Jump to content

PlankOfWood

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. PlankOfWood
    Oh, nm. I can't seem to remove any programs in safe mode. My mistake.
  2. PlankOfWood
    Kept scanning and took too long so I stopped the scan. Rebooted into normal mode, attempted to open control panel and uninstall Java from there. It just opened up the virus again. Can't seem to uninstall Java from Safe Mode even if I have nothing open. I am able to remove other programs though such as games etc. Just a list of processes, doubt it will help. http://i.imgur.com/fnlAM.jpg
  3. PlankOfWood
    By disable you mean make sure they or their processes are not running? Also when I attempt to uninstall Java 6 Update 22 I get this http://i.imgur.com/FpctU.jpg Is it because I have GMER running? I downloaded it a couple hours ago and am running a scan and followed the outline. I think it's almost complete so I haven't stopped it yet.
  4. PlankOfWood
    Here you are OTL.Txt OTL logfile created on: 4/3/2011 3:59:59 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dota\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 3.78 Gb Free Space | 1.27% Space Free | Partition Type: NTFS Drive D: | 1397.26 Gb Total Space | 665.21 Gb Free Space | 47.61% Space Free | Partition Type: NTFS Drive E: | 512.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: NICK-ADD496396C | User Name: Dota | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/03 15:58:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dota\Desktop\OTL.exe PRC - [2011/04/01 14:03:18 | 000,106,496 | ---- | M] (S2 Games) -- C:\Program Files\Heroes of Newerth\hon.exe PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/03/04 15:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/04 15:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/03/04 15:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/02/24 00:53:54 | 000,415,072 | ---- | M] () -- C:\Program Files\Dyyno\Dyyno Broadcaster\launcherd.exe PRC - [2010/11/05 09:27:18 | 007,168,768 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe PRC - [2010/07/06 18:14:56 | 000,716,024 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/01/29 18:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe PRC - [2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2011/04/03 15:58:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dota\Desktop\OTL.exe MOD - [2008/04/13 23:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/03/04 15:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/04 15:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/02/24 00:53:54 | 000,415,072 | ---- | M] () [Auto | Running] -- C:\Program Files\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher) SRV - [2010/07/06 18:14:56 | 000,716,024 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService) ========== Driver Services (SafeList) ========== DRV - [2011/03/04 17:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/03/04 15:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/10/15 03:08:35 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Dota\Local Settings\Temp\GUQF6.tmp -- (GarenaPEngine) DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010/01/22 22:50:41 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006/06/28 17:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006/03/17 19:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage IE - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Winamp Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.teamliquid.net" FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 12:23:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 12:23:14 | 000,000,000 | ---D | M] [2009/11/20 22:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Extensions [2011/04/03 14:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions [2011/03/05 20:08:15 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2011/04/03 14:25:43 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2010/12/20 09:43:40 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2011/04/02 12:35:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/03/03 16:12:59 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\DTToolbar@toolbarnet.com [2011/03/03 16:12:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\engine@conduit.com [2011/04/03 14:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\staged [2010/12/05 07:07:43 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\searchplugins\askcom.xml [2010/01/22 22:51:20 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\searchplugins\daemon-search.xml [2011/03/05 20:36:39 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\searchplugins\winamp-search.xml [2011/04/02 12:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/03/27 02:22:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\DOCUMENTS AND SETTINGS\DOTA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S7M1I04M.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI [2011/03/27 02:21:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011/03/27 02:21:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\RunOnce: [NSSInstallation] C:\Program Files\DivX\Symantec\scstubinstaller.exe (Symantec Corporation) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab () O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.94 24.226.10.193 24.226.1.93 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Dota\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dota\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/06/12 16:26:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/04/18 11:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-1844237615-507921405-1801674531-1003..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/03 15:58:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dota\Desktop\OTL.exe [2011/04/03 14:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Application Data\Avira [2011/04/02 12:17:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011/04/02 12:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2011/04/02 12:15:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011/04/02 12:15:25 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011/04/02 12:15:25 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011/04/02 12:15:25 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2011/04/02 12:15:25 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2011/04/02 12:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011/04/02 12:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2011/03/31 23:35:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2011/03/31 23:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Local Settings\Application Data\Winamp Toolbar [2011/03/30 16:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Application Data\OpenOffice.org [2011/03/30 16:17:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3 [2011/03/30 16:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2011/03/30 16:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Desktop\OpenOffice.org 3.3 (en-US) Installation Files [2011/03/27 02:27:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2011/03/27 02:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2011/03/27 02:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/03/27 02:22:06 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011/03/27 02:22:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/03/27 02:22:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/03/27 02:22:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/03/27 02:22:06 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011/03/27 02:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011/03/27 02:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Application Data\Sun [2011/03/24 01:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC [2011/03/24 01:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Application Data\mIRC [2011/03/24 01:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\mIRC [2011/03/05 20:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Start Menu\Programs\Winamp Detector Plug-in [2011/03/05 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2011/03/05 20:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp [2011/03/05 20:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar [2011/03/05 20:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar [2011/03/05 20:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2011/03/05 20:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Application Data\Winamp [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/03 15:58:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dota\Desktop\OTL.exe [2011/04/03 15:12:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/04/03 14:22:01 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job [2011/04/03 14:18:56 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/04/03 14:18:56 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/04/03 14:17:31 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/04/03 14:17:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/04/03 13:39:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/04/03 05:23:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat [2011/04/02 12:23:16 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Dota\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/04/02 12:23:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/04/02 12:15:35 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011/04/02 12:10:48 | 000,186,177 | ---- | M] () -- C:\Documents and Settings\Dota\Desktop\what is this.JPG [2011/04/02 11:29:54 | 000,012,282 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f [2011/04/02 11:29:53 | 000,012,282 | -HS- | M] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f [2011/03/31 23:51:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/31 23:29:10 | 000,015,674 | -HS- | M] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\7a3d8u8784tdd04w7i4a1pj [2011/03/31 23:29:10 | 000,015,674 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7a3d8u8784tdd04w7i4a1pj [2011/03/31 23:27:53 | 000,000,321 | -HS- | M] () -- C:\boot.ini [2011/03/31 21:06:06 | 000,150,528 | ---- | M] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/31 13:35:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/31 13:35:22 | 000,124,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/03/30 16:17:08 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk [2011/03/30 16:12:28 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2011/03/30 07:01:57 | 000,006,009 | ---- | M] () -- C:\Documents and Settings\Dota\Desktop\Insurance Companies.rtf [2011/03/27 02:21:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011/03/27 02:21:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/03/27 02:21:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/03/27 02:21:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/03/27 02:21:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011/03/26 15:38:31 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011/03/26 15:38:31 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2011/03/26 15:38:28 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011/03/24 01:15:04 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk [2011/03/17 15:26:16 | 000,000,059 | ---- | M] () -- C:\WINDOWS\pp.enc [2011/03/14 18:52:49 | 000,001,301 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Continue Carlospoker setup.lnk [2011/03/09 22:23:13 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk [2011/03/08 21:41:35 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Dota\Desktop\New Rich Text Document.rtf [2011/03/06 20:57:37 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Dota\Desktop\own3dtv.rtf [2011/03/05 20:08:17 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Dota\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk [2011/03/05 20:08:17 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk [2011/03/05 20:08:16 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\Dota\Desktop\50 FREE MP3s +1 Free Audiobook!.lnk [2011/03/04 17:11:12 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/02 12:23:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2011/04/02 12:15:35 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2011/04/02 12:10:47 | 000,186,177 | ---- | C] () -- C:\Documents and Settings\Dota\Desktop\what is this.JPG [2011/04/02 01:06:26 | 000,012,282 | -HS- | C] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f [2011/04/02 01:06:26 | 000,012,282 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f [2011/03/31 23:05:37 | 000,015,674 | -HS- | C] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\7a3d8u8784tdd04w7i4a1pj [2011/03/31 23:05:37 | 000,015,674 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7a3d8u8784tdd04w7i4a1pj [2011/03/30 16:17:08 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk [2011/03/30 00:33:07 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Dota\Desktop\Insurance Companies.rtf [2011/03/26 15:00:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/03/24 01:15:04 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk [2011/03/17 15:26:16 | 000,000,059 | ---- | C] () -- C:\WINDOWS\pp.enc [2011/03/08 21:41:10 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Dota\Desktop\New Rich Text Document.rtf [2011/03/06 20:57:37 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Dota\Desktop\own3dtv.rtf [2011/03/05 21:40:13 | 000,001,301 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Continue Carlospoker setup.lnk [2011/03/05 20:08:17 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Dota\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk [2011/03/05 20:08:17 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk [2011/03/05 20:08:16 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Dota\Start Menu\Programs\50 FREE MP3s +1 Free Audiobook!.lnk [2011/03/05 20:08:16 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Dota\Desktop\50 FREE MP3s +1 Free Audiobook!.lnk [2011/03/01 07:45:21 | 000,035,090 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat [2010/12/06 14:45:55 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010/12/06 14:45:54 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010/12/06 14:45:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010/12/06 14:45:41 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010/11/15 12:58:55 | 000,066,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/06/30 15:36:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat [2010/06/24 15:55:14 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010/01/26 22:57:45 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\pv_c3.exe [2009/11/20 23:06:14 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/11/20 22:44:26 | 000,150,528 | ---- | C] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/20 22:07:12 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009/11/20 22:00:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/11/20 21:48:58 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2009/11/20 21:43:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/11/20 21:38:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/11/20 21:04:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2009/11/20 21:04:07 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2009/11/20 16:33:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/11/20 16:31:54 | 000,124,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/04/13 23:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006/12/31 01:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/08/23 08:00:00 | 000,432,856 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/08/23 08:00:00 | 000,067,560 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat < End of report > ------------------------------------------------------ Extras.Txt OTL Extras logfile created on: 4/3/2011 3:59:59 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dota\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 3.78 Gb Free Space | 1.27% Space Free | Partition Type: NTFS Drive D: | 1397.26 Gb Total Space | 665.21 Gb Free Space | 47.61% Space Free | Partition Type: NTFS Drive E: | 512.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: NICK-ADD496396C | User Name: Dota | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1844237615-507921405-1801674531-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "56079:TCP" = 56079:TCP:*:Enabled:Pando Media Booster "56079:UDP" = 56079:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "56079:TCP" = 56079:TCP:*:Enabled:Pando Media Booster "56079:UDP" = 56079:UDP:*:Enabled:Pando Media Booster "8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher "8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Program Files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe" = C:\Program Files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:*:Enabled:Sid Meier's Civilization IV -- (Firaxis Games) "C:\Program Files\Steam\steamapps\common\sid meier's civilization iv beyond the sword\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Steam\steamapps\common\sid meier's civilization iv beyond the sword\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization IV: Beyond the Sword -- (Firaxis Games) "C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- () "C:\Program Files\Tunngle\tnglctrl.exe" = C:\Program Files\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH) "C:\Program Files\Tunngle\tunngle.exe" = C:\Program Files\Tunngle\tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH) "C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Program Files\StarCraft II\Versions\Base16561\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16561\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Program Files\StarCraft II\Versions\Base16605\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16605\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo -- (Easygamestation) "C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo -- () "C:\Program Files\StarCraft II\Versions\Base16755\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16755\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.) "C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- () "C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD "C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- () "C:\Program Files\Dyyno\Dyyno Broadcaster\dgcsrv.exe" = C:\Program Files\Dyyno\Dyyno Broadcaster\dgcsrv.exe:*:Enabled:Dyyno Broadcaster -- (Dyyno) "C:\Program Files\Dyyno\Dyyno Broadcaster\dppm_source.exe" = C:\Program Files\Dyyno\Dyyno Broadcaster\dppm_source.exe:*:Enabled:Dyyno Broadcaster -- () "C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22 "{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate II - Throne of Bhaal "{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}" = Bloodline Champions Beta "{C3592426-531E-4110-911D-BFECE2CE284C}" = osu! "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype
  5. PlankOfWood
    Recently seemed to have gotten some type of Malware that does not allow me to open any .exe files and doesn't allow firefox to work. The virus makes a second shield icon like the Windows XP Security one, but this one does it's own virus scan and lists a bunch of viruses and continually opens. Including opening on start-up. After the Malware launches the computer obviously slows to a grind and I cannot re-enable the firewall. I ran Malware Bytes and have multiple logs, as it seems to continue coming back upon start-up. Note: I have been able to use my computer twice since getting it, when Malware bytes cleaned it up, it changed the registries so that .exe files could no longer open. (Any of them). When I rebooted my computer and worked in normal mode, no .exe files would work until I changed the registry back to normal under exefiles. However, the virus did not load itself during this time and I was able to game all day afterwards. Hope this helps. Screen shots: http://i.imgur.com/hisLJ.jpg http://i.imgur.com/MKVAi.jpg First log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6231 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 6.0.2900.5512 4/1/2011 12:39:19 AM mbam-log-2011-04-01 (00-39-19).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 613672 Time elapsed: 1 hour(s), 19 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\cdw.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\cdw.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\cdw.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\Dota\application data\Sun\Java\deployment\cache\6.0\10\5f959d8a-3f86cf73 (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Dota\local settings\application data\cdw.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Dota\local settings\application data\pxg.exe (Trojan.Agent) -> Quarantined and deleted successfully. d:\!NICK\documents and settings\Nick2\Desktop\desktop junk organizer!\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully. d:\!NICK\other drive\PROGRA\MyWay\myBar\2.bin\MY2NS.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. d:\!NICK\other drive\PROGRA\MyWay\myBar\2.bin\MYBAR.DLL (Adware.MywaySearch) -> Quarantined and deleted successfully. d:\!NICK\other drive\WINNT\$ntservicepackuninstall$\iasrad.dll (Spyware.PWS) -> Quarantined and deleted successfully. d:\!NICK\other drive\WIN_NT\UnstSA2.exe (Adware.BlazeFind) -> Quarantined and deleted successfully. d:\!NICK\other drive\WIN_NT\$ntservicepackuninstall$\iasrad.dll (Spyware.PWS) -> Quarantined and deleted successfully. Second Log etc Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6231 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 6.0.2900.5512 4/2/2011 1:58:52 AM mbam-log-2011-04-02 (01-58-52).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 612799 Time elapsed: 1 hour(s), 19 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\hvr.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\hvr.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\hvr.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.