Jump to content

Smart HDD Virus


Recommended Posts

You will have to make your own shortcuts and put them into the start menu folder. Go to your program files folder and find the .exe files you need, make a short cut, put that in the start menu folder under the user you are trying to recover them for. There is no automated way to get them back.

Link to post
Share on other sites

I already tried to do that, but all the .exe are gone for every program. I don't know if we should try to fix the virus or if I should just take it to someone and pay to have the entire drive wiped and start all over. For now, let's just try to fix the virus problem as I need to be able to use my computer. I will see if I have all my original discs to reinstall ALL those programs. I have not been on the web or made any changes since we talked a week ago. I am, however, still getting warnings of a TRAP.GenZ (something like that) file in one of the folders on my C:\ drive. I also know that there are still some registry entries associated with the virus.

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

The same thing that happened the last time I tried to run ComboFix happened this time - no log but a new "folder" on my C drive called C:\32788R22FWJFW.

I was looking through the OTL log file and wondered if we could use the OTL Restore Point to back up to the point where we hadn't deleted all my TEMP files. The first suggestion when dealing with Smart HDD is to NOT delete your TEMP files as the virus moves your programs there. If we back up, can I use UNHIDE to maybe restore my .exe's? Just a thought.

It took me a while to get back to you as the computer I am using to send messages is having its own issues.

Let me know what you think the next step is.

Link to post
Share on other sites

Here is the ComboFix Log. I did get an ERROR trying to install the Recovery Console stating: "Boot Partition cannot

be enumerated correctly." About 2 yrs ago I had to replace my motherboard and hard drive so that may be the cause.

ComboFix 12-06-10.01 - Rob 06/11/2012 13:19:13.17.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.670 [GMT -7:00]

Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Rob\Application Data\00000540_VTS_1.IFO

c:\documents and settings\Rob\Local Settings\Application Data\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}

c:\documents and settings\Rob\Local Settings\Application Data\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\@

c:\documents and settings\Rob\Local Settings\Application Data\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\n

c:\windows\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}

c:\windows\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\@

c:\windows\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\L\00000004.@

c:\windows\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\L\1afb2d56

c:\windows\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\n

c:\windows\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\U\00000004.@

c:\windows\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\U\00000008.@

c:\windows\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\U\000000cb.@

c:\windows\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\U\80000000.@

.

.

((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))

.

.

2012-06-01 21:27 . 2012-06-02 20:09 -------- d-----w- c:\program files\STUFF

2012-05-22 21:28 . 2012-05-22 21:28 -------- d-----w- C:\_OTL

2012-05-15 22:30 . 2012-05-17 22:44 -------- d-----w- C:\HDD Virus Fix Logs (May 15, 2012)

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-25 22:47 . 2012-04-25 22:47 53248 ----a-r- c:\documents and settings\Rob\Application Data\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

2012-04-04 22:56 . 2012-02-06 06:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 20:23 . 2012-04-03 20:23 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-03 20:23 . 2011-07-12 18:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2008-11-18 210208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StacSysTray"="c:\program files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe" [2004-04-29 102400]

"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

.

c:\documents and settings\Rob\Start Menu\Programs\Startup\

Seagate Product Registration.lnk - c:\documents and settings\Rob\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe [2012-1-13 1731736]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\documents and settings\Rob\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]

2005-04-05 02:58 856064 ----a-w- c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

2005-09-08 13:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2007-03-29 22:41 222128 ----a-w- c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

2003-12-17 16:50 19968 ------w- c:\windows\LOGI_MWX.EXE

.

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/27/2010 9:09 PM 136360]

S2 SigService;Sigmatel Service;c:\program files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe --> c:\program files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 1:23 PM 253600]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 11:29 AM 118106]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/17/2010 4:47 PM 47360]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:23]

.

2012-06-11 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]

.

.

------- Supplementary Scan -------

.

IE: &Clean Traces - c:\program files\Download Accelerator Plus\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\Download Accelerator Plus\dapextie.htm

IE: Download &all with DAP - c:\program files\Download Accelerator Plus\dapextie2.htm

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

DPF: Web-Based Email Tools - hxxps://email.secureserver.net/Download.CAB

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - c:\progra~1\DOWNLO~1\DAPIEL~1.DLL

HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe

HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MSConfigStartUp-wben - c:\program files\Starfield\Desktop Notifier\wben.exe

AddRemove-32dru21_is1 - c:\program files\QueTek Disk Recoup 2.1\unins000.exe

AddRemove-Advanced SystemCare 3_is1 - c:\program files\Advanced SystemCare 3\unins000.exe

AddRemove-Download Accelerator Plus (DAP) - c:\progra~1\DOWNLO~1\DAPREMOVE.EXE

AddRemove-DVDFab 8_is1 - c:\program files\DVDFab\DVDFab 8\unins000.exe

AddRemove-Presto! Mr.Photo 3 - c:\program files\mars\Presto! Mr.Photo 3\MrPhoto3.isu

AddRemove-QueTek File Scavenger 3.2 (en) - c:\program files\QueTek File Scavenger 3.2\FileScav.exe

AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe

AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe

AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe

AddRemove-{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1 - c:\program files\Flash Capture Software\Sothink SWF Decompiler\unins000.exe

AddRemove-{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1 - c:\program files\StreamTransport\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-11 13:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1644491937-562591055-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:c0,e0,d6,b4,b9,a1,21,c7,f5,b5,bc,c5,9c,55,e8,60,9d,3f,ce,d0,10,24,71,

30,0a,f7,e7,0c,f5,a5,a1,d0,da,3d,75,c8,97,9d,91,8a,77,88,6e,b4,6a,66,9c,b3,\

"??"=hex:59,52,4d,96,40,27,6e,8f,7c,35,3d,81,cd,0f,89,4c

.

[HKEY_USERS\S-1-5-21-1644491937-562591055-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:c2,1e,91,d7,9c,ef,c0,ad,7f,a9,be,b9,ef,ec,85,23,86,18,f1,f2,41,

6c,29,51,55,a2,cd,23,74,8d,c0,a9,68,0c,02,cf,15,85,69,26,eb,9d,4f,2c,a3,09,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(624)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2012-06-11 13:30:03

ComboFix-quarantined-files.txt 2012-06-11 20:30

.

Pre-Run: 15,656,013,824 bytes free

Post-Run: 15,625,437,184 bytes free

.

- - End Of File - - 6A74BC2FEF20AA8FB819DD7C1CC3CA86

Link to post
Share on other sites

Here is the OTL Log. No Extras Log was created.

OTL logfile created on: 6/13/2012 12:43:38 AM - Run 5

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Rob\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 632.31 Mb Available Physical Memory | 61.81% Memory free

1.66 Gb Paging File | 1.32 Gb Available in Paging File | 79.50% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 14.49 Gb Free Space | 19.45% Space Free | Partition Type: NTFS

Drive D: | 3.45 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 1863.01 Gb Total Space | 33.96 Gb Free Space | 1.82% Space Free | Partition Type: NTFS

Computer Name: ROB-CCA219EB460 | User Name: Rob | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/21 14:58:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe

PRC - [2011/07/01 12:34:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/04/28 21:11:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2010/11/03 09:54:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/11/17 17:06:24 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/04/04 19:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

PRC - [2004/04/29 15:16:38 | 000,102,400 | ---- | M] (Sigmatel) -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsystray.exe

PRC - [2004/04/29 15:11:52 | 000,815,174 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsrv.exe

PRC - [2004/01/08 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (No Company Name) ==========

MOD - [2010/01/28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2004/04/29 15:11:52 | 000,815,174 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsrv.exe

MOD - [2003/08/30 09:35:00 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\actskn43.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)

SRV - File not found [Auto | Stopped] -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe -- (SigService)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2012/04/03 13:23:45 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/07/01 12:34:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/28 21:11:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2005/04/04 19:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rob\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2011/07/01 12:34:41 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/01 12:34:41 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2007/08/06 17:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2005/08/09 22:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/12/22 02:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2004/04/15 09:18:34 | 000,262,128 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)

DRV - [2004/03/30 11:29:36 | 000,118,106 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)

DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)

DRV - [2003/12/17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)

DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)

DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)

DRV - [2003/11/26 02:31:26 | 001,205,418 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2000/12/12 16:45:52 | 000,008,679 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCI0PL.SYS -- (PLSCSI)

DRV - [2000/12/12 16:41:54 | 000,021,510 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SCI1PL.SYS -- (USBAtapi2000)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo.com/search?ei=ISO-8859-1&fr=megaupi7s&q={searchTerms}

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\SearchScopes\{F7908592-680D-4A94-8911-954B0684D0E0}: "URL" = http://search.yahoo.com/search?ei=ISO-8859-1&fr=megaupi7s&q={searchTerms}

IE - HKU\S-1-5-21-1644491937-562591055-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

O1 HOSTS File: ([2012/06/11 13:27:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll File not found

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll File not found

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found

O3 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Logitech Utility] C:\windows\LOGI_MWX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [stacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\stacsystray.exe (Sigmatel)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-1644491937-562591055-725345543-1003..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - Startup: C:\Documents and Settings\Rob\Start Menu\Programs\Startup\Seagate Product Registration.lnk = C:\Documents and Settings\Rob\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1644491937-562591055-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Clean Traces - C:\Program Files\Download Accelerator Plus\Privacy Package\dapcleanerie.htm File not found

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\Download Accelerator Plus\dapextie.htm File not found

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\Download Accelerator Plus\dapextie2.htm File not found

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196226844085 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O16 - DPF: Web-Based Email Tools https://email.secureserver.net/Download.CAB (Reg Error: Key error.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/11/27 20:05:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 16:57:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe

[2012/06/12 14:48:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/06/11 13:30:05 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012/06/11 13:16:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/06/11 13:16:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/06/11 13:16:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe

[2012/06/11 13:16:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/06/11 13:15:54 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/06/07 16:58:09 | 004,540,367 | R--- | C] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe

[2012/06/01 14:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\STUFF

[2012/05/22 14:28:15 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/05/16 16:47:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe

[2012/05/16 16:43:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rob\Desktop\dds.scr

[2012/05/15 15:30:52 | 000,000,000 | ---D | C] -- C:\HDD Virus Fix Logs (May 15, 2012)

[2012/05/15 15:07:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rob\Recent

========== Files - Modified Within 30 Days ==========

[2012/06/12 23:57:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/06/12 18:01:42 | 000,103,137 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\vso_ts_preview.xml

[2012/06/12 16:54:06 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/06/11 13:39:12 | 000,001,374 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2012/06/11 13:38:51 | 000,000,236 | ---- | M] () -- C:\windows\tasks\OGALogon.job

[2012/06/11 13:36:13 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2012/06/11 13:27:28 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts

[2012/06/11 12:57:10 | 000,001,176 | ---- | M] () -- C:\Documents and Settings\Rob\Start Menu\Programs\Startup\Seagate Product Registration.lnk

[2012/06/10 18:40:56 | 004,540,367 | R--- | M] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe

[2012/05/24 15:02:58 | 000,324,589 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\winxp-pro-32bit-sm-reset.exe

[2012/05/21 14:58:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe

[2012/05/16 19:33:28 | 000,001,324 | ---- | M] () -- C:\windows\System32\d3d9caps.dat

[2012/05/16 16:48:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rob\defogger_reenable

[2012/05/16 16:47:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe

[2012/05/16 16:43:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rob\Desktop\dds.scr

[2012/05/16 16:42:41 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\SecurityCheck.exe

[2012/05/16 16:42:26 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Defogger.exe

[2012/05/16 07:40:44 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rob\Desktop\TDSSKiller.exe

[2012/05/15 18:04:25 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\iExplore.exe

[2012/05/15 15:41:28 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/06/11 13:16:04 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/06/11 13:16:04 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/06/11 13:16:04 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/06/11 13:16:04 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/06/11 13:16:04 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/05/24 15:39:31 | 000,324,589 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\winxp-pro-32bit-sm-reset.exe

[2012/05/24 15:39:22 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk

[2012/05/24 15:39:22 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk

[2012/05/24 15:39:22 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk

[2012/05/16 16:48:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob\defogger_reenable

[2012/05/16 16:42:37 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\SecurityCheck.exe

[2012/05/16 16:42:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Defogger.exe

[2012/05/15 18:04:26 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\iExplore.exe

[2012/02/16 19:12:12 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll

[2011/11/20 19:34:49 | 000,037,376 | ---- | C] () -- C:\windows\System32\VbVfw.dll

[2011/11/01 13:24:51 | 000,000,023 | ---- | C] () -- C:\windows\SWFDecompiler.INI

[2011/05/17 14:45:59 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\Adobe BMP Format CS5 Prefs

[2011/04/28 00:30:27 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

[2011/04/28 00:11:19 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\Adobe PNG Format CS5 Prefs

[2010/11/06 00:56:51 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\ymnq.sys

[2010/07/12 21:55:53 | 000,000,050 | ---- | C] () -- C:\windows\MegaManager.INI

[2010/06/25 12:20:40 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI

[2010/06/18 21:17:25 | 000,001,324 | ---- | C] () -- C:\windows\System32\d3d9caps.dat

========== LOP Check ==========

[2007/11/28 19:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC

[2008/01/28 16:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/03/06 19:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2010/10/21 17:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS

[2008/10/03 11:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MipKukSoft

[2007/12/13 04:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

[2009/02/21 17:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2007/11/30 16:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2011/05/06 22:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2009/04/14 13:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2010/08/27 21:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit

[2008/10/01 14:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2008/10/01 14:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard

[2009/02/18 00:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2010/06/13 23:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2009/10/27 20:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/12/17 22:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}

[2011/11/19 20:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\096F53D8

[2008/04/14 01:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Blackberry Desktop

[2010/07/11 22:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Boilsoft

[2011/04/28 10:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/01/16 17:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/11/11 23:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\DDMSettings

[2007/12/13 05:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Eyeblaster

[2011/04/23 01:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\FLV Extract

[2010/06/16 17:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Free AVI MPEG WMV MP4 FLV Video Joiner

[2007/12/13 05:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\GameHouse

[2010/06/09 13:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\ImgBurn

[2010/03/06 20:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\IObit

[2009/02/20 17:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Leadertech

[2010/06/13 14:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Moyea

[2007/12/12 19:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Opera

[2007/11/29 18:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Research In Motion

[2008/10/01 14:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\ScanSoft

[2008/03/05 02:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Uniblue

[2012/06/12 18:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Vso

[2010/06/23 11:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Waim

[2012/06/11 13:38:51 | 000,000,236 | ---- | M] () -- C:\windows\Tasks\OGALogon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\windows\AGRSMMSG.exe:SummaryInformation

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2010/11/06 00:56:51 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\ymnq.sys

    :files
    c:\windows\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}
    recycler /alldrives
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

When running the code you gave me for OTL, the program has locked up and is "Not Responding." I then used Task Mgr to shut it down. I rebooted my computer and started OTL again. After entering the code and clicking "Run/Fix", the program locked up again.

Suggestions?

Link to post
Share on other sites

Ran OTL with code in Safe Mode. It worked. Here is the log:

All processes killed

========== OTL ==========

File C:\windows\System32\drivers\ymnq.sys not found.

========== FILES ==========

File\Folder c:\windows\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877} not found.

recycler not found in C:\

recycler not found in D:\

recycler not found in G:\

H:\RECYCLER\S-1-5-21-1644491937-562591055-725345543-1003\Dh10 folder moved successfully.

H:\RECYCLER\S-1-5-21-1644491937-562591055-725345543-1003 folder moved successfully.

H:\RECYCLER folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to query host name.

C:\Documents and Settings\Rob\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Rob\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Rob

->Temp folder emptied: 258445 bytes

->Temporary Internet Files folder emptied: 327974 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.43.1 log created on 06162012_203549

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Here is the FSS Log:

Farbar Service Scanner Version: 19-06-2012

Ran by Rob (administrator) on 19-06-2012 at 00:56:19

Running from "C:\Documents and Settings\Rob\Desktop"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is set to Demand. The default start type is Auto.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error: Google IP is unreachable

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error: Yahoo IP is unreachable

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

Srservice Service is not running. Checking service configuration:

The start type of Srservice service is OK.

The ImagePath of Srservice service is OK.

The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:

The start type of sr service is set to Disabled. The default start type is Boot.

The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".

System Restore Disabled Policy:

========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR"=DWORD:1

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\windows\system32\dhcpcsvc.dll => MD5 is legit

C:\windows\system32\Drivers\afd.sys => MD5 is legit

C:\windows\system32\Drivers\netbt.sys => MD5 is legit

C:\windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\windows\system32\Drivers\ipsec.sys => MD5 is legit

C:\windows\system32\dnsrslvr.dll => MD5 is legit

C:\windows\system32\ipnathlp.dll => MD5 is legit

C:\windows\system32\netman.dll => MD5 is legit

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\windows\system32\srsvc.dll => MD5 is legit

C:\windows\system32\Drivers\sr.sys => MD5 is legit

C:\windows\system32\wscsvc.dll => MD5 is legit

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\windows\system32\wuauserv.dll => MD5 is legit

C:\windows\system32\qmgr.dll => MD5 is legit

C:\windows\system32\es.dll => MD5 is legit

C:\windows\system32\cryptsvc.dll => MD5 is legit

C:\windows\system32\svchost.exe => MD5 is legit

C:\windows\system32\rpcss.dll => MD5 is legit

C:\windows\system32\services.exe => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Did as instructed.

- DNS Client (no option for DNS Cache) is now set to "MANUAL" and is "STARTED".

- SRService (for System Restore) is set to "AUTO" and is "STARTED".

Here is the new FSS Log:

Farbar Service Scanner Version: 19-06-2012

Ran by Rob (administrator) on 21-06-2012 at 14:53:57

Running from "C:\Documents and Settings\Rob\Desktop"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is set to Demand. The default start type is Auto.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error: Google IP is unreachable

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error: Yahoo IP is unreachable

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

Srservice Service is not running. Checking service configuration:

The start type of Srservice service is OK.

The ImagePath of Srservice service is OK.

The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:

The start type of sr service is set to Disabled. The default start type is Boot.

The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".

System Restore Disabled Policy:

========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR"=DWORD:1

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\windows\system32\dhcpcsvc.dll => MD5 is legit

C:\windows\system32\Drivers\afd.sys => MD5 is legit

C:\windows\system32\Drivers\netbt.sys => MD5 is legit

C:\windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\windows\system32\Drivers\ipsec.sys => MD5 is legit

C:\windows\system32\dnsrslvr.dll => MD5 is legit

C:\windows\system32\ipnathlp.dll => MD5 is legit

C:\windows\system32\netman.dll => MD5 is legit

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\windows\system32\srsvc.dll => MD5 is legit

C:\windows\system32\Drivers\sr.sys => MD5 is legit

C:\windows\system32\wscsvc.dll => MD5 is legit

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\windows\system32\wuauserv.dll => MD5 is legit

C:\windows\system32\qmgr.dll => MD5 is legit

C:\windows\system32\es.dll => MD5 is legit

C:\windows\system32\cryptsvc.dll => MD5 is legit

C:\windows\system32\svchost.exe => MD5 is legit

C:\windows\system32\rpcss.dll => MD5 is legit

C:\windows\system32\services.exe => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Yesterday was the first day back on my computer. It was the first time I went on the internet. Everything seemed to be fine until I got a warning from "Windows Antivirus 2012" that my computer was infected. I know this must be another virus so I immediately shut my computer off. I am now running Malwarebytes to see what it shows.

Am I infected again? Or is this something left over from the last one?

Link to post
Share on other sites

Here is the MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.27.01

Windows XP Service Pack 3 x86 FAT32

Internet Explorer 8.0.6001.18702

Rob :: ROB-CCA219EB460 [administrator]

6/26/2012 19:12:51

mbam-log-2012-06-26 (21-11-00).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 355739

Time elapsed: 1 hour(s), 47 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 13

C:\Program Files\STUFF\Casinos\mhvpoker.dll (Adware.Casino) -> No action taken.

C:\Program Files\STUFF\Casinos\baccarat.dll (Adware.Casino) -> No action taken.

C:\Program Files\STUFF\Casinos\bj.dll (Adware.Casino) -> No action taken.

C:\Program Files\STUFF\Casinos\casino.exe (Adware.Casino) -> No action taken.

C:\Program Files\STUFF\Casinos\directsound.dll (Adware.Casino) -> No action taken.

C:\Program Files\STUFF\Casinos\extgame.dll (Adware.Casino) -> No action taken.

C:\Program Files\STUFF\Casinos\lbyinst.exe (Adware.Casino) -> No action taken.

C:\Program Files\STUFF\Casinos\miniprocess.exe (Adware.Casino) -> No action taken.

C:\Program Files\STUFF\Casinos\plibc32.dll (Adware.Casino) -> No action taken.

C:\Program Files\STUFF\Casinos\winsound.dll (Adware.Casino) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\U\80000000.@.vir (Trojan.Sirefef) -> No action taken.

C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.

(end)

BTW, this last situation happened when I clicked on a picture on Google. I think that is how I have gotten my last two viruses. Would the PRO version of Malwarebytes prevent that from happening?

I haven't been back on the internet since this last thing happened. Let me know if you want other test results.

Thanks.

Link to post
Share on other sites

These things have already removed from OTL.

C:\Qoobox\Quarantine\C\WINDOWS\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> No action taken.

C:\Qoobox\Quarantine\C\WINDOWS\Installer\{d7655630-ff5f-d0fc-3b68-e13b8d1ad877}\U\80000000.@.vir (Trojan.Sirefef) -> No action taken.

About other things, please run Malwarebytes' Anti-Malware scan and repeat, but this time remove them.

Yes, PRO version is a good way to prevent these attacks.

Monitor your system and let me know too.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.