Can you tell me if I'm infected?
-
Can you tell me if I'm infected?
Hello
Here is a recent log file I've run with highjackthis. My computer lags and it's probably a virus.
You guys let me know what to do. Thank you very much - Carine.
----
Last edited by broni; 24-08-2010 at 06:52 PM.
-
I hope, you won't leave me hanging out there this time, as you did in this topic: http://www.d-a-l.com/help/spyware-ad...wont-shut.html
If you do, you won't be able to receive any more help in malware forum.
Now, you should know the drill...
Please, read HERE and post required logs.
We don't use HJT around here anymore.
-
Hello Broni.
I have tried to follow all the steps listed but couldn't run GMER. I have tried several times as said and I am getting the BSOD even in safe mode.
I could reun the Malware bytes though and here is the log:
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4475
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
25/08/2010 13:55:06
mbam-log-2010-08-25 (13-55-06).txt
Scan type: Quick scan
Objects scanned: 131927
Time elapsed: 7 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Let me know if there is an alternative procedure.
Thanks,
-
Skip GMER for now. Provide other logs.
-
Hey Broni.
My computer is getting worse. Still I managed now to run the MBR check.
will try to move on with the procedure. but it's VERY difficult as the computer really acts weirdly.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1737
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 165):
0x82051000 \SystemRoot\system32\ntkrnlpa.exe
0x8201E000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80482000 \SystemRoot\system32\PSHED.dll
0x80493000 \SystemRoot\system32\BOOTVID.dll
0x8049B000 \SystemRoot\system32\CLFS.SYS
0x804DC000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\system32\drivers\acpi.sys
0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E0000 \SystemRoot\system32\drivers\pci.sys
0x80707000 \SystemRoot\System32\drivers\partmgr.sys
0x80716000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80719000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8078C000 \SystemRoot\system32\drivers\atapi.sys
0x80794000 \SystemRoot\system32\drivers\ataport.SYS
0x807B2000 \SystemRoot\system32\drivers\msahci.sys
0x807BC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807CA000 \SystemRoot\system32\drivers\fltmgr.sys
0x805BC000 \SystemRoot\system32\drivers\fileinfo.sys
0x82602000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82673000 \SystemRoot\system32\drivers\ndis.sys
0x8277E000 \SystemRoot\system32\drivers\msrpc.sys
0x827A9000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A009000 \SystemRoot\System32\drivers\tcpip.sys
0x8A0F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A207000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A317000 \SystemRoot\system32\drivers\volsnap.sys
0x8A350000 \SystemRoot\System32\Drivers\spldr.sys
0x8A358000 \SystemRoot\System32\Drivers\mup.sys
0x8A367000 \SystemRoot\System32\drivers\ecache.sys
0x8A38E000 \SystemRoot\system32\drivers\disk.sys
0x8A39F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A3C0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3EB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A3F6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8DC02000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8A10E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E199000 \SystemRoot\System32\drivers\watchdog.sys
0x8E20A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E297000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E2A2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E2E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E600000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8E988000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x8E9BD000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E9CD000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E9DB000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8E2EF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8E300000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8E314000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8E366000 \SystemRoot\system32\DRIVERS\itecir.sys
0x8E3BF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E9F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E3D2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E3DD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E3F5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E1A5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E200000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E3FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E1B4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A1AF000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E1E3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x827E4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E1EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x805CC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A1F0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EC0A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EC1E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EC33000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EC43000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EC45000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EC6F000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8EC7D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EC87000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EC94000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8ECC9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8ECDA000 \SystemRoot\system32\drivers\HdAudio.sys
0x8ED19000 \SystemRoot\system32\drivers\portcls.sys
0x8ED46000 \SystemRoot\system32\drivers\drmk.sys
0x8ED6B000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x8EDCD000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8EDD8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8EDE8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EDEF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8EDF8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8EE02000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8EE25000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EE2E000 \SystemRoot\System32\Drivers\Null.SYS
0x8EE35000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EE3C000 \SystemRoot\System32\drivers\vga.sys
0x8EE48000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EE69000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EE71000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EE79000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EE84000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EE92000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EE9B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EEB1000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EEC5000 \SystemRoot\system32\drivers\afd.sys
0x8EF0D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EF3F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EF55000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EF63000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EF76000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EFB2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8EFBC000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EFD3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EFE0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8EFEB000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8A3C9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EFF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x94E07000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x94E4C000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x95E30000 \SystemRoot\System32\win32k.sys
0x94E6D000 \SystemRoot\System32\drivers\Dxapi.sys
0x94E77000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x94E80000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96050000 \SystemRoot\System32\TSDDD.dll
0x96070000 \SystemRoot\System32\cdd.dll
0x96080000 \SystemRoot\System32\ATMFD.DLL
0x94E8F000 \SystemRoot\system32\drivers\luafv.sys
0x94EAA000 \SystemRoot\system32\drivers\WudfPf.sys
0x94EC4000 \SystemRoot\system32\drivers\spsys.sys
0x94F74000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94F84000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x94FAE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x94FB8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A80B000 \SystemRoot\system32\drivers\HTTP.sys
0x9A878000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A895000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A8AE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A8C3000 \SystemRoot\system32\drivers\mrxdav.sys
0x9A8E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A903000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A93C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9A954000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9A97B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A9E1000 \SystemRoot\System32\Drivers\adfs.SYS
0x9A9C9000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9A9DB000 \??\C:\Windows\system32\drivers\pdihwctl.sys
0x9D40D000 \SystemRoot\system32\drivers\peauth.sys
0x9D578000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D582000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D58E000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9DEFE000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9DF07000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9DF1D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9DF47000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9DF54000 \SystemRoot\System32\Drivers\bthport.sys
0x9DFD4000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x9DFDE000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9DE00000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x9DE0F000 \SystemRoot\system32\drivers\modem.sys
0x9DE1C000 \SystemRoot\system32\drivers\btwavdt.sys
0x9D4EB000 \SystemRoot\system32\drivers\btwaudio.sys
0x9DE8D000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x9DE97000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x77010000 \Windows\System32\ntdll.dll
Processes (total 344):
0 System Idle Process
4 System
484 C:\Windows\System32\smss.exe
552 csrss.exe
612 C:\Windows\System32\wininit.exe
624 csrss.exe
656 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\winlogon.exe
860 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
956 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1060 C:\Windows\System32\Ati2evxx.exe
1104 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_2ba5baa4\stacsv.exe
1276 C:\Windows\System32\audiodg.exe
1340 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\SLsvc.exe
1396 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\svchost.exe
1816 C:\Windows\System32\Ati2evxx.exe
1852 C:\Windows\System32\spoolsv.exe
1884 C:\Windows\System32\svchost.exe
528 C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_2ba5baa4\AEstSrv.exe
648 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
848 C:\Program Files\Bonjour\mDNSResponder.exe
1004 C:\Windows\System32\svchost.exe
1120 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
1468 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2060 C:\Windows\System32\svchost.exe
2168 C:\Windows\System32\dwm.exe
2336 C:\Windows\System32\taskeng.exe
2488 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\svchost.exe
2552 C:\Windows\System32\svchost.exe
2572 C:\Windows\System32\SearchIndexer.exe
2768 C:\Windows\explorer.exe
3000 C:\Windows\System32\taskeng.exe
3304 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3428 C:\Program Files\Microsoft Security Essentials\msseces.exe
3440 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3448 C:\Program Files\iTunes\iTunesHelper.exe
3456 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3464 C:\Program Files\Windows Media Player\wmpnscfg.exe
3496 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3552 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
3568 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3596 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3700 C:\Users\Admin\AppData\Local\Google\Update\1.2.183 .29\GoogleCrashHandler.exe
3984 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
3072 C:\Program Files\Windows Live\Contacts\wlcomm.exe
652 unsecapp.exe
2176 WmiPrvSE.exe
4104 C:\Program Files\Windows Media Player\wmpnetwk.exe
4284 C:\Program Files\iPod\bin\iPodService.exe
4344 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
4756 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4788 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2204 C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
5464 C:\Windows\System32\SearchProtocolHost.exe
3280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
3620 C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
288 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
4996 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
3252 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
996 C:\Windows\System32\SearchProtocolHost.exe
1224 C:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXE
5384 C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
5008 C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
308 C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
5252 C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
3120 C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
5816 C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
2180 C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
4968 C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
4452 C:\Windows\System32\SearchFilterHost.exe
5924 C:\Users\Admin\Downloads\MBRCheck.exe
5908 C:\Program Files\Real\RealPlayer\realplay.exe
3332 C:\Program Files\Real\RealPlayer\realplay.exe
3592 C:\Program Files\Real\RealPlayer\realplay.exe
6016 C:\Program Files\Real\RealPlayer\realplay.exe
2108 C:\Program Files\Real\RealPlayer\realplay.exe
1316 C:\Program Files\Real\RealPlayer\realplay.exe
4232 C:\Program Files\Real\RealPlayer\realplay.exe
4564 C:\Program Files\Real\RealPlayer\realplay.exe
4560 C:\Program Files\Real\RealPlayer\realplay.exe
3188 C:\Program Files\Real\RealPlayer\realplay.exe
5776 C:\Program Files\Real\RealPlayer\realplay.exe
3296 C:\Program Files\Real\RealPlayer\realplay.exe
2016 C:\Program Files\Real\RealPlayer\realplay.exe
5724 C:\Program Files\Real\RealPlayer\realplay.exe
2100 C:\Program Files\Real\RealPlayer\realplay.exe
4808 C:\Program Files\Real\RealPlayer\realplay.exe
3612 C:\Program Files\Real\RealPlayer\realplay.exe
4796 C:\Program Files\Real\RealPlayer\realplay.exe
3472 C:\Program Files\Real\RealPlayer\realplay.exe
3636 C:\Program Files\Real\RealPlayer\realplay.exe
5056 C:\Program Files\Real\RealPlayer\realplay.exe
804 C:\Program Files\Real\RealPlayer\realplay.exe
6132 C:\Program Files\Real\RealPlayer\realplay.exe
5460 C:\Program Files\Real\RealPlayer\realplay.exe
2444 C:\Program Files\Real\RealPlayer\realplay.exe
4888 C:\Program Files\Real\RealPlayer\realplay.exe
5600 C:\Program Files\Real\RealPlayer\realplay.exe
5372 C:\Program Files\Real\RealPlayer\realplay.exe
5620 C:\Program Files\Real\RealPlayer\realplay.exe
5664 C:\Program Files\Real\RealPlayer\realplay.exe
5616 C:\Program Files\Real\RealPlayer\realplay.exe
5972 C:\Program Files\Real\RealPlayer\realplay.exe
5592 C:\Program Files\Real\RealPlayer\realplay.exe
5444 C:\Program Files\Real\RealPlayer\realplay.exe
5412 C:\Program Files\Real\RealPlayer\realplay.exe
4684 C:\Program Files\Real\RealPlayer\realplay.exe
6000 C:\Program Files\Real\RealPlayer\realplay.exe
5052 C:\Program Files\Real\RealPlayer\realplay.exe
5716 C:\Program Files\Real\RealPlayer\realplay.exe
3544 C:\Program Files\Real\RealPlayer\realplay.exe
5420 C:\Program Files\Real\RealPlayer\realplay.exe
4828 C:\Program Files\Real\RealPlayer\realplay.exe
6088 C:\Program Files\Real\RealPlayer\realplay.exe
1720 C:\Program Files\Real\RealPlayer\realplay.exe
2680 C:\Program Files\Real\RealPlayer\realplay.exe
5164 C:\Program Files\Real\RealPlayer\realplay.exe
6080 C:\Program Files\Real\RealPlayer\realplay.exe
304 C:\Program Files\Real\RealPlayer\realplay.exe
3844 C:\Program Files\Real\RealPlayer\realplay.exe
4528 C:\Program Files\Real\RealPlayer\realplay.exe
3360 C:\Program Files\Real\RealPlayer\realplay.exe
4680 C:\Program Files\Real\RealPlayer\realplay.exe
3420 C:\Program Files\Real\RealPlayer\realplay.exe
3488 C:\Program Files\Real\RealPlayer\realplay.exe
2208 C:\Program Files\Real\RealPlayer\realplay.exe
6004 C:\Program Files\Real\RealPlayer\realplay.exe
5500 C:\Program Files\Real\RealPlayer\realplay.exe
2384 C:\Program Files\Real\RealPlayer\realplay.exe
5796 C:\Program Files\Real\RealPlayer\realplay.exe
5484 C:\Program Files\Real\RealPlayer\realplay.exe
5416 C:\Program Files\Real\RealPlayer\realplay.exe
5652 C:\Program Files\Real\RealPlayer\realplay.exe
5940 C:\Program Files\Real\RealPlayer\realplay.exe
6060 C:\Program Files\Real\RealPlayer\realplay.exe
4988 C:\Program Files\Real\RealPlayer\realplay.exe
5656 C:\Program Files\Real\RealPlayer\realplay.exe
5488 C:\Program Files\Real\RealPlayer\realplay.exe
5152 C:\Program Files\Real\RealPlayer\realplay.exe
4212 C:\Program Files\Real\RealPlayer\realplay.exe
1624 C:\Program Files\Real\RealPlayer\realplay.exe
4960 C:\Program Files\Real\RealPlayer\realplay.exe
1024 C:\Program Files\Real\RealPlayer\realplay.exe
5236 C:\Program Files\Real\RealPlayer\realplay.exe
3672 C:\Program Files\Real\RealPlayer\realplay.exe
916 C:\Program Files\Real\RealPlayer\realplay.exe
4652 C:\Program Files\Real\RealPlayer\realplay.exe
5080 C:\Program Files\Real\RealPlayer\realplay.exe
992 C:\Program Files\Real\RealPlayer\realplay.exe
2140 C:\Program Files\Real\RealPlayer\realplay.exe
5772 C:\Program Files\Real\RealPlayer\realplay.exe
5204 C:\Program Files\Real\RealPlayer\realplay.exe
5728 C:\Program Files\Real\RealPlayer\realplay.exe
5104 C:\Program Files\Real\RealPlayer\realplay.exe
4872 C:\Program Files\Real\RealPlayer\realplay.exe
2848 C:\Program Files\Real\RealPlayer\realplay.exe
3716 C:\Program Files\Real\RealPlayer\realplay.exe
5756 C:\Program Files\Real\RealPlayer\realplay.exe
6048 C:\Program Files\Real\RealPlayer\realplay.exe
5944 C:\Program Files\Real\RealPlayer\realplay.exe
4900 C:\Program Files\Real\RealPlayer\realplay.exe
5672 C:\Program Files\Real\RealPlayer\realplay.exe
2116 C:\Program Files\Real\RealPlayer\realplay.exe
3660 C:\Program Files\Real\RealPlayer\realplay.exe
2136 C:\Program Files\Real\RealPlayer\realplay.exe
4396 C:\Program Files\Real\RealPlayer\realplay.exe
796 C:\Program Files\Real\RealPlayer\realplay.exe
1392 C:\Program Files\Real\RealPlayer\realplay.exe
3880 C:\Program Files\Real\RealPlayer\realplay.exe
608 C:\Program Files\Real\RealPlayer\realplay.exe
5884 C:\Program Files\Real\RealPlayer\realplay.exe
4224 C:\Program Files\Real\RealPlayer\realplay.exe
4456 C:\Program Files\Real\RealPlayer\realplay.exe
5732 C:\Program Files\Real\RealPlayer\realplay.exe
2584 C:\Program Files\Real\RealPlayer\realplay.exe
3512 C:\Program Files\Real\RealPlayer\realplay.exe
5344 C:\Program Files\Real\RealPlayer\realplay.exe
3916 C:\Program Files\Real\RealPlayer\realplay.exe
5224 C:\Program Files\Real\RealPlayer\realplay.exe
3364 C:\Program Files\Real\RealPlayer\realplay.exe
3724 C:\Program Files\Real\RealPlayer\realplay.exe
4924 C:\Program Files\Real\RealPlayer\realplay.exe
4632 C:\Program Files\Real\RealPlayer\realplay.exe
3384 C:\Program Files\Real\RealPlayer\realplay.exe
3052 C:\Program Files\Real\RealPlayer\realplay.exe
4744 C:\Program Files\Real\RealPlayer\realplay.exe
2860 C:\Program Files\Real\RealPlayer\realplay.exe
4160 C:\Program Files\Real\RealPlayer\realplay.exe
4000 C:\Program Files\Real\RealPlayer\realplay.exe
2724 C:\Program Files\Real\RealPlayer\realplay.exe
1984 C:\Program Files\Real\RealPlayer\realplay.exe
2032 C:\Program Files\Real\RealPlayer\realplay.exe
5428 C:\Program Files\Real\RealPlayer\realplay.exe
5788 C:\Program Files\Real\RealPlayer\realplay.exe
604 C:\Program Files\Real\RealPlayer\realplay.exe
3312 C:\Program Files\Real\RealPlayer\realplay.exe
4836 C:\Program Files\Real\RealPlayer\realplay.exe
3376 C:\Program Files\Real\RealPlayer\realplay.exe
4432 C:\Program Files\Real\RealPlayer\realplay.exe
1872 C:\Program Files\Real\RealPlayer\realplay.exe
904 C:\Program Files\Real\RealPlayer\realplay.exe
1612 C:\Program Files\Real\RealPlayer\realplay.exe
1916 C:\Program Files\Real\RealPlayer\realplay.exe
5784 C:\Program Files\Real\RealPlayer\realplay.exe
5272 C:\Program Files\Real\RealPlayer\realplay.exe
5448 C:\Program Files\Real\RealPlayer\realplay.exe
2448 C:\Program Files\Real\RealPlayer\realplay.exe
2708 C:\Program Files\Real\RealPlayer\realplay.exe
5968 C:\Program Files\Real\RealPlayer\realplay.exe
1288 C:\Program Files\Real\RealPlayer\realplay.exe
5260 C:\Program Files\Real\RealPlayer\realplay.exe
3908 C:\Program Files\Real\RealPlayer\realplay.exe
4932 C:\Program Files\Real\RealPlayer\realplay.exe
2820 C:\Program Files\Real\RealPlayer\realplay.exe
3284 C:\Program Files\Real\RealPlayer\realplay.exe
5736 C:\Program Files\Real\RealPlayer\realplay.exe
4008 C:\Program Files\Real\RealPlayer\realplay.exe
720 C:\Program Files\Real\RealPlayer\realplay.exe
264 C:\Program Files\Real\RealPlayer\realplay.exe
5524 C:\Program Files\Real\RealPlayer\realplay.exe
5456 C:\Program Files\Real\RealPlayer\realplay.exe
1824 C:\Program Files\Real\RealPlayer\realplay.exe
6072 C:\Program Files\Real\RealPlayer\realplay.exe
5276 C:\Program Files\Real\RealPlayer\realplay.exe
5316 C:\Program Files\Real\RealPlayer\realplay.exe
4916 C:\Program Files\Real\RealPlayer\realplay.exe
2704 C:\Program Files\Real\RealPlayer\realplay.exe
5904 C:\Program Files\Real\RealPlayer\realplay.exe
2940 C:\Program Files\Real\RealPlayer\realplay.exe
5376 C:\Program Files\Real\RealPlayer\realplay.exe
3816 C:\Program Files\Real\RealPlayer\realplay.exe
5380 C:\Program Files\Real\RealPlayer\realplay.exe
5952 C:\Program Files\Real\RealPlayer\realplay.exe
6044 C:\Program Files\Real\RealPlayer\realplay.exe
4716 C:\Program Files\Real\RealPlayer\realplay.exe
5088 C:\Program Files\Real\RealPlayer\realplay.exe
5700 C:\Program Files\Real\RealPlayer\realplay.exe
280 C:\Program Files\Real\RealPlayer\realplay.exe
4908 C:\Program Files\Real\RealPlayer\realplay.exe
3084 C:\Program Files\Real\RealPlayer\realplay.exe
5492 C:\Program Files\Real\RealPlayer\realplay.exe
4576 C:\Program Files\Real\RealPlayer\realplay.exe
5192 C:\Program Files\Real\RealPlayer\realplay.exe
5544 C:\Program Files\Real\RealPlayer\realplay.exe
1592 C:\Program Files\Real\RealPlayer\realplay.exe
1736 C:\Program Files\Real\RealPlayer\realplay.exe
5140 C:\Program Files\Real\RealPlayer\realplay.exe
476 C:\Program Files\Real\RealPlayer\realplay.exe
2916 C:\Program Files\Real\RealPlayer\realplay.exe
5392 C:\Program Files\Real\RealPlayer\realplay.exe
5532 C:\Program Files\Real\RealPlayer\realplay.exe
1704 C:\Program Files\Real\RealPlayer\realplay.exe
2872 C:\Program Files\Real\RealPlayer\realplay.exe
1236 C:\Program Files\Real\RealPlayer\realplay.exe
5936 C:\Program Files\Real\RealPlayer\realplay.exe
4244 C:\Program Files\Real\RealPlayer\realplay.exe
6148 C:\Program Files\Real\RealPlayer\realplay.exe
6156 C:\Program Files\Real\RealPlayer\realplay.exe
6164 C:\Program Files\Real\RealPlayer\realplay.exe
6172 C:\Program Files\Real\RealPlayer\realplay.exe
6180 C:\Program Files\Real\RealPlayer\realplay.exe
6188 C:\Program Files\Real\RealPlayer\realplay.exe
6196 C:\Program Files\Real\RealPlayer\realplay.exe
6204 C:\Program Files\Real\RealPlayer\realplay.exe
6212 C:\Program Files\Real\RealPlayer\realplay.exe
6220 C:\Program Files\Real\RealPlayer\realplay.exe
6228 C:\Program Files\Real\RealPlayer\realplay.exe
6236 C:\Program Files\Real\RealPlayer\realplay.exe
6244 C:\Program Files\Real\RealPlayer\realplay.exe
6252 C:\Program Files\Real\RealPlayer\realplay.exe
6260 C:\Program Files\Real\RealPlayer\realplay.exe
6268 C:\Program Files\Real\RealPlayer\realplay.exe
6276 C:\Program Files\Real\RealPlayer\realplay.exe
6284 C:\Program Files\Real\RealPlayer\realplay.exe
6292 C:\Program Files\Real\RealPlayer\realplay.exe
6300 C:\Program Files\Real\RealPlayer\realplay.exe
6308 C:\Program Files\Real\RealPlayer\realplay.exe
6316 C:\Program Files\Real\RealPlayer\realplay.exe
6324 C:\Program Files\Real\RealPlayer\realplay.exe
6332 C:\Program Files\Real\RealPlayer\realplay.exe
6340 C:\Program Files\Real\RealPlayer\realplay.exe
6348 C:\Program Files\Real\RealPlayer\realplay.exe
6356 C:\Program Files\Real\RealPlayer\realplay.exe
6364 C:\Program Files\Real\RealPlayer\realplay.exe
6372 C:\Program Files\Real\RealPlayer\realplay.exe
6384 C:\Program Files\Real\RealPlayer\realplay.exe
6396 C:\Program Files\Real\RealPlayer\realplay.exe
6404 C:\Program Files\Real\RealPlayer\realplay.exe
6412 C:\Program Files\Real\RealPlayer\realplay.exe
6420 C:\Program Files\Real\RealPlayer\realplay.exe
6428 C:\Program Files\Real\RealPlayer\realplay.exe
6436 C:\Program Files\Real\RealPlayer\realplay.exe
6444 C:\Program Files\Real\RealPlayer\realplay.exe
6452 C:\Program Files\Real\RealPlayer\realplay.exe
6460 C:\Program Files\Real\RealPlayer\realplay.exe
6468 C:\Program Files\Real\RealPlayer\realplay.exe
6476 C:\Program Files\Real\RealPlayer\realplay.exe
6484 C:\Program Files\Real\RealPlayer\realplay.exe
6492 C:\Program Files\Real\RealPlayer\realplay.exe
6500 C:\Program Files\Real\RealPlayer\realplay.exe
6508 C:\Program Files\Real\RealPlayer\realplay.exe
6516 C:\Program Files\Real\RealPlayer\realplay.exe
6524 C:\Program Files\Real\RealPlayer\realplay.exe
6532 C:\Program Files\Real\RealPlayer\realplay.exe
6540 C:\Program Files\Real\RealPlayer\realplay.exe
6548 C:\Program Files\Real\RealPlayer\realplay.exe
6556 C:\Program Files\Real\RealPlayer\realplay.exe
6564 C:\Program Files\Real\RealPlayer\realplay.exe
6572 C:\Program Files\Real\RealPlayer\realplay.exe
6580 C:\Program Files\Real\RealPlayer\realplay.exe
6588 C:\Program Files\Real\RealPlayer\realplay.exe
6596 C:\Program Files\Real\RealPlayer\realplay.exe
6604 C:\Program Files\Real\RealPlayer\realplay.exe
6612 C:\Program Files\Real\RealPlayer\realplay.exe
6620 C:\Program Files\Real\RealPlayer\realplay.exe
6628 C:\Program Files\Real\RealPlayer\realplay.exe
6636 C:\Program Files\Real\RealPlayer\realplay.exe
6644 C:\Program Files\Real\RealPlayer\realplay.exe
6652 C:\Program Files\Real\RealPlayer\realplay.exe
6660 C:\Program Files\Real\RealPlayer\realplay.exe
6668 C:\Program Files\Real\RealPlayer\realplay.exe
6676 C:\Program Files\Real\RealPlayer\realplay.exe
6684 C:\Program Files\Real\RealPlayer\realplay.exe
6696 C:\Program Files\Real\RealPlayer\realplay.exe
6704 C:\Program Files\Real\RealPlayer\realplay.exe
6712 C:\Program Files\Real\RealPlayer\realplay.exe
6720 C:\Program Files\Real\RealPlayer\realplay.exe
6728 C:\Program Files\Real\RealPlayer\realplay.exe
6736 C:\Program Files\Real\RealPlayer\realplay.exe
6744 C:\Program Files\Real\RealPlayer\realplay.exe
6752 C:\Program Files\Real\RealPlayer\realplay.exe
6760 C:\Program Files\Real\RealPlayer\realplay.exe
6772 C:\Program Files\Real\RealPlayer\realplay.exe
6780 C:\Program Files\Real\RealPlayer\realplay.exe
6788 C:\Program Files\Real\RealPlayer\realplay.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: ST9320325AS, Rev: 0003DEM1
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
-
And the OTL doesn't load...
-
MBR log looks good 
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe
- * Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.
Now download and run exeHelper.
- * Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
================================================== ==========
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
Here is the first log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Admin on 27/08/2010 at 9:25:45.
Processes terminated by Rkill or while it was running:
C:\Users\Admin\AppData\Local\Google\Update\1.2.183 .29\GoogleCrashHandler.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
Rkill completed on 27/08/2010 at 9:25:54.
The second log:
exeHelper by Raktor
Build 20100414
Run at 09:27:54 on 08/27/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Moving on to Combofix
-
Here is my combo fix log:
ComboFix 10-08-26.04 - Admin 27/08/2010 17:25:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.2024 [GMT 1:00]
Running from: c:\users\Admin\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-27 16:33 . 2010-08-27 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-25 12:37 . 2010-08-25 12:37 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2010-08-25 12:37 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 12:37 . 2010-08-25 12:37 -------- d-----w- c:\programdata\Malwarebytes
2010-08-25 12:37 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 12:37 . 2010-08-25 12:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 13:45 . 2010-08-24 13:45 -------- d-----w- c:\program files\Trend Micro
2010-08-24 10:37 . 2010-08-24 10:37 -------- d-----w- c:\users\Admin\AppData\Roaming\Jane s Hotel
2010-08-23 14:44 . 2010-08-23 14:44 -------- d-----w- c:\users\Admin\AppData\Local\Oberon Games
2010-08-23 14:43 . 2010-08-24 10:36 -------- d-----w- c:\program files\Games.co.uk
2010-08-23 11:14 . 2010-08-23 11:14 -------- d-----w- c:\programdata\MumboJumbo
2010-08-20 15:15 . 2010-08-20 15:15 -------- d-----w- c:\users\Admin\AppData\Roaming\Go-Go Gourmet Chef of the Year
2010-08-20 14:00 . 2010-08-20 14:00 -------- d-----w- c:\programdata\GoBit Games
2010-08-19 15:08 . 2010-08-19 15:08 -------- d-----w- c:\users\Admin\AppData\Roaming\NevoSoft Games
2010-08-19 13:48 . 2010-08-19 13:48 -------- d-----w- c:\users\Admin\AppData\Roaming\GamesCafe
2010-08-18 13:29 . 2010-08-18 13:29 -------- d-----w- c:\users\Admin\AppData\Roaming\Boomzap
2010-08-17 09:52 . 2010-08-17 10:16 -------- d-----w- c:\programdata\FarmFrenzy3_Russia
2010-08-12 16:51 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 16:51 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 16:51 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-10 14:04 . 2010-08-10 14:04 -------- d-----w- c:\programdata\HipSoft
2010-08-10 08:29 . 2010-08-10 08:29 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 08:58 . 2010-08-04 08:59 -------- d-----w- c:\programdata\Go Go Gourmet
2010-08-03 15:32 . 2010-08-03 15:32 -------- d-----w- c:\users\Admin\AppData\Local\Menge
2010-08-03 15:32 . 2010-08-23 14:35 -------- d-----w- c:\users\Admin\AppData\Local\Zylom Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-26 19:43 . 2010-03-08 12:05 1076 ----a-w- c:\windows\bthservsdp.dat
2010-08-24 11:38 . 2010-03-08 18:05 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
2010-08-24 10:32 . 2010-03-08 18:08 -------- d-----w- c:\users\Admin\AppData\Roaming\skypePM
2010-08-23 13:35 . 2010-03-21 16:16 -------- d-----w- c:\users\Admin\AppData\Roaming\vlc
2010-08-23 12:35 . 2010-03-08 05:40 1356 ----a-w- c:\users\Admin\AppData\Local\d3d9caps.dat
2010-08-23 11:14 . 2010-03-27 15:16 -------- d-----w- c:\users\Admin\AppData\Roaming\Zylom
2010-08-17 08:24 . 2010-04-08 09:20 -------- d-----w- c:\users\Admin\AppData\Roaming\PlayFirst
2010-08-17 08:24 . 2010-04-08 09:20 -------- d-----w- c:\programdata\PlayFirst
2010-08-12 18:45 . 2010-03-08 13:56 -------- d-----w- c:\programdata\Microsoft Help
2010-08-12 18:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-10 08:28 . 2010-03-15 09:05 -------- d-----w- c:\program files\Java
2010-08-03 14:16 . 2010-05-05 07:58 -------- d-----w- c:\users\Admin\AppData\Roaming\HpUpdate
2010-07-27 11:13 . 2010-07-27 11:13 -------- d-----w- c:\programdata\The Mirror Mysteries
2010-07-27 09:56 . 2010-07-27 09:53 -------- d-----w- c:\users\Admin\AppData\Roaming\Virtual City
2010-07-26 11:33 . 2010-07-26 11:33 -------- d-----w- c:\programdata\Kingdom
2010-07-25 16:26 . 2010-07-25 16:25 -------- d-----w- c:\program files\iTunes
2010-07-25 16:26 . 2010-07-25 16:26 -------- d-----w- c:\program files\iPod
2010-07-25 16:25 . 2010-03-11 10:20 -------- d-----w- c:\program files\Common Files\Apple
2010-07-25 16:21 . 2010-07-25 16:21 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-17 04:00 . 2010-04-25 14:56 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 10:00 . 2010-07-07 10:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-04 10:06 . 2010-03-08 14:23 -------- d-----w- c:\programdata\PC Suite
2010-07-04 10:06 . 2010-07-04 10:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDrive r_01_09_00.Wdf
2010-07-04 09:47 . 2010-07-04 09:47 -------- d-----w- c:\program files\Common Files\PCSuite
2010-07-04 09:47 . 2010-07-04 09:47 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-04 09:47 . 2010-03-08 14:20 -------- d-----w- c:\program files\Nokia
2010-07-04 09:45 . 2010-07-04 09:45 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-04 09:44 . 2010-07-04 09:44 95232 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpc si.exe
2010-07-04 09:44 . 2010-07-04 09:44 8192 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\Uninst CCD.exe
2010-07-04 09:44 . 2010-07-04 09:44 61440 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2010-07-04 09:44 . 2010-07-04 09:44 10240 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\Uninst PCS.exe
2010-07-04 09:44 . 2010-03-08 14:19 -------- d-----w- c:\programdata\Installations
2010-07-04 09:44 . 2010-07-04 09:45 36365624 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng.exe
2010-06-30 09:40 . 2010-06-30 09:40 -------- d-----w- c:\users\Admin\AppData\Roaming\Settlement. Colossus
2010-06-29 09:31 . 2010-06-15 14:46 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-26 06:05 . 2010-08-12 16:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 16:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 16:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 16:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 16:52 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 16:52 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-12 16:52 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 16:52 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 15:51 . 2010-06-11 15:51 3055600 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\plugins\npg tpo3dautoplugin.dll
2010-06-11 15:36 . 2010-06-11 15:36 275952 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\plugins\npg oogletalk.dll
2010-06-08 17:35 . 2010-08-12 16:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 16:52 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 17:37 . 2010-03-08 12:15 221568 ------w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\users\Admin\AppData\Local\Google\Updat e\GoogleUpdate.exe" [2010-03-08 135664]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-14 442460]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-07 202256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2010-6-27 708608]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2010-6-27 954368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8b,65,5f,ff,40,c3,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 i1display;i1 Display;c:\windows\system32\Drivers\i1display.sys [2004-10-15 44344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileReposi tory\stwrt.inf_2ba5baa4\aestsrv.exe [2008-08-14 73728]
S2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdih wctl.sys [2007-01-25 14416]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-01-26 61984]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-02-24 203264]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-21 3663360]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-684716456-419228589-3536278410-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleU pdate.exe [2010-03-08 12:21]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-684716456-419228589-3536278410-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleU pdate.exe [2010-03-08 12:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.games.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100520091748
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-27 17:33
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3320)
c:\windows\system32\btmmhook.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Flip Video\FlipShare\IPPMp4Splitter.ax
.
Completion time: 2010-08-27 17:35:57
ComboFix-quarantined-files.txt 2010-08-27 16:35
Pre-Run: 231,083,446,272 bytes free
Post-Run: 231,014,526,976 bytes free
- - End Of File - - E7C72F5AF62000452CD84E18AB69F107
-
What are the current computer issues?
I'm asking, because all logs, so far, look clean.
See, if OTL will run now.
Full Member
