Jump to content

Trojans undetected by malwarebyte.


Recommended Posts

Hello, just so i can be quick, i will copy and paste from another post...

"Can you help me out, this is the problem.

I got CIS a few days ago, well the antivirus that is, i had the firewall, i just added the antivirus bit.

When i scanned, it kept on freezing whenever it found a virus... so i had to force manual shut down my pc every time i tried.

anyways

so i went into safemode today. i tried to scan with comodo antivirus but when i clicked it came up with this message

"update failed. Error code 0x80004002. No such interface supported. "

something like that. Also on the left with the big sheild picture it said.

"The defence+ is not functioning properly!"

and under that notice there was a button saying "run diagnostics"

even worse, remeber when i said that it freezed when it found the viruses. Well i had to force shut down, but the viruses were found. Just a minute ago i clicked on the comodo internet security, and whenever i clicked on the hyperlinked number showing number of viruses (it said 0), when i clicked it showed all these viruses all in the system restore area.

And the number 0 turned to number 1.

And as soon as i clicked the hyperlinked 0, this comodo firewall alert window poped up but it froze there, so it was blank white. Then the whole pc froze... I had to force shut down again.

In safemode, i even scanned with malwarebytes antimalware but nothing came up.

What shall i do, please help! "

this is the previouse post. Ok so one of the members here asked me to do follow the instructions and post a log. I will do so as asked. Thing is, before i say this, malwarebyte doesnt detect anything...

anyways...

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6369

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15/04/2011 19:20:31

mbam-log-2011-04-15 (19-20-31).txt

Scan type: Quick scan

Objects scanned: 153321

Time elapsed: 10 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

there is the log...

please help me out, thank you

Link to post
Share on other sites

  • Replies 81
  • Created
  • Last Reply

Top Posters In This Topic

Hi Otherguyx,

:welcome: My name is Matt and I will be helping you clean up your computer.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

ok so i did as you said. You didnt say to disable firewall of comodo internet security, so i didnt do that. I just disabled the antivirus etc... Also, the tdss killer didnt find anything in my pc. So yeah. There was no log or anything.

here is the log for the combofix.

=========================================================================================================================================================================

ComboFix 11-04-16.01 - Administrator 17/04/2011 10:52:08.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.759.125 [GMT 1:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\BITS

c:\documents and settings\Administrator\Application Data\BITS\BITS.ini

c:\documents and settings\Administrator\Application Data\inst.exe

c:\documents and settings\Administrator\WINDOWS

.

.

((((((((((((((((((((((((( Files Created from 2011-03-17 to 2011-04-17 )))))))))))))))))))))))))))))))

.

.

2011-04-14 19:33 . 2011-04-17 09:42 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2011-04-13 20:25 . 2011-04-13 20:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-04-08 17:19 . 2011-04-08 17:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\.minecraft

2011-04-08 16:43 . 2011-04-08 16:43 -------- d-----w- c:\program files\Geeks3D

2011-04-08 15:16 . 2011-04-08 15:16 -------- d-----w- c:\program files\BitTorrent

2011-04-08 15:15 . 2011-04-08 15:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent

2011-03-23 16:57 . 2011-03-18 17:57 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-03-23 16:57 . 2011-03-18 17:57 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-03-23 16:57 . 2011-03-18 17:57 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-03-23 16:57 . 2011-03-18 17:57 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-03-23 16:57 . 2011-03-18 17:57 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-03-23 16:57 . 2011-03-18 17:57 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-03-23 16:57 . 2011-03-18 17:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-03-23 16:57 . 2011-03-18 17:57 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2004-08-04 07:56 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2004-08-04 07:56 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-04 06:17 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 23:06 . 2004-08-04 07:56 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2004-08-04 07:56 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2004-08-04 06:15 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2004-08-04 06:14 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-11-08 03:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2004-08-04 07:56 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2004-08-04 07:56 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-04 07:56 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2004-08-04 07:56 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2004-08-04 07:56 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 07:58 . 2004-08-04 05:59 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2004-08-04 05:59 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2004-08-04 07:56 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-03-18 17:57 . 2011-03-23 16:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2009-12-23 15:40 . 2009-12-23 15:40 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll

2009-12-23 15:40 . 2009-12-23 15:40 296800 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]

"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MAKTray"="MAKTray.exe" [2004-08-28 287232]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"LayoutM"="KLayMgr.exe" [2004-08-17 45056]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-17 2548552]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp WinStyler\WinStyler\tu_logonui.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Thoosje Sevenbar.lnk]

backup=c:\windows\pss\Thoosje Sevenbar.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]

backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]

2008-04-13 12:39 49152 ----a-w- c:\program files\Vista Drive Icon\DrvIcon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-01-15 22:15 135664 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]

2008-06-15 12:14 1692672 ----a-w- c:\program files\HDD Health\hddhealth.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]

2010-11-06 22:24 1867888 ----a-w- c:\program files\PeerBlock\peerblock.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 01:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TwonkyMedia"=2 (0x2)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=

"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [06/01/2011 18:37 15592]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [06/01/2011 18:37 239368]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [06/01/2011 18:37 27576]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16/11/2009 09:03 108792]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16/11/2009 09:06 96408]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16/11/2009 09:04 735960]

R2 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [23/10/2008 09:43 761856]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/11/2009 05:04 133104]

S4 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - klmd25

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-17 c:\windows\Tasks\User_Feed_Synchronization-{6A9071D3-A675-4FAE-A484-C92EDCEB6AC5}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: kuaiche.com\software

TCP: {49A9F860-294F-47B0-8D00-D4EA9BAC7570} = 208.67.222.222,208.67.220.220

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9surc6kn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - google.co.uk

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-17 10:58

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose, ZwOpenFile

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1791258860-1228881605-2768951137-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,2b,8b,8b,d5,26,5a,4e,8e,49,ab,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,30,29,e6,2d,54,7e,48,9e,a8,62,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,2b,8b,8b,d5,26,5a,4e,8e,49,ab,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(948)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'lsass.exe'(1004)

c:\windows\system32\guard32.dll

.

Completion time: 2011-04-17 11:01:20

ComboFix-quarantined-files.txt 2011-04-17 10:01

.

Pre-Run: 110,246,391,808 bytes free

Post-Run: 111,287,803,904 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 6804A8567A48D476A8B563B81DB2BE32

Link to post
Share on other sites

Hi Otherguyx,

I see you are using both ESET Nod32, and Comodo Internet Security. Are you just using the Comodo firewall and have the AV disabled?

Using Internet Explorer, Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Link to post
Share on other sites

I did as you said but it came up as an error saying this

0 [ERROR: Anti-virus database was updated after license expiry]

this was seen on the second window of the updating. It was downloading 117 meg or smoething, then it increased to 200 meg or something. And then i went, came back, and this came up.

what shall i do?

Link to post
Share on other sites

Lets try a different scanner:

Please download Dr.Web CureIt . Save it to your desktop:

  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
  • This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Please post the Dr.Web.txt report in your next reply
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

Link to post
Share on other sites

ok wow, that took a REALLLLY long time. 1 hour for express scan, 5 hours for the complete scan. Tiered.

A0000229.exe;C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP4;Trojan.Inject.26087;Incurable.Moved.;

one virus came up. Couldnt be cured, was moved. I rebooted. Its in the thingy... forgot what its called now... quarintine, thats it. Its moved to quarintine. What do i do now?

Do i have to do another really big scan?

BTW when i finished, and i pressed close dr webcureit or whatever, it said it found a virus and said i should do a complete scan, even though i already just did one.

Do i have to do that again?

Link to post
Share on other sites

No need to run it again.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

ok its done

==============================================

OTL.TXT

OTL logfile created on: 19/04/2011 11:03:44 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

759.00 Mb Total Physical Memory | 498.00 Mb Available Physical Memory | 66.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 103.16 Gb Free Space | 69.24% Space Free | Partition Type: NTFS

Drive H: | 963.73 Mb Total Space | 963.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Drive J: | 3.82 Gb Total Space | 2.72 Gb Free Space | 71.21% Space Free | Partition Type: FAT32

Computer Name: MIZAN | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

PRC - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()

PRC - C:\Program Files\isposure\IsposureAgent.exe (Epitiro Ltd.)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

PRC - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\RocketDock\RocketDock.exe ()

PRC - C:\WINDOWS\MAKHkey.exe (HP)

PRC - C:\WINDOWS\MAKTray.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\guard32.dll (COMODO)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\RocketDock\RocketDock.dll ()

========== Win32 Services (SafeList) ==========

SRV - (TUWinStylerThemeSvc) -- File not found

SRV - (HidServ) -- File not found

SRV - (DTSRVC) -- File not found

SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

SRV - (isposure_svc) -- C:\Program Files\isposure\IsposureAgent.exe (Epitiro Ltd.)

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (TwonkyMedia) -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe (PacketVideo)

SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)

DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)

DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)

DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)

DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)

DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)

DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)

DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)

DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)

DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)

DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)

DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)

DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)

DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)

DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)

DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)

DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)

DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)

DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)

DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)

DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)

DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 17:57:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 17:57:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/04/17 12:45:22 | 000,000,000 | ---D | M]

[2010/02/16 17:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2011/04/15 13:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9surc6kn.default\extensions

[2011/01/28 19:02:12 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9surc6kn.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

[2010/10/30 19:10:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9surc6kn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/04/15 13:50:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9surc6kn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011/03/05 17:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9surc6kn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2010/10/18 09:29:59 | 000,000,000 | ---D | M] (FireDownload) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9surc6kn.default\extensions\firedownload@mozilla.org

[2011/03/05 17:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9surc6kn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions

[2011/03/23 17:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2009/12/23 16:40:28 | 000,151,392 | ---- | M] (Keynote Systems) -- C:\Program Files\Mozilla Firefox\components\FFConnectorLauncher.dll

[2009/12/23 16:40:28 | 000,296,800 | ---- | M] (Keynote Systems) -- C:\Program Files\Mozilla Firefox\components\FFSource.dll

[2009/11/07 05:02:40 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/17 10:58:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [LayoutM] C:\WINDOWS\KLayMgr.exe (Chicony)

O4 - HKLM..\Run: [MAKTray] C:\WINDOWS\MAKTray.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()

O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp WinStyler\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp WinStyler\WinStyler\tu_logonui.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/19 11:01:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2011/04/18 10:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb

[2011/04/17 10:50:34 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/04/17 10:47:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/04/17 10:47:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/04/17 10:47:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/04/17 10:47:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/04/17 10:46:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/04/17 10:46:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/04/17 10:42:51 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe

[2011/04/14 20:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO

[2011/04/14 12:06:21 | 035,227,464 | ---- | C] (COMODO) -- C:\Documents and Settings\Administrator\Desktop\cav_installer_x86.exe

[2011/04/10 11:54:53 | 035,227,976 | ---- | C] (COMODO) -- C:\Documents and Settings\Administrator\Desktop\cispremium_installer_x86.exe

[2011/04/08 18:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\.minecraft

[2011/04/08 17:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Geeks3D

[2011/04/08 17:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\Geeks3D

[2011/04/08 17:42:16 | 003,881,463 | ---- | C] (Geeks3D.com ) -- C:\Documents and Settings\Administrator\Desktop\FurMark_1.9.0.exe

[2011/04/08 16:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent

[2011/04/08 16:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent

[2011/04/08 16:14:46 | 004,770,672 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Administrator\Desktop\BitTorrent-7.2.1.exe

[2011/03/20 20:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\pics

[2010/01/13 20:53:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/04/19 11:05:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6A9071D3-A675-4FAE-A484-C92EDCEB6AC5}.job

[2011/04/19 11:01:56 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat

[2011/04/19 09:02:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/19 09:02:00 | 796,397,568 | -HS- | M] () -- C:\hiberfil.sys

[2011/04/19 09:02:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/18 17:13:26 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DrWeb.csv

[2011/04/17 21:26:10 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel

[2011/04/17 20:26:40 | 000,096,558 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cyanogen mod

[2011/04/17 18:50:23 | 059,981,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe

[2011/04/17 10:58:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/04/17 10:50:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/04/17 02:14:46 | 004,323,092 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2011/04/15 18:06:19 | 000,083,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\comodo.xml

[2011/04/15 15:25:58 | 000,026,455 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\www.google.co.uk.html

[2011/04/14 20:30:37 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk

[2011/04/13 21:25:01 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/13 21:20:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/04/13 21:19:01 | 000,479,648 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/13 21:19:01 | 000,079,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/13 17:04:20 | 000,263,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\c3june2009.PDF

[2011/04/13 11:33:22 | 000,014,032 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\graphpaper.pdf

[2011/04/12 12:17:53 | 000,018,860 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sh39.html

[2011/04/08 17:43:25 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FurMark.lnk

[2011/04/08 17:42:27 | 003,881,463 | ---- | M] (Geeks3D.com ) -- C:\Documents and Settings\Administrator\Desktop\FurMark_1.9.0.exe

[2011/04/08 16:16:30 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk

[2011/04/02 18:55:17 | 000,511,838 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\B3T1.pdf

[2011/04/02 18:33:22 | 000,022,355 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\B3T1.mm

[2011/03/31 01:31:16 | 004,770,672 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Administrator\Desktop\BitTorrent-7.2.1.exe

[2011/03/26 19:44:33 | 000,089,574 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\geo sheet.pdf

[2011/03/26 13:59:10 | 087,695,781 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\module_dreams_for_the_sleepless.mp3

[2011/03/23 17:57:49 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/03/21 22:43:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2011/03/20 14:00:25 | 000,004,654 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Attach.rar

========== Files Created - No Company Name ==========

[2011/04/18 17:13:26 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DrWeb.csv

[2011/04/17 21:26:37 | 059,981,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe

[2011/04/17 21:26:10 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel

[2011/04/17 20:26:40 | 000,096,558 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cyanogen mod

[2011/04/17 10:50:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/04/17 10:50:35 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/04/17 10:47:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/04/17 10:47:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/04/17 10:47:06 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/04/17 10:47:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/04/17 10:47:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/04/17 10:44:20 | 004,323,092 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2011/04/17 10:42:29 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip

[2011/04/17 10:42:28 | 000,026,455 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\www.google.co.uk.html

[2011/04/17 10:42:28 | 000,018,860 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sh39.html

[2011/04/15 18:12:46 | 796,397,568 | -HS- | C] () -- C:\hiberfil.sys

[2011/04/15 18:06:19 | 000,083,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\comodo.xml

[2011/04/14 20:33:00 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat

[2011/04/14 20:30:37 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk

[2011/04/14 14:55:08 | 000,014,032 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\graphpaper.pdf

[2011/04/13 17:12:28 | 000,263,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\c3june2009.PDF

[2011/04/08 17:43:25 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FurMark.lnk

[2011/04/08 16:16:30 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk

[2011/04/02 18:54:59 | 000,511,838 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\B3T1.pdf

[2011/04/02 17:53:37 | 000,022,355 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\B3T1.mm

[2011/03/26 19:45:04 | 000,089,574 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\geo sheet.pdf

[2011/03/26 13:40:56 | 087,695,781 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\module_dreams_for_the_sleepless.mp3

[2011/03/23 17:57:49 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/03/23 17:57:49 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/03/20 19:33:01 | 000,655,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MicrosoftFixit50471.msi

[2011/03/20 14:00:25 | 000,004,654 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Attach.rar

[2011/03/20 13:46:42 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr

[2010/10/26 01:50:37 | 000,179,928 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/04/09 16:16:00 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010/01/25 20:49:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI

[2010/01/24 13:26:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll

[2010/01/23 15:16:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/01/23 14:49:16 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2010/01/13 20:53:57 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml

[2010/01/13 20:53:26 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat

[2010/01/13 20:53:26 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf

[2009/11/22 11:27:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.13.120417.573_XP_Vista_x32.INI

[2009/11/13 09:40:48 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/08 08:31:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat

[2009/11/07 14:13:42 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

[2009/11/07 07:53:22 | 000,068,973 | ---- | C] () -- C:\WINDOWS\hpoins05.dat

[2009/11/07 07:53:21 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat

[2009/11/07 05:54:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/11/07 02:39:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2009/11/07 02:39:20 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2009/11/07 02:39:14 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2009/11/07 02:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2009/11/07 02:36:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2009/11/07 02:26:56 | 000,000,739 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/11/06 19:58:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/11/06 19:56:25 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\std201mt.dll

[2009/11/06 19:56:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\MAKUSB.dll

[2009/11/06 19:56:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\MAKHkdll.dll

[2009/11/06 19:54:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/11/06 19:54:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/11/06 19:54:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/11/06 19:54:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/11/06 19:54:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/11/06 19:54:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/11/06 19:52:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll

[2009/11/06 12:08:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll

[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll

[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll

[2004/08/10 18:53:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/09 21:44:34 | 000,479,648 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/09 21:44:34 | 000,079,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/09 21:40:44 | 000,303,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/09 21:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/09 21:28:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2001/08/17 21:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/17 21:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/17 21:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/07/21 22:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/07/21 22:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/04/08 18:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft

[2011/04/18 21:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.purple

[2010/05/08 15:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AnvSoft

[2010/01/28 20:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus

[2011/04/08 16:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent

[2010/02/12 20:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence

[2010/06/02 21:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Character Creator

[2011/02/12 20:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DisplayTune

[2010/01/25 20:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FlashGet

[2010/01/25 20:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FlashGetBHO

[2009/11/07 05:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit

[2009/11/28 21:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software

[2010/07/22 18:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GoodSync

[2011/04/17 20:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0

[2009/11/21 19:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IconTweaker

[2009/11/07 09:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2010/02/01 21:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Keynote Systems

[2009/12/01 16:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Launchy

[2009/11/08 07:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller

[2009/12/05 14:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia

[2009/11/21 11:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nseries

[2011/03/08 17:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenDNS Updater

[2010/03/29 17:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera

[2009/11/29 18:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite

[2009/12/19 14:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Recorder

[2010/01/24 13:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab

[2009/12/13 15:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software

[2009/12/07 21:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2011/04/08 16:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent

[2010/02/18 17:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VOWSoft

[2010/01/13 22:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso

[2009/12/05 22:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2009/11/21 19:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2011/04/18 17:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Epitiro

[2010/04/17 12:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2010/06/26 19:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync

[2009/11/21 19:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker

[2009/11/17 23:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2009/11/21 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2010/06/26 19:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2010/05/20 19:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stormtronics

[2011/03/11 19:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/12/13 16:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2010/02/16 15:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar

[2010/01/13 22:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2011/04/19 11:05:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6A9071D3-A675-4FAE-A484-C92EDCEB6AC5}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

=============================================================================================================

Extras.txt

OTL Extras logfile created on: 19/04/2011 11:03:45 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

759.00 Mb Total Physical Memory | 498.00 Mb Available Physical Memory | 66.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 103.16 Gb Free Space | 69.24% Space Free | Partition Type: NTFS

Drive H: | 963.73 Mb Total Space | 963.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Drive J: | 3.82 Gb Total Space | 2.72 Gb Free Space | 71.21% Space Free | Partition Type: FAT32

Computer Name: MIZAN | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

BTW before i post the log. Can you not lock it straight away as i have a few minor questions to ask even after everythings cleared up. I hope you dont mind.

But for now i was wondering if the viruses are gone, and if i am safe to buy online again? Also, i have both eset nod32 and CIS running at the same time. Is this bad? I always thought having two antiviruses means twice the protection.

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 130687771 bytes

->Temporary Internet Files folder emptied: 579552537 bytes

->Java cache emptied: 1892411 bytes

->FireFox cache emptied: 67577859 bytes

->Google Chrome cache emptied: 359997453 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 39941 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 83076 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,087.00 mb

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 04202011_114923

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_4b0.dat not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

BTW before i post the log. Can you not lock it straight away as i have a few minor questions to ask even after everythings cleared up. I hope you dont mind.

No worries, I will not close this topic until you are clean, and I have answered all of your questions :)

But for now i was wondering if the viruses are gone, and if i am safe to buy online again?

Yes, your computer as of right now is clean of any malware. I would wait to do any online shopping until my all clean/prevention speech because it will give you some options on how to better protect your computer.

Also, i have both eset nod32 and CIS running at the same time. Is this bad? I always thought having two antiviruses means twice the protection.

It is not good to have more than one AntiVirus program running at the same time if both of their real-time protection is enabled. They can conflict with each other and even slow your system down. Please choose either ESET Nod32 or Comodo, and uninstall the other. Is your subscription current with Nod32?

Link to post
Share on other sites

Your log looks clean, Great Job! :)

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg


    Now for some cleanup..
    Please download OTC and save it to Desktop.
    • Please make sure you are connecting to the Internet
    • Double-click OTC.exe
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    The easiest and safest way to do this is:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

[*]Make your Internet Explorer more secure - This can be done by following these simple instructions:

  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.


    1. Next press the Apply button and then the OK to exit the Internet Properties page.


    2. Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
    3. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
    4. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    5. Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
    6. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    7. Update Non-Microsoft Programs - It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

      Follow this list and your potential for being infected again will reduce dramatically.
      Here are some additional utilities that will enhance your safety
      • Norton Safe Web <= Norton Safe Web protects your browser against malicious sites and warns you when you go to one.
      • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Link to post
Share on other sites

Hey, i got a few questions.

1) Do you reccomend i get a different antivirus as opposed to CIS. I am no longer able to continue subscription with ESET NOD 32. So i have to switch to af ree one. Would you reccomend comodo fireawll and security or not? It includes the antivirisu.

2) Why does comodo alert me of every single thing that is SAFE as unsafe. Like just now it came up with my phone being a potential harm or something... its really annoying.

Link to post
Share on other sites

Hi Otherguyx,

1) Do you reccomend i get a different antivirus as opposed to CIS. I am no longer able to continue subscription with ESET NOD 32. So i have to switch to af ree one. Would you reccomend comodo fireawll and security or not? It includes the antivirisu.

I personally recommend Microsoft Security Essentials for a free AntiVirus program. It has very good detection ratings and will keep your computer protected against the latest threats. To complement Microsoft Security Essentials, I recommend Online Armor Free for your firewall. Those two free programs, along with Malwarebytes Anti-Malware, will help keep your computer secure from online threats.

2) Why does comodo alert me of every single thing that is SAFE as unsafe. Like just now it came up with my phone being a potential harm or something... its really annoying.

Comodo Internet Security has a built in HIPS program which stands for Host Intrusion Prevention System. Basically, Comodo will notify you of any changes to the system for programs not in their White list. That is why you were notified about your phone.

Link to post
Share on other sites

To remove Nod32 AntiVirus:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

ESET NOD32 Antivirus

also, is it ok to use mywot instead of norton safeweb thing, i been using wot for a few months and i quite like it?

Sure, MyWOT does the same thing, the only difference is that MyWOT is more community based, so there are a lot of False Positives, even on legit sites, so just be careful about that.

Link to post
Share on other sites

AVG used to be good, now they have become bloatware and detect many legit system files which we call False Positives.

I recommend for free AV either Microsoft Security Essentials, avast! Free, or AntiVir Personal.

For paid AV, I recommend either Norton AntiVirus or ESET NOD32 Antivirus.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.