Jump to content

Antimalware Doctor On Computer, Malwarebytes will not open

WunderKid50
 Share

Recommended Posts

WunderKid50

WunderKid50

Posted
Posted

I have been infected by the Antimalware Doctor virus. It has shut down system restore. I successfully downloaded Malwarebytes, but can not launch. I sometimes can not open firefox as well. Please help. Thanks!

DDS (Ver_10-03-17.01) - NTFSx86

Run by Childhood Hero at 15:37:22.26 on Fri 04/09/2010

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.639 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

C:\WINDOWS\system32\rundll32.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\rundll32.exe

c:\windows\system32\hkcmd .exe

c:\program files\synaptics\syntp\syntpenh .exe

c:\windows\system32\wltray .exe

c:\windows\system32\igfxpers .exe

C:\WINDOWS\system32\igfxsrvc.exe

c:\program files\sigmatel\c-major audio\wdm\stsystra .exe

c:\program files\common files\logishrd\lcommgr\communications_helper .exe

c:\program files\winamp\winampa .exe

c:\progra~1\avg\avg9\avgtray .exe

c:\program files\itunes\ituneshelper .exe

c:\program files\logitech\quickcam10\quickcam10 .exe

c:\program files\common files\adobe\arm\1.0\adobearm .exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\oejhbmmds\ciktflntssd.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

E:\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.diagtool.org/ac.php?aid=314&sid=new

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: c:\windows\system32\krzb7i.dll: {a9ba40a1-74f1-52bd-f431-00b15a2c8953} - c:\windows\system32\krzb7i.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uRun: [notepad] rundll32.exe c:\docume~1\networ~1\ntload.dll,_IWMPEvents@0

uRun: [vacoolax] c:\documents and settings\childhood hero\local settings\application data\eqefwfruk\tknhdtntssd.exe

uRun: [rrlihxpi] c:\documents and settings\childhood hero\local settings\application data\oejhbmmds\ciktflntssd.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ewrgetuj] c:\docume~1\mike\locals~1\temp\geurge.exe

mRun: [notepad] rundll32.exe c:\windows\system32\notepad.dll,_IWMPEvents@0

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [vacoolax] c:\documents and settings\childhood hero\local settings\application data\eqefwfruk\tknhdtntssd.exe

mRun: [rrlihxpi] c:\documents and settings\childhood hero\local settings\application data\oejhbmmds\ciktflntssd.exe

dRun: [hsf87efjhdsf87f3jfsdi7fhsujfd] c:\windows\temp\debug.exe

mPolicies-system: EnableLUA = 0 (0x0)

dPolicies-explorer: NoFolderOptions = 1 (0x1)

dPolicies-system: DisableRegistryTools = 1 (0x1)

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

STS: c:\windows\system32\krzb7i.dll: {a9ba40a1-74f1-52bd-f431-00b15a2c8953} - c:\windows\system32\krzb7i.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\childh~1\applic~1\mozilla\firefox\profiles\5s5sis5k.default\

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\mike\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\mike\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 Ias;Windows Protected Access;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 seagate;seagate;c:\windows\system32\seagate.sys [2004-8-10 2304]

S0 uvztn;uvztn;c:\windows\system32\drivers\uvztn.sys [2010-4-8 0]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-9 916760]

S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-9 308064]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-9 369920]

=============== Created Last 30 ================

2010-04-09 22:32:11 0 ----a-w- c:\documents and settings\childhood hero\defogger_reenable

2010-04-09 22:07:37 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-04-09 22:06:57 0 d-----w- c:\program files\Lavasoft

2010-04-09 21:36:30 0 d-----w- c:\program files\zztoy

2010-04-09 21:12:27 0 d-----w- c:\program files\Firefox

2010-04-09 21:03:25 0 d-----w- c:\program files\AVG

2010-04-09 21:03:04 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2010-04-09 20:18:16 0 d-----w- c:\windows\system32\LogFiles

2010-04-09 02:49:22 4 ----a-w- c:\program files\2594531.dat

2010-04-09 01:47:59 37376 ----a-w- c:\documents and settings\childhood hero\rundll32.exe.delme192

2010-04-09 01:47:59 37376 ----a-w- c:\documents and settings\childhood hero\rundll32.exe.delme178

2010-04-09 01:47:59 37376 ----a-w- c:\documents and settings\childhood hero\rundll32.exe

2010-04-09 01:47:59 37376 ----a-w- c:\documents and settings\childhood hero\rundll32 .exe

2010-04-09 01:25:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-09 01:25:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-04-09 01:25:19 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-09 01:25:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-09 00:45:53 0 d-----w- c:\program files\Your Protection

2010-04-09 00:13:25 0 d-----w- c:\docume~1\alluse~1\applic~1\73759031

2010-04-09 00:05:27 90624 ----a-w- c:\windows\system32\app_dll.dll

2010-04-09 00:04:21 20000 ----a-w- c:\windows\system32\krzb7i.dll

2010-04-09 00:04:08 0 ----a-w- c:\windows\system32\drivers\uvztn.sys

2010-04-09 00:03:35 37888 ----a-w- c:\windows\system32\awxm.vho

2010-04-09 00:03:28 0 d-----w- c:\docume~1\alluse~1\applic~1\08593429

2010-04-09 00:03:09 6 ----a-w- c:\windows\system32^iphy.dll

2010-04-09 00:02:50 184832 ----a-w- c:\windows\Xfimya.exe

2010-04-09 00:02:11 71680 --sha-r- c:\windows\system32\dpwsockh.dll

2010-04-06 04:36:10 0 d-----w- c:\program files\iPod

2010-04-06 04:35:45 0 d-----w- c:\program files\iTunes

2010-04-06 04:35:45 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-06 04:25:25 0 d-----w- c:\program files\Bonjour

2010-03-31 01:16:56 0 d-----w- c:\program files\YouSendIt

2010-03-31 01:16:09 0 d-----w- c:\windows\Downloaded Installations

2010-03-29 04:30:24 0 d-----w- c:\windows\system32\wbem\Repository

2010-03-19 19:46:42 0 d-----w- c:\program files\uTorrent

2010-03-18 04:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-03-18 04:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-04-09 22:32:57 37376 ----a-w- c:\windows\system32\wltray.exe

2010-04-09 22:32:56 37376 ----a-w- c:\windows\system32\igfxpers.exe

2010-04-09 22:32:55 37376 ----a-w- c:\windows\system32\hkcmd.exe

2010-04-09 22:32:54 37376 ----a-w- c:\windows\system32\igfxtray.exe

2010-04-09 00:03:05 4608 ----a-w- c:\windows\system32\srsvc.dll

2010-02-26 06:05:09 668672 ----a-w- c:\windows\system32\wininet.dll

2010-02-26 06:05:05 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-02-12 18:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-02-12 18:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe

2009-03-21 14:18:57 34304 --sha-w- c:\windows\system32\notepad.dll

============= FINISH: 15:38:27.04 ===============

Attach.zip

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

Hi WunderKid50, Welcome to Malwarebytes :D

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Link to post
Share on other sites
WunderKid50

WunderKid50

Posted
  • Author
Posted
Hi WunderKid50, Welcome to Malwarebytes :)

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Link to post
Share on other sites
WunderKid50

WunderKid50

Posted
  • Author
Posted

Thanks SpySentinel! Here is the log. Please let me know what I should do next.

OTL logfile created on: 4/10/2010 3:26:36 PM - Run 1

OTL by OldTimer - Version 3.2.1.1 Folder = E:\

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 593.00 Mb Available Physical Memory | 58.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 54.48 Gb Total Space | 25.60 Gb Free Space | 46.98% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 54.48 Gb Total Space | 8.04 Gb Free Space | 14.77% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CHILDHOO-320F3C

Current User Name: Childhood Hero

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/10 15:20:49 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eowxupjbk\oaqoqrjtssd.exe

PRC - [2010/04/10 15:20:48 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\scxxuyxlb\oqjgfhvtssd.exe

PRC - [2010/04/10 15:20:47 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\aonxuykkm\ortbgxotssd.exe

PRC - [2010/04/10 15:20:46 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Application Data\qpyasimuw\dipdositssd.exe

PRC - [2010/04/10 15:20:45 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Application Data\jdkasjyvm\digimcptssd.exe

PRC - [2010/04/10 15:20:44 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\oejhbmmds\ciktflntssd.exe

PRC - [2010/04/10 15:20:43 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eqefwfruk\tknhdtntssd.exe

PRC - [2010/04/10 15:20:42 | 000,037,376 | ---- | M] (Portable Library) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2010/04/10 15:20:40 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Mike\Local Settings\Temp\geurge.exe

PRC - [2010/04/10 15:20:38 | 000,037,376 | ---- | M] (Portable Library) -- c:\Program Files\QuickTime\qttask .exe

PRC - [2010/04/10 15:20:36 | 000,037,376 | ---- | M] (Portable Library) -- C:\Program Files\Logitech\QuickCam10\quickcam10.exe

PRC - [2010/04/10 15:20:35 | 000,037,376 | ---- | M] (Portable Library) -- C:\Program Files\Common Files\LogiShrd\LComMgr\communications_helper.exe

PRC - [2010/04/10 15:20:34 | 000,037,376 | ---- | M] (Portable Library) -- C:\Program Files\Winamp\winampa.exe

PRC - [2010/04/10 15:12:11 | 000,561,664 | ---- | M] (OldTimer Tools) -- E:\OTL.exe

PRC - [2010/04/10 15:10:34 | 000,037,376 | ---- | M] (Portable Library) -- C:\Program Files\QuickTime\qttask .exe

PRC - [2010/04/10 15:10:25 | 000,037,376 | ---- | M] (Portable Library) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eqefwfruk\tknhdtntssd .exe

PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Local Settings\Application Data\aonxuykkm\ortbgxotssd .exe

PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Local Settings\Application Data\scxxuyxlb\oqjgfhvtssd .exe

PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eowxupjbk\oaqoqrjtssd .exe

PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Application Data\qpyasimuw\dipdositssd .exe

PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Application Data\jdkasjyvm\digimcptssd .exe

PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Local Settings\Application Data\oejhbmmds\ciktflntssd .exe

PRC - [2010/04/09 14:06:27 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG9\avgtray .exe

PRC - [2010/04/08 17:03:53 | 000,037,376 | ---- | M] (Portable Library) -- c:\Documents and Settings\Mike\Local Settings\Temp\geurge .exe

PRC - [2010/03/26 01:10:02 | 000,142,120 | ---- | M] (Apple Inc.) -- c:\Program Files\iTunes\ituneshelper .exe

PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009/12/11 16:57:56 | 000,948,672 | R--- | M] (Adobe Systems Incorporated) -- c:\Program Files\Common Files\Adobe\ARM\1.0\adobearm .exe

PRC - [2009/07/01 09:37:06 | 000,037,888 | ---- | M] () -- c:\Program Files\Winamp\winampa .exe

PRC - [2007/10/09 20:17:44 | 002,183,168 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\wltray .exe

PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- c:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra .exe

PRC - [2007/03/30 21:00:16 | 000,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd .exe

PRC - [2007/03/30 20:59:36 | 000,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers .exe

PRC - [2007/02/08 02:13:48 | 000,774,168 | ---- | M] () -- c:\Program Files\Logitech\QuickCam10\quickcam10 .exe

PRC - [2007/02/08 02:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LComMgr\communications_helper .exe

PRC - [2007/02/08 02:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2007/02/06 18:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

PRC - [2007/02/06 18:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2007/02/06 18:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

PRC - [2006/03/08 13:48:02 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- c:\Program Files\Synaptics\SynTP\syntpenh .exe

PRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/04/10 15:12:11 | 000,561,664 | ---- | M] (OldTimer Tools) -- E:\OTL.exe

MOD - [2010/04/08 17:04:21 | 000,020,000 | ---- | M] () -- C:\WINDOWS\system32\krzb7i.dll

MOD - [2009/03/21 07:18:57 | 000,034,304 | -HS- | M] () -- C:\WINDOWS\system32\notepad.dll

MOD - [2007/03/30 20:59:08 | 000,102,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll

MOD - [2004/08/10 04:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/04/09 14:05:54 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/04/09 14:05:45 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/04/08 17:03:05 | 000,004,608 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2007/02/06 18:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stop_Pending] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/02/06 18:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2004/08/17 20:00:00 | 000,073,748 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\Iasex.dll -- (Ias)

SRV - [2004/08/10 04:00:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/09 14:05:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 21:31:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/05 21:31:16 | 000,000,000 | ---D | M]

[2010/03/16 00:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Childhood Hero\Application Data\Mozilla\Extensions

[2010/03/16 00:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Childhood Hero\Application Data\Mozilla\Firefox\Profiles\5s5sis5k.default\extensions

[2010/04/10 15:09:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (C:\WINDOWS\system32\krzb7i.dll) - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\krzb7i.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (Portable Library)

O4 - HKLM..\Run: [ewrgetuj] C:\Documents and Settings\Mike\Local Settings\Temp\geurge.exe (Portable Library)

O4 - HKLM..\Run: [jnolnoca] C:\Documents and Settings\Childhood Hero\Application Data\qpyasimuw\dipdositssd.exe (Portable Library)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Portable Library)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe (Portable Library)

O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL ()

O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask .exe (Apple Inc.)

O4 - HKLM..\Run: [rrlihxpi] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\oejhbmmds\ciktflntssd.exe (Portable Library)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (Portable Library)

O4 - HKLM..\Run: [ufspoamq] C:\Documents and Settings\Childhood Hero\Application Data\jdkasjyvm\digimcptssd.exe (Portable Library)

O4 - HKLM..\Run: [vacoolax] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eqefwfruk\tknhdtntssd.exe (Portable Library)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Portable Library)

O4 - HKCU..\Run: [fqauyfnj] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eowxupjbk\oaqoqrjtssd.exe (Portable Library)

O4 - HKCU..\Run: [imhkrouk] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\scxxuyxlb\oqjgfhvtssd.exe (Portable Library)

O4 - HKCU..\Run: [jnolnoca] C:\Documents and Settings\Childhood Hero\Application Data\qpyasimuw\dipdositssd.exe (Portable Library)

O4 - HKCU..\Run: [notepad] C:\Documents and Settings\NetworkService\ntload.dll ()

O4 - HKCU..\Run: [rrlihxpi] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\oejhbmmds\ciktflntssd.exe (Portable Library)

O4 - HKCU..\Run: [ufspoamq] C:\Documents and Settings\Childhood Hero\Application Data\jdkasjyvm\digimcptssd.exe (Portable Library)

O4 - HKCU..\Run: [vacoolax] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eqefwfruk\tknhdtntssd.exe (Portable Library)

O4 - HKCU..\Run: [vtcgqelt] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\aonxuykkm\ortbgxotssd.exe (Portable Library)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - hasiufhiusdfjdhfudd - C:\WINDOWS\system32\krzb7i.dll ()

O24 - Desktop WallPaper: C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/04 13:33:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/02/02 19:54:18 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - C:\WINDOWS\system32\6to4v32.dll ()

NetSvcs: Ias - C:\WINDOWS\system32\Iasex.dll ()

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - C:\WINDOWS\system32\srsvc.dll ()

NetSvcs: WmdmPmSp - File not found

Unable to start service SrService!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/10 15:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\kglyjunab

[2010/04/10 15:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\dtwyjvbaq

[2010/04/10 15:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eowxupjbk

[2010/04/10 15:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\scxxuyxlb

[2010/04/10 15:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\aonxuykkm

[2010/04/09 15:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Application Data\qpyasimuw

[2010/04/09 15:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\qpyasimuw

[2010/04/09 15:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Application Data\jdkasjyvm

[2010/04/09 15:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\jdkasjyvm

[2010/04/09 15:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\oejhbmmds

[2010/04/09 15:07:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[2010/04/09 15:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/04/09 15:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/04/09 14:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eqefwfruk

[2010/04/09 14:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Application Data\Sun

[2010/04/09 14:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\Adobe

[2010/04/09 14:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Application Data\DivX

[2010/04/09 14:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\zztoy

[2010/04/09 14:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Firefox

[2010/04/09 14:08:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2010/04/09 14:08:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2010/04/09 14:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2010/04/09 14:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2010/04/09 14:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/04/09 14:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/04/09 13:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\My Documents\Downloads

[2010/04/09 13:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/04/09 13:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun

[2010/04/09 13:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/04/09 13:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/04/09 13:18:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2010/04/08 18:47:59 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Childhood Hero\rundll32.exe.delme192

[2010/04/08 18:47:59 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Childhood Hero\rundll32.exe.delme178

[2010/04/08 18:47:59 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Childhood Hero\rundll32.exe

[2010/04/08 18:47:59 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Childhood Hero\rundll32 .exe

[2010/04/08 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Application Data\Apple Computer

[2010/04/08 18:25:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/08 18:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/04/08 18:25:19 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/08 18:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/04/08 17:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Your Protection

[2010/04/08 17:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\73759031

[2010/04/08 17:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/04/08 17:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/04/08 17:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/04/08 17:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\08593429

[2010/04/05 21:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/04/05 21:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/04/05 21:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/04/05 21:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/04/05 21:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/03/30 18:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\YouSendIt

[2010/03/30 18:16:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2010/03/28 21:28:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2009/11/23 12:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/04/10 15:27:48 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\rundll32.exe

[2010/04/10 15:26:03 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[2010/04/10 15:26:03 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010/04/10 15:25:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/04/10 15:25:34 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\urtial.job

[2010/04/10 15:25:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/04/10 15:23:31 | 000,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/04/10 15:23:31 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/04/10 15:23:31 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/04/10 15:11:35 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Childhood Hero\ntuser.dat

[2010/04/10 15:11:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Childhood Hero\ntuser.ini

[2010/04/10 15:06:05 | 000,012,984 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\k2IQ0LMb2L

[2010/04/09 18:42:05 | 004,307,406 | -H-- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\IconCache.db

[2010/04/09 18:04:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-842925246-839522115-1003UA.job

[2010/04/09 15:32:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Childhood Hero\defogger_reenable

[2010/04/09 15:28:50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Childhood Hero\Desktop\Defogger.exe

[2010/04/09 15:07:36 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/04/09 14:30:40 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/09 13:31:00 | 000,013,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2276617007

[2010/04/09 13:30:12 | 000,012,984 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1282815464

[2010/04/08 19:49:22 | 000,000,004 | ---- | M] () -- C:\Program Files\2594531.dat

[2010/04/08 19:46:16 | 000,008,892 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aax2jNyu4r5m2

[2010/04/08 19:46:16 | 000,003,370 | -HS- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\3301183561

[2010/04/08 19:46:16 | 000,003,370 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3164876522

[2010/04/08 19:46:15 | 000,005,132 | -HS- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\aax2jNyu4r5m2

[2010/04/08 19:46:15 | 000,005,132 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3301183561

[2010/04/08 19:46:14 | 000,005,258 | -HS- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\3164876522

[2010/04/08 19:44:34 | 000,200,704 | -HS- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\2096834811.dll

[2010/04/08 19:12:18 | 000,018,064 | ---- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/04/08 19:12:13 | 000,016,642 | -HS- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\H41tSvv

[2010/04/08 19:12:13 | 000,016,642 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\H41tSvv

[2010/04/08 19:09:07 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\rundll32.exe.delme192

[2010/04/08 18:48:13 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\rundll32.exe.delme178

[2010/04/08 18:47:59 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\rundll32 .exe

[2010/04/08 18:23:10 | 000,016,622 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2792665214

[2010/04/08 17:16:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\uvztn.sys

[2010/04/08 17:05:28 | 000,090,624 | ---- | M] () -- C:\WINDOWS\System32\app_dll.dll

[2010/04/08 17:04:21 | 000,020,000 | ---- | M] () -- C:\WINDOWS\System32\krzb7i.dll

[2010/04/08 17:03:31 | 000,037,888 | ---- | M] () -- C:\WINDOWS\System32\awxm.vho

[2010/04/08 17:03:09 | 000,000,006 | ---- | M] () -- C:\WINDOWS\system32^iphy.dll

[2010/04/08 17:03:05 | 000,004,608 | ---- | M] () -- C:\WINDOWS\System32\srsvc.dll

[2010/04/08 17:02:12 | 000,184,832 | ---- | M] () -- C:\WINDOWS\Xfimya.exe

[2010/04/08 17:02:11 | 000,071,680 | RHS- | M] () -- C:\WINDOWS\System32\dpwsockh.dll

[2010/04/06 02:04:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-842925246-839522115-1003Core.job

[2010/04/05 21:37:08 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/04/05 21:30:29 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/04/05 11:12:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/04/04 14:25:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/30 18:17:06 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouSendIt.lnk

[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/09 15:33:17 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Childhood Hero\Desktop\Defogger.exe

[2010/04/09 15:32:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Childhood Hero\defogger_reenable

[2010/04/09 15:07:36 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010/04/09 14:30:40 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/09 13:28:46 | 000,013,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2276617007

[2010/04/09 13:28:05 | 000,012,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1282815464

[2010/04/09 13:27:34 | 000,012,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k2IQ0LMb2L

[2010/04/09 13:27:34 | 000,012,938 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\k2IQ0LMb2L

[2010/04/08 19:49:22 | 000,000,004 | ---- | C] () -- C:\Program Files\2594531.dat

[2010/04/08 19:44:34 | 000,200,704 | -HS- | C] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\2096834811.dll

[2010/04/08 19:44:32 | 000,005,258 | -HS- | C] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\3164876522

[2010/04/08 19:44:24 | 000,003,370 | -HS- | C] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\3301183561

[2010/04/08 19:44:24 | 000,003,370 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3164876522

[2010/04/08 19:44:14 | 000,005,132 | -HS- | C] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\aax2jNyu4r5m2

[2010/04/08 19:44:14 | 000,005,132 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3301183561

[2010/04/08 19:44:07 | 000,008,892 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aax2jNyu4r5m2

[2010/04/08 19:12:12 | 000,016,642 | -HS- | C] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\H41tSvv

[2010/04/08 18:23:08 | 000,016,622 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2792665214

[2010/04/08 17:05:35 | 000,016,642 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\H41tSvv

[2010/04/08 17:05:27 | 000,090,624 | ---- | C] () -- C:\WINDOWS\System32\app_dll.dll

[2010/04/08 17:04:21 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\krzb7i.dll

[2010/04/08 17:04:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\uvztn.sys

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2010/04/08 17:03:54 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010/04/08 17:03:35 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\awxm.vho

[2010/04/08 17:03:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\system32^iphy.dll

[2010/04/08 17:02:50 | 000,184,832 | ---- | C] () -- C:\WINDOWS\Xfimya.exe

[2010/04/08 17:02:27 | 000,000,296 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[2010/04/08 17:02:20 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010/04/08 17:02:11 | 000,071,680 | RHS- | C] () -- C:\WINDOWS\System32\dpwsockh.dll

[2010/04/08 17:02:11 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\urtial.job

[2010/04/05 21:37:08 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/04/05 21:30:29 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/03/30 18:17:06 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouSendIt.lnk

[2010/03/15 18:24:32 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Childhood Hero\ntuser.ini

[2010/03/15 18:24:28 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Childhood Hero\ntuser.dat

[2010/03/15 18:24:28 | 000,065,536 | -H-- | C] () -- C:\Documents and Settings\Childhood Hero\NTUSER.dat.LOG

[2009/12/09 00:11:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/12/09 00:11:12 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/22 16:05:33 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/11/04 14:37:06 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2009/11/04 14:37:05 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2009/11/04 14:35:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll

[2009/11/04 14:33:18 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2009/11/04 13:30:05 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\srsvc.dll

[2007/02/06 18:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2007/02/06 18:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/08/17 20:00:00 | 000,073,748 | -H-- | C] () -- C:\WINDOWS\System32\Iasex.dll

[2004/08/10 04:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll

[2004/08/10 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/08/10 04:00:00 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\seagate.sys

========== LOP Check ==========

[2010/04/08 19:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\08593429

[2010/04/08 17:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\73759031

[2009/12/20 14:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM

[2010/04/09 14:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/11/17 02:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2010/01/12 13:03:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2009/11/04 13:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream

[2010/01/13 16:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek

[2010/04/05 21:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/04/09 15:07:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[2009/11/13 16:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/04/10 15:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Childhood Hero\Application Data\jdkasjyvm

[2010/04/10 15:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Childhood Hero\Application Data\qpyasimuw

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2010/04/10 15:27:54 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

[2010/04/10 15:25:34 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\urtial.job

[2010/04/10 15:26:03 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010/04/10 15:26:03 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: ATAPI.SYS >

[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/10 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll

[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2004/08/10 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >

[2006/05/11 09:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >

[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll

[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2004/08/10 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >

[2006/03/16 17:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >

[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll

[2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2004/08/10 04:00:00 | 001,251,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

[2010/04/08 17:02:11 | 000,071,680 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\dpwsockh.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

OTL Extras logfile created on: 4/10/2010 3:26:36 PM - Run 1

OTL by OldTimer - Version 3.2.1.1 Folder = E:\

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 593.00 Mb Available Physical Memory | 58.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 54.48 Gb Total Space | 25.60 Gb Free Space | 46.98% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 54.48 Gb Total Space | 8.04 Gb Free Space | 14.77% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CHILDHOO-320F3C

Current User Name: Childhood Hero

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- File not found

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (Portable Library)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)

"C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

You're welcome :)

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL

    PRC - [2010/04/10 15:20:49 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eowxupjbk\oaqoqrjtssd.exe
    PRC - [2010/04/10 15:20:48 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\scxxuyxlb\oqjgfhvtssd.exe
    PRC - [2010/04/10 15:20:47 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\aonxuykkm\ortbgxotssd.exe
    PRC - [2010/04/10 15:20:46 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Application Data\qpyasimuw\dipdositssd.exe
    PRC - [2010/04/10 15:20:45 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Application Data\jdkasjyvm\digimcptssd.exe
    PRC - [2010/04/10 15:20:44 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\oejhbmmds\ciktflntssd.exe
    PRC - [2010/04/10 15:20:43 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eqefwfruk\tknhdtntssd.exe
    PRC - [2010/04/10 15:20:40 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Mike\Local Settings\Temp\geurge.exe
    PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eqefwfruk\tknhdtntssd .exe
    PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Local Settings\Application Data\aonxuykkm\ortbgxotssd .exe
    PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Local Settings\Application Data\scxxuyxlb\oqjgfhvtssd .exe
    PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eowxupjbk\oaqoqrjtssd .exe
    PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Application Data\qpyasimuw\dipdositssd .exe
    PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Application Data\jdkasjyvm\digimcptssd .exe
    PRC - [2010/04/09 14:45:02 | 000,271,104 | ---- | M] () -- c:\Documents and Settings\Childhood Hero\Local Settings\Application Data\oejhbmmds\ciktflntssd .exe
    MOD - [2010/04/08 17:04:21 | 000,020,000 | ---- | M] () -- C:\WINDOWS\system32\krzb7i.dll
    SRV - [2010/04/08 17:03:05 | 000,004,608 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
    SRV - [2004/08/17 20:00:00 | 000,073,748 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\Iasex.dll -- (Ias)
    SRV - [2004/08/10 04:00:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
    O2 - BHO: (C:\WINDOWS\system32\krzb7i.dll) - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\krzb7i.dll ()
    O4 - HKLM..\Run: [ewrgetuj] C:\Documents and Settings\Mike\Local Settings\Temp\geurge.exe (Portable Library)
    O4 - HKLM..\Run: [jnolnoca] C:\Documents and Settings\Childhood Hero\Application Data\qpyasimuw\dipdositssd.exe (Portable Library)
    O4 - HKLM..\Run: [rrlihxpi] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\oejhbmmds\ciktflntssd.exe (Portable Library)
    O4 - HKLM..\Run: [ufspoamq] C:\Documents and Settings\Childhood Hero\Application Data\jdkasjyvm\digimcptssd.exe (Portable Library)
    O4 - HKLM..\Run: [vacoolax] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eqefwfruk\tknhdtntssd.exe (Portable Library)
    O4 - HKCU..\Run: [fqauyfnj] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eowxupjbk\oaqoqrjtssd.exe (Portable Library)
    O4 - HKCU..\Run: [imhkrouk] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\scxxuyxlb\oqjgfhvtssd.exe (Portable Library)
    O4 - HKCU..\Run: [jnolnoca] C:\Documents and Settings\Childhood Hero\Application Data\qpyasimuw\dipdositssd.exe (Portable Library)
    O4 - HKCU..\Run: [notepad] C:\Documents and Settings\NetworkService\ntload.dll ()
    O4 - HKCU..\Run: [rrlihxpi] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\oejhbmmds\ciktflntssd.exe (Portable Library)
    O4 - HKCU..\Run: [ufspoamq] C:\Documents and Settings\Childhood Hero\Application Data\jdkasjyvm\digimcptssd.exe (Portable Library)
    O4 - HKCU..\Run: [vacoolax] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eqefwfruk\tknhdtntssd.exe (Portable Library)
    O4 - HKCU..\Run: [vtcgqelt] C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\aonxuykkm\ortbgxotssd.exe (Portable Library)
    O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - hasiufhiusdfjdhfudd - C:\WINDOWS\system32\krzb7i.dll ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    [2010/04/10 15:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\kglyjunab
    [2010/04/10 15:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\dtwyjvbaq
    [2010/04/10 15:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\eowxupjbk
    [2010/04/10 15:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\scxxuyxlb
    [2010/04/10 15:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\aonxuykkm
    [2010/04/09 15:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Application Data\qpyasimuw
    [2010/04/09 15:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\qpyasimuw
    [2010/04/09 15:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Application Data\jdkasjyvm
    [2010/04/09 15:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\jdkasjyvm
    [2010/04/09 15:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\oejhbmmds
    [2010/04/08 17:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\73759031
    [2010/04/09 13:31:00 | 000,013,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2276617007
    [2010/04/09 13:30:12 | 000,012,984 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1282815464
    [2010/04/08 19:49:22 | 000,000,004 | ---- | M] () -- C:\Program Files\2594531.dat
    [2010/04/08 19:46:16 | 000,008,892 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aax2jNyu4r5m2
    [2010/04/08 19:46:16 | 000,003,370 | -HS- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\3301183561
    [2010/04/08 19:46:16 | 000,003,370 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3164876522
    [2010/04/08 19:46:15 | 000,005,132 | -HS- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\aax2jNyu4r5m2
    [2010/04/08 19:46:15 | 000,005,132 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3301183561
    [2010/04/08 19:46:14 | 000,005,258 | -HS- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\3164876522
    [2010/04/08 19:44:34 | 000,200,704 | -HS- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\2096834811.dll
    [2010/04/08 19:12:13 | 000,016,642 | -HS- | M] () -- C:\Documents and Settings\Childhood Hero\Local Settings\Application Data\H41tSvv
    [2010/04/08 19:12:13 | 000,016,642 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\H41tSvv
    [2010/04/08 19:09:07 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\rundll32.exe.delme192
    [2010/04/08 18:48:13 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\rundll32.exe.delme178
    [2010/04/08 18:47:59 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Childhood Hero\rundll32 .exe
    [2010/04/08 18:23:10 | 000,016,622 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2792665214
    [2010/04/08 17:16:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\uvztn.sys
    [2010/04/08 17:05:28 | 000,090,624 | ---- | M] () -- C:\WINDOWS\System32\app_dll.dll
    [2010/04/08 17:04:21 | 000,020,000 | ---- | M] () -- C:\WINDOWS\System32\krzb7i.dll
    [2010/04/08 17:03:31 | 000,037,888 | ---- | M] () -- C:\WINDOWS\System32\awxm.vho
    [2010/04/08 17:03:09 | 000,000,006 | ---- | M] () -- C:\WINDOWS\system32^iphy.dll

    :Services
    C:\WINDOWS\system32\srsvc.dll
    C:\WINDOWS\system32\Iasex.dll
    C:\WINDOWS\system32\6to4v32.dll

    :Files
    C:\WINDOWS\tasks\At*.job
    C:\Documents and Settings\Childhood Hero\rundll32.exe

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.