-26 18:57 . 2012-12-26 18:57 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2012-12-26 18:44 . 2012-12-26 18:44 -------- d-----w- c:\program files\EA Games 2012-12-26 18:44 . 2012-12-26 18:44 -------- d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP 2012-12-26 18:25 . 2012-12-26 18:25 -------- d-----w- c:\documents and settings\Derek\Application Data\RealNetworks 2012-12-26 18:21 . 2012-12-26 18:21 -------- d-----w- c:\program files\RealNetworks 2012-12-26 18:21 . 2012-12-26 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RealNetworks 2012-12-26 18:21 . 2012-12-26 18:21 -------- d-----w- c:\program files\Common Files\xing shared 2012-12-26 18:20 . 2012-12-26 18:20 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-12-26 18:20 . 2012-12-26 18:20 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-12-22 22:06 . 2012-12-22 22:06 -------- d-sh--w- c:\documents and settings\Derek\wc 2012-12-22 22:06 . 2012-12-22 22:06 -------- d-----w- c:\documents and settings\Derek\Local Settings\Application Data\Universe Sandbox 2012-12-22 22:06 . 2012-12-22 22:06 -------- d-sh--w- c:\documents and settings\Derek\Application Data\wyUpdate AU 2012-12-21 19:05 . 2010-10-01 01:15 1759584 ----a-w- c:\windows\system32\drivers\athuw.sys 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2012-12-17 18:11 . 2012-12-17 18:11 -------- d-----w- c:\program files\MegaDev 2012-12-16 20:01 . 2012-12-16 20:01 -------- d-----w- c:\documents and settings\Derek\Local Settings\Application Data\My Games 2012-12-16 17:57 . 2012-12-16 17:57 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-12-16 17:57 . 2012-12-16 17:57 -------- d-----w- c:\program files\DAEMON Tools Lite . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 01:07 . 2012-04-04 15:56 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-10 01:07 . 2012-03-13 11:43 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-11 07:17 . 2013-01-11 07:17 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-03-21 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2012-03-21 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\tcpip.sys [7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-26 295072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\documents and settings\Derek\Desktop\mbar\mbar.exe" [2013-01-09 1356360] . c:\documents and settings\Derek\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2012-7-13 256000] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Nexon\\DFO\\DFO.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Diablo III\\Diablo III.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1267\\Agent.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1363\\Agent.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\chivalrymedievalwarfare\\Binaries\\Win32\\UDK.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20015:TCP"= 20015:TCP:BitComet 20015 TCP "20015:UDP"= 20015:UDP:BitComet 20015 UDP "56145:TCP"= 56145:TCP:Pando Media Booster "56145:UDP"= 56145:UDP:Pando Media Booster . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x] R3 vtany;vtany;c:\windows\vtany.sys [x] R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x] R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuw.sys [x] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMCHAMELEON . Contents of the 'Scheduled Tasks' folder . 2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:07] . 2013-01-13 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-839522115-287218729-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30] . 2013-01-13 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-839522115-287218729-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30] . 2013-01-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-287218729-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30] . 2012-12-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-287218729-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Derek\Application Data\Mozilla\Firefox\Profiles\cnovkmrq.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - ExtSQL: 2012-12-26 13:21; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext . - - - - ORPHANS REMOVED - - - - . SafeBoot-Wdf01000.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-13 15:54 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-01-13 15:55:31 ComboFix-quarantined-files.txt 2013-01-13 20:55 . Pre-Run: 107,945,623,552 bytes free Post-Run: 109,452,804,096 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 98664E0475E7DB1BEB1629C9EE7A31EF these are the results of the combofix scan
  8. Dtown
    In that case i ran the scan 3 times now and have found no other malware after the initial scan. Is there something else i should do?
  9. Dtown
    through this horrible virus. expert advice sir. sorry for dbl post my laptop derped.
  10. Dtown
    I see. Well if there's no other steps after that I'd like to thank you for helping throu
  11. Dtown
    Yes, I am able to get to the desktop without the virus locking me out. I assume that now i need to dl malwarebytes and run the scan to ensure removal of the virus?
  12. Dtown
    ========== OTL ========== Service\Driver key winmgmt not found. File C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 not found. winmgmt removed from NetSvcs value successfully! File C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe not found. File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad not found. File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js not found. File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk not found. File C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk not found. File C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe not found. File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk not found. File C:\Documents and Settings\All Users\Application Data\netdislw.pad not found. File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js not found. File C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk not found. File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad not found. File C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe not found. File C:\Documents and Settings\All Users\Application Data\netdislw.pad not found. OTLPE by OldTimer - Version 3.1.48.0 log created on 01132013_121104 sorry i messed up. somehow i lost/deleted the results of the first fix i ran. these are the results of the second fix. hopefully this is still useful to you.
  13. Dtown
    Error: Unable to interpret <SRV - [2013/01/11 22:43:11 | 000,252,416 | ---- | M] () [Auto] -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe -- (winmgmt)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_ssl_v12] File not found> in the current context! Error: Unable to interpret <NetSvcs: winmgmt - C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe ()> in the current context! Error: Unable to interpret <[2013/01/12 11:17:51 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad> in the current context! Error: Unable to interpret <[2013/01/11 22:50:50 | 000,002,959 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js> in the current context! Error: Unable to interpret <[2013/01/11 22:50:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk> in the current context! Error: Unable to interpret <[2013/01/11 22:43:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk> in the current context! Error: Unable to interpret <[2013/01/11 22:43:11 | 000,252,416 | ---- | M] () -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe> in the current context! Error: Unable to interpret <[2013/01/11 22:50:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk> in the current context! Error: Unable to interpret <[2013/01/11 22:43:22 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\netdislw.pad> in the current context! Error: Unable to interpret <[2013/01/11 22:43:20 | 000,002,959 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js> in the current context! Error: Unable to interpret <[2013/01/11 22:43:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk> in the current context! Error: Unable to interpret <[2013/01/11 22:43:18 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad> in the current context! Error: Unable to interpret <[2013/01/11 22:43:11 | 000,252,416 | ---- | C] () -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe> in the current context! Error: Unable to interpret <[2013/01/11 22:44:40 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\netdislw.pad> in the current context! OTLPE by OldTimer - Version 3.1.48.0 log created on 01132013_025625 these are the 2nd scan results. it seems like there was an error.
  14. Dtown
    OTL logfile created on: 1/12/2013 11:29:37 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 100.33 Gb Free Space | 43.08% Space Free | Partition Type: NTFS Drive D: | 7.46 Gb Total Space | 7.19 Gb Free Space | 96.38% Space Free | Partition Type: FAT32 Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2013/01/11 22:43:11 | 000,252,416 | ---- | M] () [Auto] -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe -- (winmgmt) SRV - [2013/01/11 02:17:12 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/09 20:07:30 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/10/31 17:56:35 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/04/30 23:38:49 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand] -- C:\WINDOWS\system32\xsherlock.xem -- (xsherlock) SRV - [2011/09/15 11:06:04 | 000,088,576 | ---- | M] () [Auto] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011/06/29 13:26:06 | 000,520,216 | ---- | M] (Ant.com) [Auto] -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (xhunter1) DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (vtany) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI) DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2012/12/16 12:57:49 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012/09/06 13:33:27 | 000,099,400 | ---- | M] (MotioninJoy) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2012/03/15 12:26:56 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/09/30 20:15:00 | 001,759,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271) DRV - [2010/06/22 17:01:52 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2009/06/10 14:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2008/03/26 05:37:26 | 004,713,472 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/11/17 02:43:56 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007/11/17 02:43:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007/10/12 02:53:10 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007/05/14 22:03:24 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 CD 21 20 7A F0 CD 01 [binary data] IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Derek_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\Derek_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/26 13:21:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/11 02:17:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/11 02:17:04 | 000,000,000 | ---D | M] [2013/01/11 02:17:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/01/11 02:17:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/01/11 02:17:13 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/03 01:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012/12/26 13:20:51 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012/08/29 18:03:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/13 10:02:07 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com) O3 - HKU\Derek_ON_C\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [ROC_roc_ssl_v12] File not found O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\Derek_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Derek\Start Menu\Programs\Startup\PowerReg Scheduler.exe () O4 - Startup: C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Derek_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/03/12 22:49:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: winmgmt - C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe () Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm () Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () ========== Files/Folders - Created Within 30 Days ========== [2013/01/11 23:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2013/01/11 23:04:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2013/01/11 22:51:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2013/01/11 02:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/01/10 13:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\Telltale Games [2013/01/10 13:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\The Walking Dead [2013/01/09 02:46:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/01/02 07:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\HeroBlade Logs [2013/01/02 03:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2013/01/02 03:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare [2013/01/02 03:38:18 | 000,000,000 | ---D | C] -- C:\Users [2012/12/26 13:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2012/12/26 13:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\RealNetworks [2012/12/26 13:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks [2012/12/26 13:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks [2012/12/26 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2012/12/26 13:20:55 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2012/12/26 13:20:48 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2012/12/26 13:20:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2012/12/26 13:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks [2012/12/22 17:06:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Derek\wc [2012/12/22 17:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\Universe Sandbox [2012/12/22 17:06:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Derek\Application Data\wyUpdate AU [2012/12/21 14:05:45 | 001,759,584 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athuw.sys [2012/12/17 13:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MegaDev [2012/12/17 13:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\MegaDev [2012/12/16 15:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\My Games [2012/12/16 12:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite [2012/12/16 12:57:49 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2012/12/16 12:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/12 11:17:51 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad [2013/01/12 11:17:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-287218729-682003330-1003.job [2013/01/12 11:17:21 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-839522115-287218729-682003330-1003.job [2013/01/12 11:17:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/01/12 01:41:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-839522115-287218729-682003330-1003.job [2013/01/11 22:50:50 | 000,002,959 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js [2013/01/11 22:50:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk [2013/01/11 22:45:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/01/11 22:44:40 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\netdislw.pad [2013/01/11 22:43:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk [2013/01/11 22:43:11 | 000,252,416 | ---- | M] () -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe [2013/01/11 22:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/11 19:24:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2013/01/10 13:31:13 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Play The Walking Dead nosTEAM.lnk [2013/01/09 20:07:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/01/09 20:07:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/01/09 18:21:08 | 000,493,384 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/01/09 18:21:08 | 000,083,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/01/09 02:47:14 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk [2013/01/07 15:52:35 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013/01/07 15:52:35 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2013/01/05 03:54:04 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/12/29 14:53:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-287218729-682003330-1003.job [2012/12/27 12:32:39 | 000,000,122 | -HS- | M] () -- C:\WINDOWS\System32\Userdata.ini [2012/12/26 13:21:31 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2012/12/26 13:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks [2012/12/26 13:20:55 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2012/12/26 13:20:48 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2012/12/26 13:20:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2012/12/26 13:20:47 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2012/12/19 14:52:42 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/17 13:11:39 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\MegaTrainer eXperience.lnk [2012/12/17 13:11:39 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\MT-X - Guide.lnk [2012/12/17 13:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\MegaDev [2012/12/16 12:58:06 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk [2012/12/16 12:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite [2012/12/16 12:57:49 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2012/12/13 20:02:45 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2012/12/13 20:02:45 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/11 22:50:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk [2013/01/11 22:43:22 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\netdislw.pad [2013/01/11 22:43:20 | 000,002,959 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js [2013/01/11 22:43:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk [2013/01/11 22:43:18 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad [2013/01/11 22:43:11 | 000,252,416 | ---- | C] () -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe [2013/01/10 13:31:12 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Play The Walking Dead nosTEAM.lnk [2013/01/10 13:28:00 | 000,003,153 | ---- | C] () -- C:\Program Files\visit-nosteam.ro.html [2013/01/10 13:28:00 | 000,000,081 | ---- | C] () -- C:\Program Files\update-walking-dead.bat [2012/12/26 13:25:52 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-839522115-287218729-682003330-1003.job [2012/12/26 13:25:51 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-839522115-287218729-682003330-1003.job [2012/12/26 13:21:31 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2012/12/17 13:11:39 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\MegaTrainer eXperience.lnk [2012/12/17 13:11:39 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\MT-X - Guide.lnk [2012/12/16 12:58:06 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk [2012/11/17 10:27:51 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\24ff93ad.dat [2012/10/25 22:10:51 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2012/07/13 07:05:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2012/04/30 18:59:46 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/04/30 18:59:46 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/04/30 18:59:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/04/30 18:59:25 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/04/23 00:08:02 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012/04/23 00:08:02 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012/04/12 04:45:27 | 000,000,122 | -HS- | C] () -- C:\WINDOWS\System32\Userdata.ini [2012/03/22 13:22:31 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/14 16:04:01 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012/03/12 23:20:15 | 000,003,636 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2012/03/12 22:53:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012/03/12 22:44:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012/03/12 22:30:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/03/12 22:25:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012/03/12 16:43:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012/03/12 16:42:37 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2008/07/25 23:48:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/07/25 23:48:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008/07/25 23:48:00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/07/25 23:48:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008/07/25 23:48:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/07/25 23:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/07/25 23:48:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008/07/25 23:48:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008/07/25 23:48:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 07:00:00 | 000,493,384 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 07:00:00 | 000,083,802 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2013/01/11 18:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\BitComet [2012/04/09 21:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\DAEMON Tools Lite [2012/11/03 14:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\foobar2000 [2012/03/18 10:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Go PDF Reader [2012/04/09 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\MotioninJoy [2012/04/09 21:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Mount&Blade With Fire and Sword [2012/12/30 06:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\NeopleLauncherDFO [2012/08/04 05:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Oracle [2012/12/22 17:06:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Derek\Application Data\wyUpdate AU [2012/03/14 16:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ant.com [2012/05/14 23:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net [2012/04/23 18:29:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/12/16 14:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2012/05/11 01:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon [2012/03/13 11:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS [2012/03/24 22:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2012/10/17 11:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED [2013/01/10 13:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REVOLT [2012/10/06 21:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System [2012/04/30 23:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBZEN ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/03/12 22:49:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2012/03/12 22:41:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2012/03/12 22:49:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2012/03/12 22:49:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012/03/12 22:49:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2012/03/14 02:23:18 | 000,250,048 | RHS- | M] () -- C:\ntldr [2013/01/12 11:27:26 | 000,064,872 | ---- | M] () -- C:\OTL.Txt [2013/01/12 11:17:04 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2012/11/18 19:51:15 | 000,000,004 | ---- | M] () -- C:\__temp.txt < MD5 for: EXPLORER.EXE > [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: SERVICES.EXE > [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe [2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe [2004/08/04 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe < MD5 for: USERINIT.EXE > [2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < End of report > Here are the results of the scan. I wasn't sure if the next step would be the same as posted in the other thread so i'm posting it here to avoid confusion.
  15. Dtown
    I'm running windows xp 32 bit. I have the fbi virus. the only safe mode i can use is the command prompt one. can anyone help me remove this virus using the REGEDIT command? note: typing explorer.exe into the command prompt does not work as the virus has hijacked that as well. i believe this is a very new version of the virus. thanx in advance
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.