Jump to content

help...please

junsei

By junsei
in Resolved Malware Removal Logs

 Share

Recommended Posts

junsei

junsei

Posted
Posted

ok,

so i'm just playing around on my normal sites that i have never had problems from and a malware hoops onto my computer weee sad.gif

this malware erases my mbam.exe

so i uninstall and then restart my computer. when everything comes back on i have this message on my screen:

"RUNDLL

Error loading c:\windows\system32\wevoyira.dll

The specified module could not be found."

i'm assuming that this (wevoyira.dll) is the malware's file name.

anyway, back to mbam, i try to reinstall and it gives me this:

"Unable to execute file:

C:\Program Files\Malwarebytes' Anti Malware\mbam.exe

CreateProcess failed; code 2

The system cannot find the file specified."

that's the malware at work.

so i find this forums and an entry by the administrator miekiemoes

--> http://www.malwarebytes.org/forums/index.php?showtopic=29028

on how if you change the EXE file name it should bypass the problem, try it and it didn't work in my case. instead i receive: Error code: 707(3,0) what ever the heck that means

so my search continued to different sites all saying about the same as this forum

one site suggested that i go to an non-infected computer on the program folder of mbam and copy to desktop and change the EXE name to either wuauclt.exe of explorer.exe and transfer that file to the program folder the infected computer. try it and i got and error code of 730 i think. blink.gifit this point i'm getting numbers mixed

so if anyone has the next step/solution i would really appreciate it

thank you rolleyes.gif

Forum Deity

pip.gifpip.gifpip.gifpip.gifpip.gifpip.gif

Group:
Honorary Members

Posts: 2,495

Joined: 11-May 09

From: USA

Member No.: 13,640

Hello
junsei
, and welcome to the forums here at Malwarebytes.org

We don't work on Malware removal in the general forums.

Please read and follow the
, skipping any steps you are unable to complete. Then post a
.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it can take up to 48 hours or more at times to get a reply at busy times. Please do not reply to your own post asking for assistance unless its been more than 48 hours and you have not received a reply yet, as this can make it look as though you are already getting help.

Also,
when replying, please use the "add reply"
button at the bottom of the page, as this makes the forum easier to read.

Thank you

First sorry about posting in the wrong place the first time.

I think I miss-communicated here. I'm not looking for removal, i know how to do that. I'm looking for another way to install mbam.exe b/c the solutions of renaming the EXE file are not working for me.

And as to the replying thing i the post the i cited earlier didn't have any replies to it so i didn't think that the administrators wanted ppl posting there and that maybe more ppl would see my problem in the first section. If I'm still in the wrong place let me know.

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Hello junsei

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    /md5stop

    CREATERESTOREPOINT


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • Sections

  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites
junsei

junsei

Posted
  • Author
Posted

this is the OTL.txt

OTL logfile created on: 1/8/2010 9:39:19 AM - Run 1

OTL by OldTimer - Version 3.1.21.1 Folder = C:\Documents and Settings\Ress\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.78 Gb Total Space | 90.73 Gb Free Space | 81.17% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 1.92 Gb Total Space | 1.92 Gb Free Space | 99.90% Space Free | Partition Type: FAT

Computer Name: FLIMFLAM-MASTER

Current User Name: Ress

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ress\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)

PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)

PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

========== Modules (SafeList) ==========

MOD - C:\WINDOWS\system32\lesugeti.dll ()

MOD - C:\WINDOWS\system32\barijatu.dll ()

MOD - C:\Documents and Settings\Ress\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)

========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)

SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)

SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)

DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (xfilt) -- C:\WINDOWS\System32\DRIVERS\xfilt.sys (VIA Technologies,Inc)

DRV - (videX32) -- C:\WINDOWS\System32\DRIVERS\videX32.sys (VIA Technologies, Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (FETNDIS) -- C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. )

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.0.20091216Wb1

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 20:38:06 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 20:38:06 | 00,000,000 | ---D | M]

[2009/11/11 20:04:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ress\Application Data\Mozilla\Extensions

[2009/11/11 20:04:18 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ress\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/01/07 20:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ress\Application Data\Mozilla\Firefox\Profiles\ytucqytl.default\extensions

[2010/01/01 08:31:09 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Ress\Application Data\Mozilla\Firefox\Profiles\ytucqytl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/11/17 12:37:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ress\Application Data\Mozilla\Firefox\Profiles\ytucqytl.default\extensions\searchrecs@veoh.com

[2009/11/11 20:03:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/06 20:38:06 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/01/06 20:37:59 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/01/06 20:37:59 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/11/13 19:47:38 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2010/01/06 20:38:02 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2009/11/11 20:08:02 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2009/11/11 20:08:15 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2009/11/11 20:07:58 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2009/11/02 20:16:17 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/11/02 20:16:17 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/11/02 20:16:17 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/11/02 20:16:17 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/11/02 20:16:17 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/11/02 20:16:17 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/11/02 20:16:17 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [beluzevam] C:\WINDOWS\System32\lesugeti.DLL ()

O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

O4 - HKLM..\Run: [iSTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\windows\system32\wevoyira.dll c:\windows\system32\lesugeti.dll) - C:\WINDOWS\System32\wevoyira.dll File not found

O20 - AppInit_DLLs: (barijatu.dll) - C:\WINDOWS\System32\barijatu.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: lujedevem - {360139d0-7d8d-47fd-a3c6-27ad4fab8d91} - C:\WINDOWS\System32\wevoyira.dll File not found

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: wubupokos - {6287ed5a-b622-4d90-a7b1-4314a24378e9} - C:\WINDOWS\system32\lesugeti.dll ()

O22 - SharedTaskScheduler: {360139d0-7d8d-47fd-a3c6-27ad4fab8d91} - kupuhivus - C:\WINDOWS\System32\wevoyira.dll File not found

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {6287ed5a-b622-4d90-a7b1-4314a24378e9} - kupuhivus - C:\WINDOWS\system32\lesugeti.dll ()

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/10 16:56:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (0)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/08 09:32:17 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ress\Desktop\OTL.exe

[2010/01/07 20:53:07 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/01/07 20:53:04 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/01/07 20:53:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/01/02 08:41:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ress\Application Data\DivX

[2009/12/31 09:03:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2009/12/31 08:20:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2009/12/26 12:02:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2009/12/14 19:34:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ress\My Documents\Updater5

[2009/11/11 20:57:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009/11/11 20:52:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2009/11/11 18:58:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/11/11 18:58:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/11/11 18:58:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/11/11 18:58:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\lesugeti.dll

[2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\setunude.dll

[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\saliyono.dll

[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\huzitala.dll

[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\hedafatu.dll

[2099/01/01 12:00:00 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\barijatu.dll

[2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\wuniferi.dll

[2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\wayebomi.dll

[2010/01/08 09:42:04 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\duhabevo

[2010/01/08 09:32:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ress\Desktop\OTL.exe

[2010/01/08 09:29:32 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\sjungtza.job

[2010/01/08 09:29:17 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/08 09:28:28 | 00,088,723 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/01/08 09:28:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/08 09:28:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/07 22:48:08 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\Ress\NTUSER.DAT

[2010/01/07 22:48:08 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Ress\ntuser.ini

[2010/01/07 22:47:30 | 00,014,609 | ---- | M] () -- C:\Documents and Settings\Ress\My Documents\mbam probem.odt

[2010/01/07 20:47:29 | 05,356,408 | -H-- | M] () -- C:\Documents and Settings\Ress\Local Settings\Application Data\IconCache.db

[2010/01/07 16:45:29 | 47,552,490 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/01/07 16:45:08 | 00,136,354 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/01/02 08:42:33 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Ress\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/28 08:11:10 | 00,313,856 | ---- | M] () -- C:\Documents and Settings\Ress\Desktop\SCHEDULE.xls

[2009/12/17 14:15:47 | 00,012,809 | ---- | M] () -- C:\Documents and Settings\Ress\Desktop\courses.odt

[2009/12/16 20:59:11 | 00,000,412 | ---- | M] () -- C:\Documents and Settings\Ress\My Documents\spider.sav

[2009/12/11 03:21:16 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/11 03:21:16 | 00,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/11 03:21:16 | 00,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/11 03:02:46 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\lesugeti.dll

[2099/01/01 12:00:00 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\setunude.dll

[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\saliyono.dll

[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\huzitala.dll

[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\hedafatu.dll

[2099/01/01 12:00:00 | 00,052,224 | -HS- | C] () -- C:\WINDOWS\System32\barijatu.dll

[2099/01/01 12:00:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\wuniferi.dll

[2099/01/01 12:00:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\wayebomi.dll

[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\duhabevo

[2010/01/08 09:29:32 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\sjungtza.job

[2010/01/07 22:47:30 | 00,014,609 | ---- | C] () -- C:\Documents and Settings\Ress\My Documents\mbam probem.odt

[2009/12/28 07:43:45 | 00,313,856 | ---- | C] () -- C:\Documents and Settings\Ress\Desktop\SCHEDULE.xls

[2009/12/17 14:15:45 | 00,012,809 | ---- | C] () -- C:\Documents and Settings\Ress\Desktop\courses.odt

[2009/12/16 20:59:11 | 00,000,412 | ---- | C] () -- C:\Documents and Settings\Ress\My Documents\spider.sav

[2009/11/17 10:10:21 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini

[2009/11/14 11:12:43 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Ress\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/11 19:23:33 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2007/04/19 00:26:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/04/19 00:26:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/04/19 00:26:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/04/19 00:26:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2007/04/19 00:26:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/04/19 00:26:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/04/19 00:26:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

========== LOP Check ==========

[2009/11/11 20:01:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2009/11/11 18:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/01/08 09:29:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/01/08 09:29:32 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\sjungtza.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >

[2002/08/28 20:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys

[2002/08/28 20:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys

[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >

[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

this is the Extras.txt

OTL Extras logfile created on: 1/8/2010 9:39:19 AM - Run 1

OTL by OldTimer - Version 3.1.21.1 Folder = C:\Documents and Settings\Ress\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.78 Gb Total Space | 90.73 Gb Free Space | 81.17% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 1.92 Gb Total Space | 1.92 Gb Free Space | 99.90% Space Free | Partition Type: FAT

Computer Name: FLIMFLAM-MASTER

Current User Name: Ress

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server

"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server

"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server

"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)

"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)

"C:\WINDOWS\system32\logonui.exe" = C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui -- (Microsoft Corporation)

"C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup

"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content

"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}" = OpenOffice.org 2.0

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles

"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection

"AVG9Uninstall" = AVG Free 9.0

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)

"NVIDIA Drivers" = NVIDIA Drivers

"PCI Audio Driver" = PCI Audio Driver

"RealPlayer 12.0" = RealPlayer

"Spyware Doctor" = Spyware Doctor 7.0

"Veoh Web Player Beta" = Veoh Web Player

"VLC media player" = VideoLAN VLC media player 0.8.6d

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/11/2009 9:10:03 PM | Computer Name = FLIMFLAM-MASTER | Source = Application Hang | ID = 1002

Description = Hanging application realplay.exe, version 12.0.0.339, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/11/2009 9:10:05 PM | Computer Name = FLIMFLAM-MASTER | Source = Application Hang | ID = 1002

Description = Hanging application realplay.exe, version 12.0.0.339, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/11/2009 9:10:09 PM | Computer Name = FLIMFLAM-MASTER | Source = Application Hang | ID = 1001

Description = Fault bucket 1552416827.

Error - 11/11/2009 9:10:10 PM | Computer Name = FLIMFLAM-MASTER | Source = Application Hang | ID = 1001

Description = Fault bucket 1552416827.

Error - 11/17/2009 8:50:05 PM | Computer Name = FLIMFLAM-MASTER | Source = Application Error | ID = 1000

Description = Faulting application winamp.exe, version 5.5.6.2512, faulting module

ntdll.dll, version 5.1.2600.5755, fault address 0x000116f4.

Error - 12/17/2009 4:03:14 AM | Computer Name = FLIMFLAM-MASTER | Source = Google Update | ID = 20

Description =

Error - 12/17/2009 5:03:14 AM | Computer Name = FLIMFLAM-MASTER | Source = Google Update | ID = 20

Description =

Error - 12/17/2009 6:03:14 AM | Computer Name = FLIMFLAM-MASTER | Source = Google Update | ID = 20

Description =

Error - 12/17/2009 7:03:14 AM | Computer Name = FLIMFLAM-MASTER | Source = Google Update | ID = 20

Description =

Error - 12/31/2009 9:16:28 AM | Computer Name = FLIMFLAM-MASTER | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 12/26/2009 12:44:52 PM | Computer Name = FLIMFLAM-MASTER | Source = Service Control Manager | ID = 7031

Description = The AVG Free WatchDog service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 0 milliseconds:

Restart the service.

Error - 12/26/2009 12:44:56 PM | Computer Name = FLIMFLAM-MASTER | Source = Service Control Manager | ID = 7031

Description = The AVG Free WatchDog service terminated unexpectedly. It has done

this 2 time(s). The following corrective action will be taken in 0 milliseconds:

Restart the service.

Error - 12/26/2009 12:45:43 PM | Computer Name = FLIMFLAM-MASTER | Source = Service Control Manager | ID = 7034

Description = The FLEXnet Licensing Service service terminated unexpectedly. It

has done this 1 time(s).

Error - 12/26/2009 12:46:32 PM | Computer Name = FLIMFLAM-MASTER | Source = Service Control Manager | ID = 7034

Description = The PC Tools Security Service service terminated unexpectedly. It

has done this 1 time(s).

Error - 12/26/2009 12:46:36 PM | Computer Name = FLIMFLAM-MASTER | Source = Service Control Manager | ID = 7034

Description = The PC Tools Auxiliary Service service terminated unexpectedly. It

has done this 1 time(s).

Error - 12/26/2009 12:46:46 PM | Computer Name = FLIMFLAM-MASTER | Source = Service Control Manager | ID = 7031

Description = The AVG Free WatchDog service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 0 milliseconds:

Restart the service.

Error - 12/26/2009 12:47:03 PM | Computer Name = FLIMFLAM-MASTER | Source = Service Control Manager | ID = 7034

Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has

done this 3 time(s).

Error - 12/26/2009 12:47:10 PM | Computer Name = FLIMFLAM-MASTER | Source = Service Control Manager | ID = 7031

Description = The AVG Free WatchDog service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 0 milliseconds:

Restart the service.

Error - 12/26/2009 12:47:14 PM | Computer Name = FLIMFLAM-MASTER | Source = Service Control Manager | ID = 7031

Description = The AVG Free WatchDog service terminated unexpectedly. It has done

this 2 time(s). The following corrective action will be taken in 0 milliseconds:

Restart the service.

Error - 12/26/2009 12:57:05 PM | Computer Name = FLIMFLAM-MASTER | Source = nv | ID = 262252

Description = The driver nv4_disp for the display device \Device\Video0 got stuck

in an infinite loop. This usually indicates a problem with the device itself or

with the device driver programming the hardware incorrectly. Please check with your

hardware

device vendor for any driver updates.

< End of report >

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.