salman720

Need help

13 posts in this topic

I have a HP Compaq laptop with Windows 7 which got infected with Packer Gen malware. I installed MBAM and cleaned my drives but it came back again. I've used different antivirus programs but still the same result.

Here is the log of the latest scan:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5236

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/3/2010 2:25:09 PM

mbam-log-2010-12-03 (14-24-46).txt

Scan type: Quick scan

Objects scanned: 123354

Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\qlrtf.exe (Malware.Packer.Gen) -> No action taken.

c:\ywncb.pif (Malware.Packer.Gen) -> No action taken.

c:\ccxjb.exe (Malware.Packer.Gen) -> No action taken.

c:\jorqoi.pif (Malware.Packer.Gen) -> No action taken.

c:\lxlqhc.pif (Malware.Packer.Gen) -> No action taken.

I haven't connected my laptop to the internet, and I got this malware from my desktop computer which was also infected by the same malware but MBAM was able to remove it here.

Any help will be greatly appreciated :lol:

thanks

mbam_log_2010_12_03__14_24_46_.txt

Share this post


Link to post
Share on other sites

Hello ,

And :lol: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Share this post


Link to post
Share on other sites

Ok.

I'm having a lot of problems with this infection. For start, it's making my computer to use more battery. The computer heats up for no reason and it takes up all my battery for the fan to cool it down. The performance has dropped greatly, and everything has slowed down. It takes a lot of time for the computer to respond. It's also corrupting some of my software, not to mention disabling the Firewall and Windows Defender. The antivirus I installed on it is not working either and I have to reinstall it every couple of days...

I've used a few anti malware programs and 2 antivirus programs, but still it's no use.

Here are the logs you requested.

__________________________________________________________

#1. LATEST MBAM LOG:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5236

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/3/2010 10:54:49 PM

mbam-log-2010-12-03 (22-54-46).txt

Scan type: Quick scan

Objects scanned: 123426

Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 33

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\ackimt.exe (Malware.Packer.Gen) -> No action taken.

c:\adah.exe (Malware.Packer.Gen) -> No action taken.

c:\afespr.pif (Malware.Packer.Gen) -> No action taken.

c:\amfjo.pif (Malware.Packer.Gen) -> No action taken.

c:\aofval.pif (Malware.Packer.Gen) -> No action taken.

c:\awxq.exe (Malware.Packer.Gen) -> No action taken.

c:\puxc.pif (Malware.Packer.Gen) -> No action taken.

c:\qoellb.exe (Malware.Packer.Gen) -> No action taken.

c:\qthy.exe (Malware.Packer.Gen) -> No action taken.

c:\rljpfr.pif (Malware.Packer.Gen) -> No action taken.

c:\udhd.pif (Malware.Packer.Gen) -> No action taken.

c:\ukwi.exe (Malware.Packer.Gen) -> No action taken.

c:\usia.pif (Malware.Packer.Gen) -> No action taken.

c:\vnrqwv.pif (Malware.Packer.Gen) -> No action taken.

c:\xtln.pif (Malware.Packer.Gen) -> No action taken.

c:\yalfek.pif (Malware.Packer.Gen) -> No action taken.

c:\yfhre.pif (Malware.Packer.Gen) -> No action taken.

c:\ypqbvp.exe (Malware.Packer.Gen) -> No action taken.

c:\yvnng.exe (Malware.Packer.Gen) -> No action taken.

c:\ywouae.exe (Malware.Packer.Gen) -> No action taken.

c:\btfprv.exe (Malware.Packer.Gen) -> No action taken.

c:\dyelea.pif (Malware.Packer.Gen) -> No action taken.

c:\ggaciv.exe (Malware.Packer.Gen) -> No action taken.

c:\jipcq.pif (Malware.Packer.Gen) -> No action taken.

c:\kqgtf.exe (Malware.Packer.Gen) -> No action taken.

c:\kvgu.exe (Malware.Packer.Gen) -> No action taken.

c:\llgs.exe (Malware.Packer.Gen) -> No action taken.

c:\lpsafu.pif (Malware.Packer.Gen) -> No action taken.

c:\murrwb.pif (Malware.Packer.Gen) -> No action taken.

c:\myuqmy.pif (Malware.Packer.Gen) -> No action taken.

c:\oaipan.exe (Malware.Packer.Gen) -> No action taken.

c:\ocpib.exe (Malware.Packer.Gen) -> No action taken.

c:\oprfm.exe (Malware.Packer.Gen) -> No action taken.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

#2. OTL.TXT LOG

OTL logfile created on: 12/3/2010 11:14:42 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\MMA\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.42 Gb Total Space | 58.54 Gb Free Space | 78.65% Space Free | Partition Type: NTFS

Drive D: | 74.52 Gb Total Space | 73.41 Gb Free Space | 98.51% Space Free | Partition Type: NTFS

Drive E: | 74.52 Gb Total Space | 71.03 Gb Free Space | 95.31% Space Free | Partition Type: NTFS

Drive F: | 74.52 Gb Total Space | 73.16 Gb Free Space | 98.17% Space Free | Partition Type: NTFS

Computer Name: MMA-PC | User Name: MMA | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/03 23:00:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\MMA\Desktop\OTL.exe

PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2010/03/24 20:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2009/07/14 06:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/14 06:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/05 16:17:24 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/03/02 12:10:30 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

========== Modules (SafeList) ==========

MOD - [2010/12/03 23:00:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\MMA\Desktop\OTL.exe

MOD - [2009/07/14 06:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/14 06:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/14 06:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll

MOD - [2009/07/14 06:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/14 06:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll

MOD - [2009/07/14 06:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/14 06:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/14 06:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/14 06:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/14 06:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009/07/14 06:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2009/07/14 06:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/14 06:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/14 06:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/14 06:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/14 06:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/14 06:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/14 06:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 06:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 06:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/14 06:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/14 06:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/14 06:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/14 06:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/14 06:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/14 06:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/14 06:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/14 06:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/14 06:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/14 06:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009/07/14 06:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/14 06:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009/03/05 16:17:24 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/03/02 12:10:30 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mcdbus.sys -- (mcdbus)

DRV - [2010/03/24 20:33:56 | 000,096,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2010/03/24 20:23:54 | 000,133,512 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)

DRV - [2010/02/25 15:19:26 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2010/02/25 15:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2009/07/14 06:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/14 06:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/14 06:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/14 06:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/14 06:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/14 06:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/14 06:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/14 06:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/14 06:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/14 06:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/14 06:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/14 06:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/14 06:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/14 06:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/14 06:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/14 06:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/14 06:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/07/14 06:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/14 06:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/14 06:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/14 06:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/14 06:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/14 06:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/14 06:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/14 06:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/14 06:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/14 06:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/14 06:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/14 06:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/14 06:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/14 06:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 06:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/14 06:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/14 06:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/14 06:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/14 06:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/14 06:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/14 06:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/14 06:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/14 06:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/14 06:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/14 06:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/14 06:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/14 05:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/14 05:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009/07/14 05:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/14 04:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/14 04:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/14 04:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/14 04:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/14 04:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009/07/14 04:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/14 04:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/14 04:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/14 04:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/14 04:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/14 04:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/14 04:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 04:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/14 04:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/14 04:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/14 04:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/14 03:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 03:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/14 03:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/14 03:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/14 03:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/14 03:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/14 03:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/14 03:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/07/14 03:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®

DRV - [2009/07/14 03:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/14 03:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/14 03:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/06/11 02:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2009/02/13 14:22:54 | 000,095,576 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 11:50:02 | 000,028,376 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/02/13 11:31:26 | 000,055,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2008/01/14 15:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\S-1-5-21-3530972390-2459176519-1387504730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sa/

IE - HKU\S-1-5-21-3530972390-2459176519-1387504730-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-3530972390-2459176519-1387504730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/12/02 11:51:22 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/11 02:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-3530972390-2459176519-1387504730-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [TNOD UP] C:\Program Files\TNod User & Password Finder\TNODUP.exe (Tukero[X]Team)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 02:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{f87fbc14-e690-11df-81f3-0027137588b8}\Shell - "" = AutoRun

O33 - MountPoints2\{f87fbc14-e690-11df-81f3-0027137588b8}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/03 23:14:09 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\MMA\Desktop\RkU3.8.388.590.exe

[2010/12/03 23:00:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\MMA\Desktop\OTL.exe

[2010/12/02 11:50:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/12/02 11:05:05 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010/12/02 00:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2010/12/02 00:04:04 | 000,000,000 | ---D | C] -- C:\Users\MMA\AppData\Roaming\SUPERAntiSpyware.com

[2010/12/02 00:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/12/02 00:00:09 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\MMA\Documents\SUPERAntiSpyware.exe

[2010/12/01 22:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2010/12/01 22:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/12/01 14:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc

[2010/12/01 02:10:19 | 000,000,000 | ---D | C] -- C:\Users\MMA\AppData\Local\ESET

[2010/12/01 02:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET

[2010/12/01 02:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/12/01 02:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\TNod User & Password Finder

[2010/12/01 01:36:06 | 000,000,000 | ---D | C] -- C:\Users\MMA\AppData\Roaming\WinRAR

[2010/11/25 11:55:08 | 000,000,000 | ---D | C] -- C:\Users\MMA\AppData\Roaming\GRETECH

[2010/11/22 17:18:26 | 000,000,000 | ---D | C] -- C:\Users\MMA\AppData\Local\Adobe

[2010/11/19 22:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/11/19 22:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2010/11/19 22:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/11/18 00:53:37 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2010/11/18 00:53:36 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm

[2010/11/18 00:53:36 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm

[2010/11/18 00:53:35 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll

[2010/11/18 00:53:35 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll

[2010/11/18 00:53:34 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll

[2010/11/18 00:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2010/11/18 00:41:40 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe

[2010/11/18 00:09:50 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2010/11/14 21:07:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/11/12 22:54:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\CatRoot_bak

[2010/11/10 23:55:30 | 000,000,000 | ---D | C] -- C:\Users\MMA\AppData\Local\MigWiz

[2010/11/05 17:04:08 | 000,000,000 | ---D | C] -- C:\Users\MMA\AppData\Local\Microsoft Games

[2010/11/05 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\MMA\AppData\Roaming\Media Player Classic

[2010/11/05 16:53:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2010/11/05 10:00:02 | 000,000,000 | ---D | C] -- C:\Users\MMA\AppData\Local\ElevatedDiagnostics

========== Files - Modified Within 30 Days ==========

[2010/12/03 23:15:55 | 000,103,140 | RHS- | M] () -- C:\sesqcd.pif

[2010/12/03 23:15:10 | 000,103,140 | RHS- | M] () -- C:\jikkd.pif

[2010/12/03 23:14:24 | 000,103,140 | RHS- | M] () -- C:\lbuwy.pif

[2010/12/03 23:13:35 | 000,103,140 | RHS- | M] () -- C:\lawqln.exe

[2010/12/03 23:12:46 | 000,103,140 | RHS- | M] () -- C:\ciqm.pif

[2010/12/03 23:11:53 | 000,103,140 | RHS- | M] () -- C:\gnsvg.exe

[2010/12/03 23:10:46 | 000,103,140 | RHS- | M] () -- C:\ydmr.exe

[2010/12/03 23:09:58 | 000,103,140 | RHS- | M] () -- C:\fsxl.pif

[2010/12/03 23:09:07 | 000,103,140 | RHS- | M] () -- C:\hcgpph.exe

[2010/12/03 23:08:24 | 000,103,140 | RHS- | M] () -- C:\bgop.pif

[2010/12/03 23:07:32 | 000,103,140 | RHS- | M] () -- C:\jgblvv.exe

[2010/12/03 23:06:39 | 000,103,140 | RHS- | M] () -- C:\mkqig.exe

[2010/12/03 23:05:55 | 000,103,140 | RHS- | M] () -- C:\nbaysl.pif

[2010/12/03 23:05:12 | 000,103,140 | RHS- | M] () -- C:\wnky.exe

[2010/12/03 23:04:13 | 000,103,140 | RHS- | M] () -- C:\owgf.pif

[2010/12/03 23:02:38 | 000,103,140 | RHS- | M] () -- C:\ncokoh.exe

[2010/12/03 23:01:47 | 000,103,140 | RHS- | M] () -- C:\wifsqd.exe

[2010/12/03 23:00:43 | 000,103,140 | RHS- | M] () -- C:\fyda.exe

[2010/12/03 23:00:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\MMA\Desktop\OTL.exe

[2010/12/03 22:59:44 | 000,103,140 | RHS- | M] () -- C:\swdu.exe

[2010/12/03 22:59:12 | 000,629,057 | ---- | M] () -- C:\Users\MMA\Desktop\RkU3.8.388.590.rar

[2010/12/03 22:58:50 | 000,103,140 | RHS- | M] () -- C:\betawi.pif

[2010/12/03 22:57:57 | 000,103,140 | RHS- | M] () -- C:\clvxdc.pif

[2010/12/03 22:57:13 | 000,103,140 | RHS- | M] () -- C:\rbqym.exe

[2010/12/03 22:56:30 | 000,103,140 | RHS- | M] () -- C:\cuxy.exe

[2010/12/03 22:56:08 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/03 22:56:08 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/03 22:55:47 | 000,103,140 | RHS- | M] () -- C:\jgsuuo.pif

[2010/12/03 22:55:03 | 000,103,140 | RHS- | M] () -- C:\entsd.exe

[2010/12/03 22:55:01 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ehhdg.sys

[2010/12/03 22:54:14 | 000,103,140 | RHS- | M] () -- C:\rayp.exe

[2010/12/03 22:53:28 | 000,103,140 | RHS- | M] () -- C:\heixn.exe

[2010/12/03 22:52:28 | 000,103,140 | RHS- | M] () -- C:\tmlbb.exe

[2010/12/03 22:51:40 | 000,103,140 | RHS- | M] () -- C:\tbchvw.exe

[2010/12/03 22:44:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/03 22:44:30 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/02 15:18:54 | 000,693,124 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2010/12/02 15:18:54 | 000,689,526 | ---- | M] () -- C:\Windows\System32\perfh013.dat

[2010/12/02 15:18:54 | 000,688,180 | ---- | M] () -- C:\Windows\System32\perfh010.dat

[2010/12/02 15:18:54 | 000,674,902 | ---- | M] () -- C:\Windows\System32\perfh019.dat

[2010/12/02 15:18:54 | 000,641,706 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010/12/02 15:18:54 | 000,631,390 | ---- | M] () -- C:\Windows\System32\perfh00E.dat

[2010/12/02 15:18:54 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/02 15:18:54 | 000,609,928 | ---- | M] () -- C:\Windows\System32\perfh01F.dat

[2010/12/02 15:18:54 | 000,435,188 | ---- | M] () -- C:\Windows\System32\perfh001.dat

[2010/12/02 15:18:54 | 000,144,416 | ---- | M] () -- C:\Windows\System32\perfc00E.dat

[2010/12/02 15:18:54 | 000,129,742 | ---- | M] () -- C:\Windows\System32\perfc013.dat

[2010/12/02 15:18:54 | 000,129,026 | ---- | M] () -- C:\Windows\System32\perfc019.dat

[2010/12/02 15:18:54 | 000,127,204 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2010/12/02 15:18:54 | 000,126,062 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010/12/02 15:18:54 | 000,124,140 | ---- | M] () -- C:\Windows\System32\perfc010.dat

[2010/12/02 15:18:54 | 000,118,334 | ---- | M] () -- C:\Windows\System32\perfc01F.dat

[2010/12/02 15:18:54 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/02 15:18:54 | 000,076,298 | ---- | M] () -- C:\Windows\System32\perfc001.dat

[2010/12/02 00:20:17 | 000,000,578 | ---- | M] () -- C:\Users\MMA\Desktop\cc_20101202_002000.reg

[2010/12/02 00:01:52 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\MMA\Documents\SUPERAntiSpyware.exe

[2010/12/01 23:01:49 | 000,006,074 | ---- | M] () -- C:\Users\MMA\Desktop\cc_20101201_230144.reg

[2010/12/01 22:55:23 | 000,090,602 | ---- | M] () -- C:\Users\MMA\Desktop\cc_20101201_225510.reg

[2010/12/01 22:53:49 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2010/12/01 02:03:36 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\Update NOD32 license.lnk

[2010/11/30 11:33:43 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/11/25 11:44:40 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010/11/21 18:41:13 | 000,573,464 | ---- | M] () -- C:\Users\MMA\Documents\Fight Club.pdf

[2010/11/21 18:40:51 | 000,404,024 | ---- | M] () -- C:\Users\MMA\Documents\George.Orwell_1984.pdf

[2010/11/21 18:40:20 | 001,913,930 | ---- | M] () -- C:\Users\MMA\Documents\255a1.pdf

[2010/11/21 00:17:27 | 000,001,885 | ---- | M] () -- C:\Users\MMA\Documents\ad59b811_6e38_1a950.jpg

[2010/11/19 22:33:23 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk

[2010/11/18 00:41:14 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe

[2010/11/17 23:56:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/11/17 23:56:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/11/13 14:31:02 | 008,967,998 | ---- | M] () -- C:\Users\MMA\Desktop\Computer Networks 4th Ed - Andrew S. Tanenbaum.chm

[2010/11/10 16:27:43 | 000,000,000 | -H-- | M] () -- C:\Users\MMA\Documents\Default.rdp

========== Files Created - No Company Name ==========

[2010/12/03 23:14:24 | 000,103,140 | RHS- | C] () -- C:\lbuwy.pif

[2010/12/03 23:13:35 | 000,103,140 | RHS- | C] () -- C:\lawqln.exe

[2010/12/03 23:12:46 | 000,103,140 | RHS- | C] () -- C:\ciqm.pif

[2010/12/03 23:11:53 | 000,103,140 | RHS- | C] () -- C:\gnsvg.exe

[2010/12/03 23:10:46 | 000,103,140 | RHS- | C] () -- C:\ydmr.exe

[2010/12/03 23:09:58 | 000,103,140 | RHS- | C] () -- C:\fsxl.pif

[2010/12/03 23:09:07 | 000,103,140 | RHS- | C] () -- C:\hcgpph.exe

[2010/12/03 23:08:24 | 000,103,140 | RHS- | C] () -- C:\bgop.pif

[2010/12/03 23:07:32 | 000,103,140 | RHS- | C] () -- C:\jgblvv.exe

[2010/12/03 23:06:39 | 000,103,140 | RHS- | C] () -- C:\mkqig.exe

[2010/12/03 23:05:55 | 000,103,140 | RHS- | C] () -- C:\nbaysl.pif

[2010/12/03 23:05:12 | 000,103,140 | RHS- | C] () -- C:\wnky.exe

[2010/12/03 23:04:13 | 000,103,140 | RHS- | C] () -- C:\owgf.pif

[2010/12/03 23:02:38 | 000,103,140 | RHS- | C] () -- C:\ncokoh.exe

[2010/12/03 23:01:47 | 000,103,140 | RHS- | C] () -- C:\wifsqd.exe

[2010/12/03 23:00:43 | 000,103,140 | RHS- | C] () -- C:\fyda.exe

[2010/12/03 22:59:44 | 000,103,140 | RHS- | C] () -- C:\swdu.exe

[2010/12/03 22:58:50 | 000,629,057 | ---- | C] () -- C:\Users\MMA\Desktop\RkU3.8.388.590.rar

[2010/12/03 22:58:50 | 000,103,140 | RHS- | C] () -- C:\betawi.pif

[2010/12/03 22:57:57 | 000,103,140 | RHS- | C] () -- C:\clvxdc.pif

[2010/12/03 22:57:13 | 000,103,140 | RHS- | C] () -- C:\rbqym.exe

[2010/12/03 22:56:30 | 000,103,140 | RHS- | C] () -- C:\cuxy.exe

[2010/12/03 22:55:47 | 000,103,140 | RHS- | C] () -- C:\jgsuuo.pif

[2010/12/03 22:55:03 | 000,103,140 | RHS- | C] () -- C:\entsd.exe

[2010/12/03 22:55:01 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ehhdg.sys

[2010/12/03 22:54:14 | 000,103,140 | RHS- | C] () -- C:\rayp.exe

[2010/12/03 22:53:28 | 000,103,140 | RHS- | C] () -- C:\heixn.exe

[2010/12/03 22:52:28 | 000,103,140 | RHS- | C] () -- C:\tmlbb.exe

[2010/12/03 22:51:40 | 000,103,140 | RHS- | C] () -- C:\tbchvw.exe

[2010/12/02 00:20:02 | 000,000,578 | ---- | C] () -- C:\Users\MMA\Desktop\cc_20101202_002000.reg

[2010/12/01 23:01:46 | 000,006,074 | ---- | C] () -- C:\Users\MMA\Desktop\cc_20101201_230144.reg

[2010/12/01 22:55:16 | 000,090,602 | ---- | C] () -- C:\Users\MMA\Desktop\cc_20101201_225510.reg

[2010/12/01 22:53:49 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2010/12/01 02:03:36 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\Update NOD32 license.lnk

[2010/11/30 11:33:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2010/11/21 18:41:07 | 000,573,464 | ---- | C] () -- C:\Users\MMA\Documents\Fight Club.pdf

[2010/11/21 18:40:47 | 000,404,024 | ---- | C] () -- C:\Users\MMA\Documents\George.Orwell_1984.pdf

[2010/11/21 18:40:03 | 001,913,930 | ---- | C] () -- C:\Users\MMA\Documents\255a1.pdf

[2010/11/21 00:17:27 | 000,001,885 | ---- | C] () -- C:\Users\MMA\Documents\ad59b811_6e38_1a950.jpg

[2010/11/19 22:33:23 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk

[2010/11/18 00:53:36 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml

[2010/11/18 00:53:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/11/18 00:53:35 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2010/11/18 00:53:35 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/11/18 00:53:35 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/11/18 00:53:33 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/11/17 23:56:03 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2010/11/17 23:56:03 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010/11/13 14:40:41 | 008,967,998 | ---- | C] () -- C:\Users\MMA\Desktop\Computer Networks 4th Ed - Andrew S. Tanenbaum.chm

[2010/11/10 16:27:43 | 000,000,000 | -H-- | C] () -- C:\Users\MMA\Documents\Default.rdp

[2010/11/03 23:06:11 | 000,000,000 | ---- | C] () -- C:\Users\MMA\AppData\Local\QSwitch.txt

[2010/11/03 23:06:11 | 000,000,000 | ---- | C] () -- C:\Users\MMA\AppData\Local\DSwitch.txt

[2010/11/03 23:06:11 | 000,000,000 | ---- | C] () -- C:\Users\MMA\AppData\Local\AtStart.txt

[2010/11/02 20:31:34 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2010/11/02 20:08:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/07/14 04:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 04:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2005/10/14 14:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll

[2005/10/14 14:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll

[2005/10/14 14:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll

[2005/10/14 14:56:50 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2005/10/14 14:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

[2003/04/03 19:53:45 | 000,026,112 | ---- | C] () -- C:\Windows\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/11/30 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\MMA\AppData\Roaming\DMCache

[2010/11/02 20:08:07 | 000,000,000 | ---D | M] -- C:\Users\MMA\AppData\Roaming\ManyCam

[2010/12/03 12:48:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

#3. EXTRAS.TXT

OTL Extras logfile created on: 12/3/2010 11:14:42 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\MMA\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.42 Gb Total Space | 58.54 Gb Free Space | 78.65% Space Free | Partition Type: NTFS

Drive D: | 74.52 Gb Total Space | 73.41 Gb Free Space | 98.51% Space Free | Partition Type: NTFS

Drive E: | 74.52 Gb Total Space | 71.03 Gb Free Space | 95.31% Space Free | Partition Type: NTFS

Drive F: | 74.52 Gb Total Space | 73.16 Gb Free Space | 98.17% Space Free | Partition Type: NTFS

Computer Name: MMA-PC | User Name: MMA | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"UacDisableNotify" = 1

"ANTIVIRUSDISABLENOTIFY" = 1

"FIREWALLDISABLENOTIFY" = 1

"UPDATESDISABLENOTIFY" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{08B857DF-E6F9-4283-853A-4F329CC09A4F}" = ESET NOD32 Antivirus

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Share this post


Link to post
Share on other sites

First of all, there is a real possibility this is an overheating issue, caused by a hardware problem (might be from simply dusty fans/interior to faulty hardware). Make sure to not overheat the laptop and turn it off it it does.

Lets first check/clean malware here.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Log.txt in your next reply.

Share this post


Link to post
Share on other sites

Here is the ComboFix log

ComboFix 10-12-02.06 - MMA 12/04/2010 13:24:11.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2039.1410 [GMT 5:00]

Running from: c:\users\MMA\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\aawh.exe

C:\adqeio.pif

C:\arflv.pif

C:\autorun.inf

C:\betawi.pif

C:\bgop.pif

C:\blrybr.pif

C:\bmtmet.pif

C:\ciqm.pif

C:\clvxdc.pif

C:\cnyg.pif

C:\cuxy.exe

C:\dbjc.pif

C:\dkfpu.pif

C:\dwyonj.pif

C:\ehrxmq.pif

C:\ehyr.pif

C:\eirhva.pif

C:\elph.exe

C:\fsxl.pif

C:\fvnl.pif

C:\fyda.exe

C:\gjkk.exe

C:\gnsvg.exe

C:\gwpvk.exe

C:\hcgpph.exe

C:\hqig.pif

C:\iaqbe.pif

C:\ivfa.pif

C:\ivrl.exe

C:\jgblvv.exe

C:\jgmwxc.exe

C:\jgsuuo.pif

C:\jikkd.pif

C:\kbma.pif

C:\kfig.pif

C:\kqsrlb.exe

C:\ktyaay.pif

C:\kyko.pif

C:\lbuwy.pif

C:\ldoe.exe

C:\lervpg.pif

C:\lglx.pif

C:\lsqs.pif

C:\ltsd.exe

C:\lvkcpa.pif

C:\lxsp.exe

C:\mqlwr.pif

C:\nbaysl.pif

C:\nebo.pif

C:\nsycp.pif

C:\nurr.exe

C:\ogdt.exe

C:\opoaul.pif

C:\ovil.exe

C:\owgf.pif

C:\pfoasu.pif

C:\ptcc.pif

C:\qchtrc.pif

C:\ragq.pif

C:\rayp.exe

C:\rbqym.exe

C:\rkvjnb.pif

C:\rpfbjk.exe

C:\scug.exe

C:\sesqcd.pif

C:\sicj.exe

C:\siumqu.pif

C:\skly.exe

C:\ssnh.exe

C:\swdu.exe

C:\sxfg.exe

C:\tbchvw.exe

C:\tkoqse.pif

C:\tmlbb.exe

C:\tvltnc.pif

C:\ublql.pif

C:\ukgiwc.pif

C:\vdrny.exe

C:\vhylhq.exe

C:\wabjjb.pif

C:\wdyp.exe

C:\wjalq.pif

C:\wnfse.pif

C:\wnky.exe

C:\wqjec.pif

C:\xqdclw.exe

C:\ydmr.exe

D:\aang.pif

D:\aexxrh.pif

D:\alqbs.pif

D:\amwlhh.pif

D:\aoql.pif

D:\arxph.pif

D:\autorun.inf

D:\bevt.exe

D:\bhrx.pif

D:\bhubtm.pif

D:\btuo.exe

D:\cilr.pif

D:\civvu.pif

D:\ckddrl.exe

D:\cmff.pif

D:\dfnrtc.pif

D:\dilae.pif

D:\dltqlc.pif

D:\dngpdm.pif

D:\dqjq.exe

D:\dtiq.exe

D:\edvu.exe

D:\eidy.exe

D:\ejvc.pif

D:\erqw.pif

D:\etinl.pif

D:\evrx.exe

D:\ewdl.exe

D:\fcmg.pif

D:\fctjt.exe

D:\fijwel.pif

D:\fjrncd.exe

D:\fmoao.pif

D:\fmxo.exe

D:\fqbnm.exe

D:\fqsqt.exe

D:\fsjjq.exe

D:\fvlx.exe

D:\fvol.exe

D:\gmeq.pif

D:\gnux.exe

D:\hiouv.pif

D:\hnyr.exe

D:\hojj.pif

D:\hvnt.pif

D:\hyvyri.pif

D:\imsnry.pif

D:\ioravd.pif

D:\jbrsx.pif

D:\jhwvjg.pif

D:\jqkby.pif

D:\jyavkf.pif

D:\kagu.exe

D:\kngfph.exe

D:\ktsfc.exe

D:\kwlkq.pif

D:\laxr.exe

D:\lgxg.pif

D:\lmbwk.pif

D:\lorxnh.pif

D:\lryk.exe

D:\lvjgh.exe

D:\merv.exe

D:\mhoqi.pif

D:\mrydio.pif

D:\msknqh.pif

D:\mykg.pif

D:\nhkwku.pif

D:\nvqwj.pif

D:\otqq.pif

D:\pcmr.pif

D:\pfkl.exe

D:\povjnm.pif

D:\qdlvkh.pif

D:\qinjuo.pif

D:\qmwh.exe

D:\qqxqlj.pif

D:\rbix.exe

D:\rnqk.exe

D:\rovspy.pif

D:\rsldy.pif

D:\rwhaut.pif

D:\sbay.pif

D:\sden.exe

D:\sgwifu.pif

D:\svrn.pif

D:\tgyb.exe

D:\tiiy.pif

D:\tjjbg.pif

D:\tjvt.exe

D:\twhw.exe

D:\txmmop.pif

D:\uaaq.pif

D:\uhnwb.pif

D:\uuvcb.pif

D:\vmdmgq.pif

D:\vnhk.exe

D:\wdpn.exe

D:\wrlc.pif

D:\wunu.pif

D:\wvqmw.exe

D:\wxflp.exe

D:\wysena.pif

D:\xart.exe

D:\xkhest.pif

D:\xkkd.exe

D:\xodk.exe

D:\yaxx.exe

D:\ydbppj.exe

D:\ymman.pif

D:\yvnkh.pif

E:\asfr.exe

E:\aunsvo.pif

E:\autorun.inf

E:\ayvl.exe

E:\bcmsjo.pif

E:\bcxii.pif

E:\bfxpsn.exe

E:\bjtswf.exe

E:\brrex.pif

E:\bxkgl.exe

E:\cbrfqw.pif

E:\cdowe.pif

E:\cgkai.pif

E:\cgtx.exe

E:\crwj.pif

E:\dfbvg.exe

E:\dlppat.pif

E:\dvctl.pif

E:\dvcxv.exe

E:\ecexq.pif

E:\ejmvb.pif

E:\emnvu.pif

E:\epby.exe

E:\erut.pif

E:\fkal.exe

E:\fltn.pif

E:\fstx.pif

E:\gihy.exe

E:\gnrm.pif

E:\gwehik.pif

E:\gyuc.exe

E:\hpcsi.pif

E:\htlfl.exe

E:\hvsnti.pif

E:\iahq.pif

E:\iayxn.pif

E:\idwucm.pif

E:\iejg.pif

E:\ijrc.exe

E:\ilopvq.pif

E:\imnkvj.pif

E:\iqgl.pif

E:\jqcup.pif

E:\jsswr.pif

E:\jxjeqy.pif

E:\jyfml.pif

E:\kbcho.pif

E:\kjvnd.exe

E:\knqvl.exe

E:\kpof.exe

E:\ljoo.exe

E:\lvrf.pif

E:\mdvial.pif

E:\mfovho.pif

E:\mimw.pif

E:\mptlh.exe

E:\nbumm.pif

E:\notnq.pif

E:\nqxqv.exe

E:\nvyvrf.exe

E:\obgb.exe

E:\otuj.pif

E:\oufbg.pif

E:\ovko.exe

E:\oxec.exe

E:\pijm.pif

E:\puakv.pif

E:\qajg.pif

E:\qhwjyo.pif

E:\qkuuqf.pif

E:\qlol.pif

E:\qnjwew.pif

E:\qowdfl.pif

E:\qssnfy.exe

E:\qusqul.pif

E:\qyli.exe

E:\ravd.pif

E:\rpbib.pif

E:\snhi.pif

E:\svmi.pif

E:\tcdm.exe

E:\tigq.pif

E:\tkqwsd.exe

E:\tkwylb.exe

E:\trml.exe

E:\twxm.pif

E:\uacmyd.pif

E:\ucvwb.pif

E:\uogug.pif

E:\vpqo.pif

E:\vrksfl.exe

E:\vtexnh.pif

E:\wblc.exe

E:\whsg.exe

E:\wrjb.pif

E:\xstsj.pif

E:\xthms.pif

E:\xtjxtg.exe

E:\xvwq.exe

E:\xyejxl.pif

E:\xymich.pif

E:\yesnq.pif

E:\yhlqy.exe

E:\yimyy.pif

E:\yipq.pif

E:\ykht.pif

E:\ykqhd.exe

F:\aamd.exe

F:\aicf.pif

F:\arhj.pif

F:\aubr.pif

F:\Autorun.inf

F:\axorbc.pif

F:\bdwpd.exe

F:\brymd.exe

F:\cdpp.exe

F:\cuvcw.pif

F:\cvrbje.pif

F:\cylcn.exe

F:\dpfy.exe

F:\dpppu.pif

F:\dxrv.pif

F:\ecejmt.pif

F:\eivy.exe

F:\emfnqw.pif

F:\falkll.pif

F:\fkjnht.exe

F:\fnuir.pif

F:\fowhd.pif

F:\frup.exe

F:\gcfkqo.pif

F:\gdni.pif

F:\giopyf.pif

F:\gkwp.pif

F:\gohvh.pif

F:\hauai.pif

F:\hieggb.pif

F:\hkoqof.pif

F:\hvlrar.pif

F:\jbrh.exe

F:\jcss.exe

F:\jgsnum.pif

F:\jhlxs.exe

F:\jtanln.pif

F:\kachi.pif

F:\kbrmxw.exe

F:\kjiu.pif

F:\kncft.exe

F:\ktxb.pif

F:\kwwxk.pif

F:\laco.pif

F:\mdxvn.exe

F:\mnbuh.pif

F:\mrqny.pif

F:\mwjnx.pif

F:\mwvn.pif

F:\neywv.pif

F:\nfelip.pif

F:\ngmgv.pif

F:\nhbww.exe

F:\nkgeu.pif

F:\nqkh.pif

F:\oakt.pif

F:\oflag.pif

F:\ognn.exe

F:\ohhx.pif

F:\oqfjcd.pif

F:\pbws.exe

F:\poua.exe

F:\psykpq.pif

F:\qhbnb.exe

F:\qtxsai.pif

F:\rcmg.exe

F:\rcmm.exe

F:\rmym.exe

F:\rswe.pif

F:\rucqm.pif

F:\ryvsf.exe

F:\sdyb.pif

F:\siku.exe

F:\soeg.exe

F:\swad.exe

F:\tetok.pif

F:\tvnffg.pif

F:\ugvc.pif

F:\umtpsi.pif

F:\uywkw.pif

F:\vcyr.pif

F:\vvep.exe

F:\vxgs.exe

F:\wgph.pif

F:\whnq.pif

F:\wqaqje.pif

F:\wshi.pif

F:\wstm.exe

F:\wtbds.pif

F:\wxpul.pif

F:\xejfa.pif

F:\xhot.pif

F:\xkrxbh.pif

F:\xnmaew.pif

F:\xywgvn.pif

F:\yevrlm.pif

F:\yhgr.exe

F:\yhqyvs.exe

F:\yiad.exe

F:\yjpy.exe

F:\yykwg.exe

F:\yyou.pif

----- File Replicators -----

C:\aawh.exe

C:\cuxy.exe

C:\dywix.exe

C:\elph.exe

C:\entsd.exe

C:\fyda.exe

C:\gasajg.exe

C:\gjkk.exe

C:\gnsvg.exe

C:\gwpvk.exe

C:\hcgpph.exe

C:\heixn.exe

C:\idmxtc.exe

C:\iifelf.exe

C:\ivrl.exe

C:\jgblvv.exe

C:\jgmwxc.exe

C:\kfeodl.exe

C:\kqsrlb.exe

C:\kwirsy.exe

C:\lawqln.exe

C:\ldoe.exe

C:\ltsd.exe

C:\lxsp.exe

C:\mkqig.exe

C:\mmuho.exe

C:\ncimmx.exe

C:\ncokoh.exe

C:\nhtfij.exe

C:\nwcnaw.exe

C:\ogdt.exe

C:\ovil.exe

C:\qimmp.exe

C:\rayp.exe

C:\rbqym.exe

C:\rpfbjk.exe

C:\scug.exe

C:\sicj.exe

C:\skly.exe

C:\ssnh.exe

C:\swdu.exe

C:\sxfg.exe

C:\tbchvw.exe

C:\tlfay.exe

C:\tmlbb.exe

C:\vdrny.exe

C:\vhylhq.exe

C:\wdyp.exe

C:\wifsqd.exe

C:\wnky.exe

C:\xhvxmo.exe

C:\xqdclw.exe

C:\ydmr.exe

C:\ylhagg.exe

C:\yxjnek.exe

D:\amvjac.exe

D:\arjwa.exe

D:\bevt.exe

D:\ckddrl.exe

D:\cmwan.exe

D:\dewdki.exe

D:\diwsjh.exe

D:\dtiq.exe

D:\ecosd.exe

D:\edvu.exe

D:\eidy.exe

D:\evrx.exe

D:\ewdl.exe

D:\fctjt.exe

D:\fjrncd.exe

D:\fqsqt.exe

D:\fsjjq.exe

D:\fviono.exe

D:\fvlx.exe

D:\fvol.exe

D:\gnux.exe

D:\gugjuv.exe

D:\guxes.exe

D:\iyyqk.exe

D:\ktsfc.exe

D:\kuptc.exe

D:\laxr.exe

D:\lnuwxj.exe

D:\lvjgh.exe

D:\merv.exe

D:\odvwoj.exe

D:\pfkl.exe

D:\pkssi.exe

D:\psboxg.exe

D:\qmwh.exe

D:\rbix.exe

D:\rletcc.exe

D:\rlxsu.exe

D:\rwpdne.exe

D:\sden.exe

D:\tgyb.exe

D:\tjvt.exe

D:\tsrou.exe

D:\twhw.exe

D:\umgris.exe

D:\velrl.exe

D:\vewrn.exe

D:\vnhk.exe

D:\vouaei.exe

D:\wdpn.exe

D:\wvqmw.exe

D:\wxflp.exe

D:\xart.exe

D:\xkkla.exe

D:\xodk.exe

D:\yaxx.exe

D:\yetqbv.exe

D:\ylfik.exe

D:\ytclew.exe

E:\asfr.exe

E:\ayvl.exe

E:\bewot.exe

E:\bjtswf.exe

E:\bxkgl.exe

E:\cgtx.exe

E:\dfbvg.exe

E:\dkbp.exe

E:\dowapr.exe

E:\dvcxv.exe

E:\fkal.exe

E:\gumnoq.exe

E:\gyuc.exe

E:\hruet.exe

E:\htlfl.exe

E:\igpuj.exe

E:\ijrc.exe

E:\irfvq.exe

E:\kpof.exe

E:\liwuxx.exe

E:\ljoo.exe

E:\loarl.exe

E:\lokfi.exe

E:\mawrva.exe

E:\meinr.exe

E:\mkvde.exe

E:\mptlh.exe

E:\mvakju.exe

E:\nfegak.exe

E:\nqxqv.exe

E:\nvyvrf.exe

E:\nwqahr.exe

E:\obgb.exe

E:\ofvurc.exe

E:\ovko.exe

E:\oxec.exe

E:\pingg.exe

E:\qapjm.exe

E:\qssnfy.exe

E:\qyli.exe

E:\rutsgo.exe

E:\tiewsq.exe

E:\tkqwsd.exe

E:\trml.exe

E:\ucedc.exe

E:\ujdkk.exe

E:\vrksfl.exe

E:\vyiqb.exe

E:\wblc.exe

E:\weqys.exe

E:\whsg.exe

E:\wvjad.exe

E:\xvwq.exe

E:\yaudh.exe

E:\yhlqy.exe

E:\yimwvw.exe

E:\ykqhd.exe

F:\agndn.exe .. failed to delete

F:\bdwpd.exe

F:\bpjadt.exe

F:\btuur.exe

F:\cdpp.exe

F:\crnvqu.exe

F:\cyqig.exe

F:\defto.exe

F:\dfvtr.exe

F:\dpfy.exe

F:\eivy.exe

F:\ejsliw.exe

F:\eyywvq.exe

F:\fjnvig.exe

F:\fkjnht.exe

F:\hartj.exe

F:\iiunf.exe

F:\jbrh.exe

F:\jcss.exe

F:\jhlxs.exe

F:\kbrmxw.exe

F:\kncft.exe

F:\ksamp.exe

F:\loebup.exe

F:\mdxvn.exe

F:\nhbww.exe

F:\nshxe.exe

F:\ognn.exe

F:\oioyrn.exe

F:\olxsaq.exe

F:\oxiru.exe

F:\oyfgv.exe

F:\poiyi.exe

F:\poua.exe

F:\qhbnb.exe

F:\qoiqmr.exe

F:\qvrevk.exe

F:\rcmg.exe

F:\rcmm.exe

F:\rviltc.exe

F:\ryvsf.exe

F:\siku.exe

F:\soeg.exe

F:\suqul.exe

F:\swad.exe

F:\tikebv.exe

F:\ufxxnl.exe

F:\uhrwx.exe

F:\vdejw.exe

F:\vsdogh.exe

F:\vvep.exe

F:\vxgs.exe

F:\wdnpi.exe

F:\yhqyvs.exe

F:\yiad.exe

F:\yjpy.exe

F:\ykgij.exe

.

.

((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))

.

2010-12-04 08:32 . 2010-12-04 08:32 103140 --sh--r- C:\qgrld.exe

2010-12-04 08:30 . 2010-12-04 08:31 -------- d-----w- c:\users\MMA\AppData\Local\temp

2010-12-04 08:30 . 2010-12-04 08:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-03 18:49 . 2010-12-03 18:49 103140 --sh--r- C:\juebij.exe

2010-12-01 19:23 . 2010-12-01 19:23 -------- d-----w- c:\programdata\Comodo

2010-12-01 19:04 . 2010-12-01 19:04 -------- d-----w- c:\users\MMA\AppData\Roaming\SUPERAntiSpyware.com

2010-12-01 19:04 . 2010-12-01 19:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-12-01 17:53 . 2010-12-01 17:53 -------- d-----w- c:\program files\CCleaner

2010-12-01 09:38 . 2010-12-02 08:50 -------- d-----w- c:\program files\MagicDisc

2010-11-30 21:10 . 2010-11-30 21:10 -------- d-----w- c:\users\MMA\AppData\Local\ESET

2010-11-30 21:09 . 2010-11-30 21:09 -------- d-----w- c:\program files\ESET

2010-11-30 21:03 . 2010-11-30 21:03 -------- d-----w- c:\program files\TNod User & Password Finder

2010-11-25 06:55 . 2010-11-25 06:55 -------- d-----w- c:\users\MMA\AppData\Roaming\GRETECH

2010-11-22 12:18 . 2010-12-03 09:01 -------- d-----w- c:\users\MMA\AppData\Local\Adobe

2010-11-19 17:33 . 2010-11-19 17:33 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-11-17 19:41 . 2010-11-17 19:41 737280 ----a-w- c:\windows\iun6002.exe

2010-11-17 19:09 . 2010-12-03 08:55 -------- d--h--w- c:\windows\PIF

2010-11-12 17:54 . 2010-11-12 17:54 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-11-10 18:55 . 2010-11-10 18:55 -------- dc----w- c:\users\MMA\AppData\Local\MigWiz

2010-11-05 12:04 . 2010-11-12 15:29 -------- d-----w- c:\users\MMA\AppData\Local\Microsoft Games

2010-11-05 11:58 . 2010-12-02 10:04 -------- d-----w- c:\users\MMA\AppData\Roaming\Media Player Classic

2010-11-05 05:00 . 2010-11-08 19:29 -------- d-----w- c:\users\MMA\AppData\Local\ElevatedDiagnostics

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-04 08:32 . 2010-12-04 08:32 103140 --sh--r- C:\djawgl.pif

2010-12-01 16:43 . 2010-12-01 16:43 326 ----a-w- c:\windows\Fonts\dsumddt

2010-11-29 12:42 . 2010-11-02 15:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 12:42 . 2010-11-02 15:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-02 15:04 . 2010-11-02 15:04 47104 ------w- c:\windows\AKDeInstall.exe

2010-10-19 06:41 . 2010-11-03 17:52 222080 ----a-w- c:\windows\system32\MpSigStub.exe

2010-10-18 04:41 . 2010-11-03 17:52 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FF388C4-1C0B-41A8-B237-E28DF272E0CE}\mpengine.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1889792]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-24 2145000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Users^MMA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\users\MMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2009-03-02 07:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]

2010-04-21 08:26 1901864 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2010-02-25 10:19 365624 ------w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"ANTIVIRUSDISABLENOTIFY"=dword:00000001

"FIREWALLDISABLENOTIFY"=dword:00000001

"UPDATESDISABLENOTIFY"=dword:00000001

"UacDisableNotify"=dword:00000001

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 309816]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-24 114984]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-24 133512]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-24 810120]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-24 96896]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.sa/

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\taskhost.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\conhost.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2010-12-04 13:36:32 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-04 08:36

Pre-Run: 62,669,680,640 bytes free

Post-Run: 62,191,128,576 bytes free

- - End Of File - - 9ED696B95453CF9B0150C10F1111F586

Share this post


Link to post
Share on other sites

Yep...that did it...it's clean now :(

Thank you very much for your help Elise :)

Share this post


Link to post
Share on other sites

Could you please post me the results? That way I can see if there is any other action you should take. If it is a huge list, you can just post some of the detected items.

Share this post


Link to post
Share on other sites

I'm sorry I was unable to save the report. Can I get a new one by running the scan again?

Share this post


Link to post
Share on other sites

No need for that. Do you remember what was found?

How are things running now?

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Share this post


Link to post
Share on other sites

The Kaspersky Tool detected a lot of infected exe and pif files. It disinfected those files and then I had to run MBAM to delete them. I have the log of the original scan and the latest scan.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5236

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/5/2010 4:23:43 PM

mbam-log-2010-12-05 (16-23-43).txt

Scan type: Quick scan

Objects scanned: 125932

Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 68

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FIREWALLDISABLENOTIFY (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UPDATESDISABLENOTIFY (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\ahetbl.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\ahwd.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\akcvgt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\bhwepk.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\bkuwd.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\bloi.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\bnmwh.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\ptwjq.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\qlygku.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\qqvjxb.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\qwhw.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\rclhq.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\rpdqip.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\sdkr.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\thbpyu.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\tjjbn.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\trnk.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\trseyw.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\udbii.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\uiai.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\urgo.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\vdgu.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\vgdf.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\whlpp.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\wqvcv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\xxcx.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\yisn.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\clohln.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\dbonh.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\dhbhc.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\dljye.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\dqip.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\dybc.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\efgp.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\egss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\ejukwl.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\elymvv.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\fank.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\fibos.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\fnfqp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\ftpc.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\fujt.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\fwhv.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\gotu.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\gwjc.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\hgbhmj.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\hmnjm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\houm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\hwhry.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\hyfhqt.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\hyhj.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\ievfrh.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\imeka.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\iwbk.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\jewqkt.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\kdkq.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\kfuskj.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\lbjuo.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\lmgv.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\lrygce.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\mneik.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\mspb.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\mtlmeu.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\mtsen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\mwjrxr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\nkusjd.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\ntwtxq.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\owxvsw.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This is the latest scan

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5260

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/7/2010 1:16:12 PM

mbam-log-2010-12-07 (13-16-12).txt

Scan type: Quick scan

Objects scanned: 125836

Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Things are back to normal now, no computer freeze, no lock ups. The programs are loading more quickly.

Share this post


Link to post
Share on other sites

I'm glad to hear that. ;)

Please run a scan with your ESET nod 32 and let me know what was found if anything.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.