Вирус пратен по Скайп

[vil]

След няколко опита се получава това :

 

OTL logfile created on: 1/3/2010 5:48:16 PM - Run 1

OTL by OldTimer - Version 3.1.20.2 Folder = C:\Users\violet\Desktop

Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,023.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 20.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 64.14 Gb Total Space | 14.60 Gb Free Space | 22.76% Space Free | Partition Type: NTFS

Drive D: | 42.76 Gb Total Space | 15.39 Gb Free Space | 36.00% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: VIOLET-ASUS

Current User Name: violet

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\violet\Desktop\vil.exe (OldTimer Tools)

PRC - C:\Users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmistrk.exe (System Driver Corp)

PRC - C:\Users\violet\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - D:\install\Winamp\winampa.exe ()

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()

PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()

PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()

PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Windows\System32\IFXTCS.exe (Infineon Technologies AG)

PRC - C:\Windows\System32\IFXSPMGT.exe (Infineon Technologies AG)

PRC - C:\Program Files\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG)

PRC - C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)

PRC - C:\Program Files\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)

PRC - c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\violet\Desktop\vil.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (Ati External Event Utility) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)

SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()

SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)

SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (IFXTCS) -- C:\Windows\System32\IFXTCS.exe (Infineon Technologies AG)

SRV - (IFXSpMgtSrv) -- C:\Windows\System32\IFXSPMGT.exe (Infineon Technologies AG)

SRV - (PersonalSecureDriveService) -- C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)

SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091228.004\NAVEX15.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091228.004\NAVENG.SYS (Symantec Corporation)

DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)

DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-253012040-1568701989-218809175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/

IE - HKU\S-1-5-21-253012040-1568701989-218809175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-253012040-1568701989-218809175-1000\..\URLSearchHook: - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-253012040-1568701989-218809175-1000\S-1-5-21-253012040-1568701989-218809175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="

FF - prefs.js..browser.search.selectedEngine: "Winamp Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/09/06 21:09:21 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/12/18 14:19:07 | 00,000,000 | ---D | M]

 

[2008/12/19 22:14:14 | 00,000,000 | ---D | M] -- C:\Users\violet\AppData\Roaming\Mozilla\Extensions

[2009/09/20 02:51:27 | 00,000,000 | ---D | M] -- C:\Users\violet\AppData\Roaming\Mozilla\Firefox\Profiles\3771b185.default\extensions

[2009/09/16 19:00:43 | 00,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\violet\AppData\Roaming\Mozilla\Firefox\Profiles\3771b185.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2009/09/16 19:10:44 | 00,000,944 | ---- | M] () -- C:\Users\violet\AppData\Roaming\Mozilla\Firefox\Profiles\3771b185.default\searchplugins\icqplugin.xml

[2008/12/12 20:23:54 | 00,002,158 | ---- | M] () -- C:\Users\violet\AppData\Roaming\Mozilla\Firefox\Profiles\3771b185.default\searchplugins\MySpace.xml

[2009/09/16 19:01:14 | 00,001,196 | ---- | M] () -- C:\Users\violet\AppData\Roaming\Mozilla\Firefox\Profiles\3771b185.default\searchplugins\winamp-search.xml

[2009/07/16 12:36:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/07/16 12:36:12 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

 

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iFXSPMGT] C:\Windows\System32\IFXSPMGT.exe (Infineon Technologies AG)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [RestartNeroSetup] E:\Installation\Setupx.exe File not found

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - HKLM..\Run: [WinampAgent] D:\install\Winamp\winampa.exe ()

O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()

O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-253012040-1568701989-218809175-1000..\Run: [] File not found

O4 - HKU\S-1-5-21-253012040-1568701989-218809175-1000..\Run: [Google Update] C:\Users\violet\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKU\S-1-5-21-253012040-1568701989-218809175-1000..\Run: [iCQ] C:\Program Files\ICQ6\ICQ.exe File not found

O4 - HKU\S-1-5-21-253012040-1568701989-218809175-1000..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKU\S-1-5-21-253012040-1568701989-218809175-1000..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-253012040-1568701989-218809175-1000..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - Startup: C:\Users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmistrk.exe (System Driver Corp)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-253012040-1568701989-218809175-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229602741776&h=8fc7d3a917471b984c0eb28d54bfbe81/&filename=jinstall-6u11-windows-i586-jc.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 212.39.90.43

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8b853e3a-7d11-11dd-9d57-0018f3b950e7}\Shell\1\Command - "" = F:\RECYCLER\RECYCLER\autorun.exe -- File not found

O33 - MountPoints2\{8b853e3a-7d11-11dd-9d57-0018f3b950e7}\Shell\2\Command - "" = F:\RECYCLER\RECYCLER\autorun.exe -- File not found

O33 - MountPoints2\{a5190015-d07a-11de-83da-0018f3b950e7}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found

O33 - MountPoints2\{a5190015-d07a-11de-83da-0018f3b950e7}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found

O33 - MountPoints2\{a5190015-d07a-11de-83da-0018f3b950e7}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found

O33 - MountPoints2\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found

O33 - MountPoints2\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found

O33 - MountPoints2\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/01/03 17:47:20 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\violet\Desktop\vil.exe

[2009/12/29 02:48:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype

[2009/12/29 02:37:37 | 00,000,000 | ---D | C] -- C:\Users\violet\AppData\Roaming\Malwarebytes

[2009/12/29 02:37:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/12/29 02:37:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/12/29 02:37:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/12/29 02:37:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/12/29 02:27:36 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys

[2009/12/29 02:27:25 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2009/12/29 02:13:50 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/12/28 21:42:54 | 00,000,000 | ---D | C] -- C:\Users\violet\AppData\Local\Symantec

[2009/12/28 21:40:52 | 00,109,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2009/12/28 21:36:53 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec

[2009/12/28 21:36:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2009/12/28 21:36:26 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus

[2009/12/28 21:36:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec

[2009/12/28 16:29:12 | 00,212,992 | ---- | C] (System Driver Corp) -- C:\Users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmistrk.exe

[2009/12/23 10:12:37 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009/12/19 18:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\Progetto Italiano 1

[2009/12/17 17:15:12 | 00,565,248 | ---- | C] (.) -- C:\Users\violet\Desktop\SkypeLauncher.exe

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/01/03 17:49:34 | 04,718,592 | -HS- | M] () -- C:\Users\violet\NTUSER.DAT

[2010/01/03 17:47:27 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\violet\Desktop\vil.exe

[2010/01/03 17:09:43 | 00,002,337 | ---- | M] () -- C:\Users\violet\Desktop\Skype.lnk

[2010/01/03 17:07:04 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-253012040-1568701989-218809175-1000UA.job

[2010/01/03 16:51:32 | 00,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/01/03 16:51:31 | 00,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/01/03 15:08:27 | 00,000,722 | ---- | M] () -- C:\Users\violet\Desktop\Avilon - Shortcut.lnk

[2010/01/03 14:53:53 | 00,071,168 | -H-- | M] () -- C:\Users\violet\secupdat.dat

[2010/01/03 14:51:53 | 00,370,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/01/03 14:51:33 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/01/03 14:51:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/01/03 14:50:35 | 10,729,79968 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/29 08:26:50 | 00,524,288 | -HS- | M] () -- C:\Users\violet\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms

[2009/12/29 08:26:50 | 00,065,536 | -HS- | M] () -- C:\Users\violet\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf

[2009/12/29 08:26:23 | 00,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2009/12/29 08:25:39 | 03,003,387 | -H-- | M] () -- C:\Users\violet\AppData\Local\IconCache.db

[2009/12/28 23:12:21 | 00,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys

[2009/12/28 21:41:17 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2009/12/28 21:41:17 | 00,008,014 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2009/12/28 21:41:17 | 00,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2009/12/28 20:07:01 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-253012040-1568701989-218809175-1000Core.job

[2009/12/27 16:55:50 | 00,212,992 | ---- | M] (System Driver Corp) -- C:\Users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmistrk.exe

[2009/12/25 22:02:03 | 00,073,216 | ---- | M] () -- C:\Users\violet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/25 20:09:36 | 00,002,587 | ---- | M] () -- C:\Users\violet\Desktop\Microsoft Office Word 2007.lnk

[2009/12/23 10:10:03 | 00,000,252 | ---- | M] () -- C:\Windows\win.ini

[2009/12/19 19:04:10 | 00,000,020 | ---- | M] () -- C:\info2.rtf

[2009/12/19 19:04:10 | 00,000,017 | ---- | M] () -- C:\info.rtf

[2009/12/19 19:03:36 | 00,143,185 | ---- | M] () -- C:\UpdatedResults.cst

[2009/12/18 15:03:30 | 00,002,545 | ---- | M] () -- C:\Users\violet\Desktop\Microsoft Office Excel 2007.lnk

[2009/12/17 17:15:20 | 00,565,248 | ---- | M] (.) -- C:\Users\violet\Desktop\SkypeLauncher.exe

[2009/12/17 16:08:17 | 00,002,047 | ---- | M] () -- C:\Users\violet\Desktop\Google Chrome.lnk

[2009/12/14 14:10:09 | 00,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/12/14 14:10:09 | 00,634,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/12/14 14:10:09 | 00,117,244 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/12/04 18:01:16 | 03,827,539 | ---- | M] () -- C:\Users\violet\Desktop\IMG_2128.JPG

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/01/03 15:08:27 | 00,000,722 | ---- | C] () -- C:\Users\violet\Desktop\Avilon - Shortcut.lnk

[2009/12/29 02:50:43 | 00,002,337 | ---- | C] () -- C:\Users\violet\Desktop\Skype.lnk

[2009/12/28 21:40:52 | 00,008,014 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2009/12/28 21:40:52 | 00,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2009/12/28 16:29:18 | 00,071,168 | -H-- | C] () -- C:\Users\violet\secupdat.dat

[2009/12/19 19:04:10 | 00,000,020 | ---- | C] () -- C:\info2.rtf

[2009/12/19 19:04:10 | 00,000,017 | ---- | C] () -- C:\info.rtf

[2009/12/19 19:03:36 | 00,143,185 | ---- | C] () -- C:\UpdatedResults.cst

[2009/12/04 17:57:37 | 03,827,539 | ---- | C] () -- C:\Users\violet\Desktop\IMG_2128.JPG

[2009/11/20 19:47:45 | 00,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys

[2009/08/27 01:39:44 | 00,001,065 | ---- | C] () -- C:\Windows\winamp.ini

[2009/08/27 01:39:43 | 00,088,064 | ---- | C] () -- C:\Windows\System32\AudioExCtl.dll

[2008/11/12 09:54:46 | 00,000,094 | ---- | C] () -- C:\Users\violet\AppData\Local\fusioncache.dat

[2008/09/07 04:21:49 | 00,000,680 | ---- | C] () -- C:\Users\violet\AppData\Local\d3d9caps.dat

[2008/09/06 21:02:14 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/09/06 20:20:41 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2008/09/06 20:10:42 | 00,073,216 | ---- | C] () -- C:\Users\violet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/13 05:36:38 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2008/04/12 16:41:20 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2008/04/12 16:30:20 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2008/01/21 04:23:41 | 00,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en

[2007/02/06 05:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2006/12/21 04:41:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 14:34:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2002/09/27 07:41:54 | 00,003,874 | ---- | C] () -- C:\Windows\System32\TRANSBLT.DLL

 

========== LOP Check ==========

 

[2008/10/03 06:27:10 | 00,000,000 | ---D | M] -- C:\Users\violet\AppData\Roaming\FairStars Audio Converter

[2009/07/16 12:40:34 | 00,000,000 | ---D | M] -- C:\Users\violet\AppData\Roaming\ICQ

[2008/09/07 04:45:00 | 00,000,000 | ---D | M] -- C:\Users\violet\AppData\Roaming\Infineon

[2008/11/05 18:21:51 | 00,000,000 | ---D | M] -- C:\Users\violet\AppData\Roaming\IrfanView

[2008/09/06 18:58:31 | 00,000,000 | ---D | M] -- C:\Users\violet\AppData\Roaming\Opera

[2009/12/29 03:21:27 | 00,000,000 | ---D | M] -- C:\Users\violet\AppData\Roaming\uTorrent

[2009/12/29 08:26:28 | 00,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 551105 bytes -> C:\Users\violet\AppData\Roaming\desktop.ini:init

< End of report >

 

OTL Extras logfile created on: 1/3/2010 5:48:16 PM - Run 1

OTL by OldTimer - Version 3.1.20.2 Folder = C:\Users\violet\Desktop

Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,023.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 20.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 64.14 Gb Total Space | 14.60 Gb Free Space | 22.76% Space Free | Partition Type: NTFS

Drive D: | 42.76 Gb Total Space | 15.39 Gb Free Space | 36.00% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: VIOLET-ASUS

Current User Name: violet

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-253012040-1568701989-218809175-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Users\violet\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "D:\install\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "D:\install\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "D:\install\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-253012040-1568701989-218809175-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2F61D85B-A361-4CF2-A17B-A6B3893506EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{010D4EFD-203C-4BE5-9224-E9C2084CEE8A}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |

"{1B785403-2220-49B6-88B6-2DECC41A70AF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{37F72397-49D0-4711-B094-C7277592E14A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{39FC2631-EB9B-4B1F-AA2F-05712F71DB33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{3BE95489-AF04-4185-AF52-A93048F73BB7}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |

"{44C9EFFA-636C-443E-8007-C9F63B5580DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{8AAAAF68-018B-4FB4-9689-D43364296096}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |

"{8F281EF3-83B1-4B6C-9DD0-53D63FDECBE0}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |

"{9D7802FC-86E9-4D08-9A85-DB76E8E9C992}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |

"{B231CD7D-2AA1-4740-B452-CC98879CBA52}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CABF6E3C-D463-44BB-89DE-B03DF7EC7377}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DF53EA8D-8F59-418E-A7C8-0D6A522F8A43}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"TCP Query User{131B9883-9C2D-4FD4-89B5-4643D2F9BAE5}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |

"TCP Query User{3B8A57CF-A2FB-4DD9-808C-946E4ABDB7E1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |

"TCP Query User{7DD4CC70-A8DE-41DC-91D6-FB87031F09AB}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{CC27F37D-8F5D-47D0-B6A2-EF00017A633E}C:\program files\macmillan\the business\intermediate\data\fscommand\flashex.exe" = protocol=6 | dir=in | app=c:\program files\macmillan\the business\intermediate\data\fscommand\flashex.exe |

"UDP Query User{242E00AB-EDAE-4680-9078-DDB7478A1BB2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |

"UDP Query User{71EBD097-8A18-4C79-9D1E-14B6073F92E3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

"UDP Query User{8E4285BE-CAB2-4FBE-B20F-DE5EE39FD0C8}C:\program files\macmillan\the business\intermediate\data\fscommand\flashex.exe" = protocol=17 | dir=in | app=c:\program files\macmillan\the business\intermediate\data\fscommand\flashex.exe |

"UDP Query User{999C4FDA-E5F3-4477-A079-BDE4E69F6188}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{147349F4-7B2D-4C92-86E8-6BD78BBD4F7B}" = Branding

"{1588FCDE-E779-AA74-BF76-64C8037C5C9F}" = ccc-core-static

"{197DB408-5876-CEB2-4307-492BAD8DA254}" = Catalyst Control Center Graphics Full New

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{4235739E-810D-4AAD-A69C-AF36E095D05F}" = The Business Intermediate

"{465DC07E-3390-401A-A190-6078D73AB4C6}" = CorelDRAW Graphics Suite 12

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{547D4265-AF45-42E9-A62A-C58182AA35B9}" = Sentinel Protection Installer 7.0.0

"{57BA3105-8E44-45BD-BB3A-F0BD5EA0575B}" = Bulgarian (Phonetic) by Iliya Dankov

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5E9F6451-26A9-4043-A24E-13711435CC81}" = Infineon TPM Professional Package

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{6C381DB2-32D8-31BF-9CDF-BDF954A62692}" = Skins

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73321F78-1DE8-F60C-2882-3595D0FD2709}" = Catalyst Control Center Graphics Previews Common

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{8A8C4EAC-9AB7-45FA-9480-5716FD261033}" = Nero 7 Essentials

"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9C5DA287-D34A-C1C0-05A0-151E38E8EE62}" = ccc-utility

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{B18D166F-6E14-45EA-A909-07DBFE15089D}" = TRADOS 7 Freelance

"{B7570B18-C437-1C02-54DA-806608D306FB}" = Catalyst Control Center Core Implementation

"{BD65CAC7-6D63-4D56-BED0-B610281256DF}" = CorelDRAW Graphics Suite 12 Setup Files

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1

"{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52

"{E51F3CCD-B4AD-87B1-13AE-A8466D595E13}" = Catalyst Control Center Graphics Light

"{E52A48FB-1422-21E3-24DF-A6702202DB02}" = Catalyst Control Center Graphics Previews Vista

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package

"{FA244D38-0FED-9304-EE5D-567C5BF7ED32}" = Catalyst Control Center Graphics Full Existing

"{FE4EBAAB-E02A-455E-A814-3B5881885030}_is1" = Mobile Ringtone Converter 2.3.142

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"BSPlayer1" = BSPlayer

"CES 4.1" = CES 4.1

"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FairStars Audio Converter_is1" = FairStars Audio Converter 1.60

"GNU Octave" = GNU Octave 3.0.1

"Google Desktop" = Google Desktop

"InstallShield_{4235739E-810D-4AAD-A69C-AF36E095D05F}" = The Business Intermediate

"IrfanView" = IrfanView (remove only)

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Marlins Test" = Marlins Test

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MJuiceWinamp" = Mjuice Components

"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)

"MySpaceIM" = MySpaceIM

"Nero8Lite_is1" = Nero 8 Lite

"PDF Password Remover v2.1_is1" = PDF Password Remover v2.1

"Picasa 3" = Picasa 3

"Polyglot 3000_is1" = Polyglot 3000 (Version 3.28)

"Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter, (ver 5.0)

"Progetto Italiano 1_is1" = Progetto Italiano 1

"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam

"VDJ50_is1" = Virtual Dj Studio 5.0

"VeryPDF PDF Editor v2.2_is1" = VeryPDF PDF Editor v2.2

"Winamp" = Winamp

"WinRAR archiver" = WinRAR archiver

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-253012040-1568701989-218809175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"uTorrent" = µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12/28/2009 4:42:47 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: Downloader in File: C:\Users\violet\AppData\Local\VirtualStore\Windows\System32\winyom32.rom

by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:

The file was left unchanged.

 

Error - 12/28/2009 4:42:50 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Downloader in File: C:\Users\violet\AppData\Local\VirtualStore\Windows\System32\winyom32.rom

by: Manual scan. Action: Cleaned by Deletion. Action Description:

 

Error - 12/28/2009 4:43:30 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: Trojan.ByteVerify in File: C:\Users\violet\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\685dbf6d-676eada4

by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:

The file was left unchanged.

 

Error - 12/28/2009 4:43:31 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Trojan.ByteVerify in File: C:\Users\violet\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\685dbf6d-676eada4

by: Manual scan. Action: Cleaned by Deletion. Action Description:

 

Error - 12/28/2009 5:36:04 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: Spyware.Marketscore in File: D:\codecs_vista\alldivx_codecs\avz4\Quarantine\2008-04-07\avz00001.dta

by: Manual scan. Action: Quarantine failed. Action Description: The file was

left unchanged.

 

Error - 12/28/2009 5:36:14 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Spyware.Marketscore in File: D:\codecs_vista\alldivx_codecs\avz4\Quarantine\2008-04-07\avz00001.dta

by: Manual scan. Action: Quarantine succeeded. Action Description: The file was

quarantined successfully.

 

Error - 12/28/2009 5:37:15 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: Trojan Horse in File: D:\install\bsplayer

pro 2.12 build 941\keygen.exe by: Manual scan. Action: Clean failed : Quarantine

failed. Action Description: The file was left unchanged.

 

Error - 12/28/2009 5:37:27 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Trojan Horse in File: D:\install\bsplayer

pro 2.12 build 941\keygen.exe by: Manual scan. Action: Quarantine succeeded.

Action Description: The file was quarantined successfully.

 

Error - 12/28/2009 6:01:15 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711685

Description = Risk: in File: Internet browser temporary file cache by: Manual scan.

Action: Clean failed : Quarantine failed. Action Description: The file was deleted

successfully. Risk Found!Risk: Spyware.Marketscore in File: d:\codecs_vista\alldivx_codecs\avz4\quarantine\2008-04-07\avz00001.dta

by: Manual scan. Action: Quarantine succeeded. Action Description: The file was

quarantined successfully. Risk: in File: Internet browser temporary file cache

by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description:

The file was deleted successfully. Risk Found!Risk: Trojan Horse in File: d:\install\bsplayer

pro 2.12 build 941\keygen.exe by: Manual scan. Action: Quarantine succeeded.

Action Description: The file was quarantined successfully. Risk: in File: Internet

browser temporary file cache by: Manual scan. Action: Clean failed : Quarantine

failed. Action Description: The file was deleted successfully.

 

Error - 12/29/2009 1:34:13 AM | Computer Name = violet-asus | Source = WinMgmt | ID = 10

Description =

 

[ System Events ]

Error - 12/28/2009 3:03:19 PM | Computer Name = violet-asus | Source = HTTP | ID = 15016

Description =

 

Error - 12/28/2009 3:46:18 PM | Computer Name = violet-asus | Source = Service Control Manager | ID = 7031

Description =

 

Error - 12/28/2009 5:00:20 PM | Computer Name = violet-asus | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.3 for the Network Card with network

address 0018DE731119 has been denied by the DHCP server 192.168.1.2 (The DHCP Server

sent a DHCPNACK message).

 

Error - 12/28/2009 5:00:44 PM | Computer Name = violet-asus | Source = Server | ID = 2505

Description = The server could not bind to the transport \Device\NetBT_Tcpip_{4B8B28B5-A52F-42D5-990D-EE72772B1A17}

because another computer on the network has the same name. The server could not

start.

 

Error - 12/28/2009 9:21:19 PM | Computer Name = violet-asus | Source = DCOM | ID = 10010

Description =

 

Error - 12/29/2009 1:33:46 AM | Computer Name = violet-asus | Source = HTTP | ID = 15016

Description =

 

Error - 12/29/2009 2:25:49 AM | Computer Name = violet-asus | Source = DCOM | ID = 10010

Description =

 

Error - 1/3/2010 8:51:36 AM | Computer Name = violet-asus | Source = HTTP | ID = 15016

Description =

 

Error - 1/3/2010 8:52:45 AM | Computer Name = violet-asus | Source = Service Control Manager | ID = 7009

Description =

 

Error - 1/3/2010 8:52:45 AM | Computer Name = violet-asus | Source = Service Control Manager | ID = 7000

Description =

 

 

< End of report >

 

OTL Extras logfile created on: 1/3/2010 5:48:16 PM - Run 1

OTL by OldTimer - Version 3.1.20.2 Folder = C:\Users\violet\Desktop

Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,023.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 20.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 64.14 Gb Total Space | 14.60 Gb Free Space | 22.76% Space Free | Partition Type: NTFS

Drive D: | 42.76 Gb Total Space | 15.39 Gb Free Space | 36.00% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: VIOLET-ASUS

Current User Name: violet

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-253012040-1568701989-218809175-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Users\violet\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "D:\install\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "D:\install\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "D:\install\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-253012040-1568701989-218809175-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2F61D85B-A361-4CF2-A17B-A6B3893506EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{010D4EFD-203C-4BE5-9224-E9C2084CEE8A}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |

"{1B785403-2220-49B6-88B6-2DECC41A70AF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{37F72397-49D0-4711-B094-C7277592E14A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{39FC2631-EB9B-4B1F-AA2F-05712F71DB33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{3BE95489-AF04-4185-AF52-A93048F73BB7}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |

"{44C9EFFA-636C-443E-8007-C9F63B5580DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{8AAAAF68-018B-4FB4-9689-D43364296096}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |

"{8F281EF3-83B1-4B6C-9DD0-53D63FDECBE0}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |

"{9D7802FC-86E9-4D08-9A85-DB76E8E9C992}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |

"{B231CD7D-2AA1-4740-B452-CC98879CBA52}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CABF6E3C-D463-44BB-89DE-B03DF7EC7377}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DF53EA8D-8F59-418E-A7C8-0D6A522F8A43}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"TCP Query User{131B9883-9C2D-4FD4-89B5-4643D2F9BAE5}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |

"TCP Query User{3B8A57CF-A2FB-4DD9-808C-946E4ABDB7E1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |

"TCP Query User{7DD4CC70-A8DE-41DC-91D6-FB87031F09AB}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{CC27F37D-8F5D-47D0-B6A2-EF00017A633E}C:\program files\macmillan\the business\intermediate\data\fscommand\flashex.exe" = protocol=6 | dir=in | app=c:\program files\macmillan\the business\intermediate\data\fscommand\flashex.exe |

"UDP Query User{242E00AB-EDAE-4680-9078-DDB7478A1BB2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |

"UDP Query User{71EBD097-8A18-4C79-9D1E-14B6073F92E3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

"UDP Query User{8E4285BE-CAB2-4FBE-B20F-DE5EE39FD0C8}C:\program files\macmillan\the business\intermediate\data\fscommand\flashex.exe" = protocol=17 | dir=in | app=c:\program files\macmillan\the business\intermediate\data\fscommand\flashex.exe |

"UDP Query User{999C4FDA-E5F3-4477-A079-BDE4E69F6188}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{147349F4-7B2D-4C92-86E8-6BD78BBD4F7B}" = Branding

"{1588FCDE-E779-AA74-BF76-64C8037C5C9F}" = ccc-core-static

"{197DB408-5876-CEB2-4307-492BAD8DA254}" = Catalyst Control Center Graphics Full New

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{4235739E-810D-4AAD-A69C-AF36E095D05F}" = The Business Intermediate

"{465DC07E-3390-401A-A190-6078D73AB4C6}" = CorelDRAW Graphics Suite 12

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{547D4265-AF45-42E9-A62A-C58182AA35B9}" = Sentinel Protection Installer 7.0.0

"{57BA3105-8E44-45BD-BB3A-F0BD5EA0575B}" = Bulgarian (Phonetic) by Iliya Dankov

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5E9F6451-26A9-4043-A24E-13711435CC81}" = Infineon TPM Professional Package

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{6C381DB2-32D8-31BF-9CDF-BDF954A62692}" = Skins

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73321F78-1DE8-F60C-2882-3595D0FD2709}" = Catalyst Control Center Graphics Previews Common

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{8A8C4EAC-9AB7-45FA-9480-5716FD261033}" = Nero 7 Essentials

"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9C5DA287-D34A-C1C0-05A0-151E38E8EE62}" = ccc-utility

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{B18D166F-6E14-45EA-A909-07DBFE15089D}" = TRADOS 7 Freelance

"{B7570B18-C437-1C02-54DA-806608D306FB}" = Catalyst Control Center Core Implementation

"{BD65CAC7-6D63-4D56-BED0-B610281256DF}" = CorelDRAW Graphics Suite 12 Setup Files

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1

"{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52

"{E51F3CCD-B4AD-87B1-13AE-A8466D595E13}" = Catalyst Control Center Graphics Light

"{E52A48FB-1422-21E3-24DF-A6702202DB02}" = Catalyst Control Center Graphics Previews Vista

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package

"{FA244D38-0FED-9304-EE5D-567C5BF7ED32}" = Catalyst Control Center Graphics Full Existing

"{FE4EBAAB-E02A-455E-A814-3B5881885030}_is1" = Mobile Ringtone Converter 2.3.142

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"BSPlayer1" = BSPlayer

"CES 4.1" = CES 4.1

"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FairStars Audio Converter_is1" = FairStars Audio Converter 1.60

"GNU Octave" = GNU Octave 3.0.1

"Google Desktop" = Google Desktop

"InstallShield_{4235739E-810D-4AAD-A69C-AF36E095D05F}" = The Business Intermediate

"IrfanView" = IrfanView (remove only)

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Marlins Test" = Marlins Test

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MJuiceWinamp" = Mjuice Components

"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)

"MySpaceIM" = MySpaceIM

"Nero8Lite_is1" = Nero 8 Lite

"PDF Password Remover v2.1_is1" = PDF Password Remover v2.1

"Picasa 3" = Picasa 3

"Polyglot 3000_is1" = Polyglot 3000 (Version 3.28)

"Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter, (ver 5.0)

"Progetto Italiano 1_is1" = Progetto Italiano 1

"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam

"VDJ50_is1" = Virtual Dj Studio 5.0

"VeryPDF PDF Editor v2.2_is1" = VeryPDF PDF Editor v2.2

"Winamp" = Winamp

"WinRAR archiver" = WinRAR archiver

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-253012040-1568701989-218809175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"uTorrent" = µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12/28/2009 4:42:47 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: Downloader in File: C:\Users\violet\AppData\Local\VirtualStore\Windows\System32\winyom32.rom

by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:

The file was left unchanged.

 

Error - 12/28/2009 4:42:50 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Downloader in File: C:\Users\violet\AppData\Local\VirtualStore\Windows\System32\winyom32.rom

by: Manual scan. Action: Cleaned by Deletion. Action Description:

 

Error - 12/28/2009 4:43:30 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: Trojan.ByteVerify in File: C:\Users\violet\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\685dbf6d-676eada4

by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:

The file was left unchanged.

 

Error - 12/28/2009 4:43:31 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Trojan.ByteVerify in File: C:\Users\violet\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\685dbf6d-676eada4

by: Manual scan. Action: Cleaned by Deletion. Action Description:

 

Error - 12/28/2009 5:36:04 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: Spyware.Marketscore in File: D:\codecs_vista\alldivx_codecs\avz4\Quarantine\2008-04-07\avz00001.dta

by: Manual scan. Action: Quarantine failed. Action Description: The file was

left unchanged.

 

Error - 12/28/2009 5:36:14 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Spyware.Marketscore in File: D:\codecs_vista\alldivx_codecs\avz4\Quarantine\2008-04-07\avz00001.dta

by: Manual scan. Action: Quarantine succeeded. Action Description: The file was

quarantined successfully.

 

Error - 12/28/2009 5:37:15 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: Trojan Horse in File: D:\install\bsplayer

pro 2.12 build 941\keygen.exe by: Manual scan. Action: Clean failed : Quarantine

failed. Action Description: The file was left unchanged.

 

Error - 12/28/2009 5:37:27 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Trojan Horse in File: D:\install\bsplayer

pro 2.12 build 941\keygen.exe by: Manual scan. Action: Quarantine succeeded.

Action Description: The file was quarantined successfully.

 

Error - 12/28/2009 6:01:15 PM | Computer Name = violet-asus | Source = Symantec AntiVirus | ID = 16711685

Description = Risk: in File: Internet browser temporary file cache by: Manual scan.

Action: Clean failed : Quarantine failed. Action Description: The file was deleted

successfully. Risk Found!Risk: Spyware.Marketscore in File: d:\codecs_vista\alldivx_codecs\avz4\quarantine\2008-04-07\avz00001.dta

by: Manual scan. Action: Quarantine succeeded. Action Description: The file was

quarantined successfully. Risk: in File: Internet browser temporary file cache

by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description:

The file was deleted successfully. Risk Found!Risk: Trojan Horse in File: d:\install\bsplayer

pro 2.12 build 941\keygen.exe by: Manual scan. Action: Quarantine succeeded.

Action Description: The file was quarantined successfully. Risk: in File: Internet

browser temporary file cache by: Manual scan. Action: Clean failed : Quarantine

failed. Action Description: The file was deleted successfully.

 

Error - 12/29/2009 1:34:13 AM | Computer Name = violet-asus | Source = WinMgmt | ID = 10

Description =

 

[ System Events ]

Error - 12/28/2009 3:03:19 PM | Computer Name = violet-asus | Source = HTTP | ID = 15016

Description =

 

Error - 12/28/2009 3:46:18 PM | Computer Name = violet-asus | Source = Service Control Manager | ID = 7031

Description =

 

Error - 12/28/2009 5:00:20 PM | Computer Name = violet-asus | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.3 for the Network Card with network

address 0018DE731119 has been denied by the DHCP server 192.168.1.2 (The DHCP Server

sent a DHCPNACK message).

 

Error - 12/28/2009 5:00:44 PM | Computer Name = violet-asus | Source = Server | ID = 2505

Description = The server could not bind to the transport \Device\NetBT_Tcpip_{4B8B28B5-A52F-42D5-990D-EE72772B1A17}

because another computer on the network has the same name. The server could not

start.

 

Error - 12/28/2009 9:21:19 PM | Computer Name = violet-asus | Source = DCOM | ID = 10010

Description =

 

Error - 12/29/2009 1:33:46 AM | Computer Name = violet-asus | Source = HTTP | ID = 15016

Description =

 

Error - 12/29/2009 2:25:49 AM | Computer Name = violet-asus | Source = DCOM | ID = 10010

Description =

 

Error - 1/3/2010 8:51:36 AM | Computer Name = violet-asus | Source = HTTP | ID = 15016

Description =

 

Error - 1/3/2010 8:52:45 AM | Computer Name = violet-asus | Source = Service Control Manager | ID = 7009

Description =

 

Error - 1/3/2010 8:52:45 AM | Computer Name = violet-asus | Source = Service Control Manager | ID = 7000

Description =

 

 

< End of report >

[B-boy/StyLe/]

СТЪПКА 1

 

Стартирайте OTL.exe и copy/paste под колонката "Custom Scans/Fixes" въведете това:

 

:OTL

IE - HKU\S-1-5-21-253012040-1568701989-218809175-1000\..\URLSearchHook: - Reg Error: Key error. File not found

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O4 - HKLM..\Run: [RestartNeroSetup] E:\Installation\Setupx.exe File not found

O4 - HKU\S-1-5-21-253012040-1568701989-218809175-1000..\Run: [] File not found

O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8b853e3a-7d11-11dd-9d57-0018f3b950e7}\Shell\1\Command - "" = F:\RECYCLER\RECYCLER\autorun.exe -- File not found

O33 - MountPoints2\{8b853e3a-7d11-11dd-9d57-0018f3b950e7}\Shell\2\Command - "" = F:\RECYCLER\RECYCLER\autorun.exe -- File not found

O33 - MountPoints2\{a5190015-d07a-11de-83da-0018f3b950e7}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found

O33 - MountPoints2\{a5190015-d07a-11de-83da-0018f3b950e7}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found

O33 - MountPoints2\{a5190015-d07a-11de-83da-0018f3b950e7}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found

O33 - MountPoints2\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found

O33 - MountPoints2\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found

O33 - MountPoints2\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found

[2009/12/29 02:13:50 | 00,000,000 | ---D | C] -- C:\Qoobox

@Alternate Data Stream - 551105 bytes -> C:\Users\violet\AppData\Roaming\desktop.ini:init

:files

C:\Users\violet\secupdat.dat

C:\Windows\System32\*.tmp

:Commands

[purity]

[emptytemp]

[resethosts]

[Reboot]

 

Натиснете бутона Run Fix

 

Ще се създаде лог файл. Копирайте го в следващия си пост.

 

СТЪПКА 2

 

Не ми харесва наличието на този файл:

 

C:\Users\violet\secupdat.dat

 

Затова, изтеглете Malwarebytes' Anti-Malware от тук

 

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

 

• * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
  * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
  * Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan.
  * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
  * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
  * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
  * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.
  

 

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

[vil]

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-253012040-1568701989-218809175-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RestartNeroSetup not found.

Registry value HKEY_USERS\S-1-5-21-253012040-1568701989-218809175-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

File C:\autoexec.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b853e3a-7d11-11dd-9d57-0018f3b950e7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b853e3a-7d11-11dd-9d57-0018f3b950e7}\ not found.

File F:\RECYCLER\RECYCLER\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b853e3a-7d11-11dd-9d57-0018f3b950e7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b853e3a-7d11-11dd-9d57-0018f3b950e7}\ not found.

File F:\RECYCLER\RECYCLER\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5190015-d07a-11de-83da-0018f3b950e7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5190015-d07a-11de-83da-0018f3b950e7}\ not found.

File F:\EXPLORER.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5190015-d07a-11de-83da-0018f3b950e7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5190015-d07a-11de-83da-0018f3b950e7}\ not found.

File F:\EXPLORER.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5190015-d07a-11de-83da-0018f3b950e7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5190015-d07a-11de-83da-0018f3b950e7}\ not found.

File F:\EXPLORER.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\ not found.

File F:\EXPLORER.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\ not found.

File F:\EXPLORER.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9265cdb-8999-11dd-95bd-0018f3b950e7}\ not found.

File F:\EXPLORER.EXE not found.

Folder C:\Qoobox\ not found.

Unable to delete ADS C:\Users\violet\AppData\Roaming\desktop.ini:init .

========== FILES ==========

File\Folder C:\Users\violet\secupdat.dat not found.

File\Folder C:\Windows\System32\*.tmp not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: violet

->Temp folder emptied: 371715 bytes

->Temporary Internet Files folder emptied: 1348829 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 6257685 bytes

->Opera cache emptied: 2786051 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 125479504 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 513536 bytes

 

Total Files Cleaned = 130.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.1.20.2 log created on 01032010_201118

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

Не ми позволява да сканирам с Malwarebytes' Anti-Malware, дори и след като я преименувам. :((( Изтегля се, но в момента в който почвам да сканирам спира процеса и изчезва програмата. :(

[B-boy/StyLe/]

Да, имате от другата разновидност Скайп вируси, които са по-трудни за премахване.

 

За всеки случай направете бекъп на важните неща и преместете всичко ценно от дял C:\ на друг дял преди да продължите.

 

Сега вече:

 

*. Временно спрете защитата на антивирусната си програма в реално време!.

 

*. Изтеглете Combofix.

 

*. Запазете го на десктопа.

 

*. Преименувайте файла на vil.exe

 

*. Стартирайте го с двукратен клик на мишката.

 

*. По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

 

*. Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

[vil]

ComboFix 10-01-02.05 - violet 01/03/2010 20:52:36.1.2 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1023.158 [GMT 2:00]

Running from: c:\users\violet\Desktop\vilito.exe

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\violet\secupdat.dat

 

.

((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))

.

 

2010-01-03 19:01 . 2010-01-03 19:01 -------- d-----w- c:\users\violet\AppData\Local\temp

2010-01-03 19:01 . 2010-01-03 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-03 17:55 . 2010-01-03 17:55 -------- d-----w- C:\_OTL

2009-12-29 00:48 . 2009-12-29 00:48 -------- d-----w- c:\programdata\Skype

2009-12-29 00:37 . 2009-12-29 00:37 -------- d-----w- c:\users\violet\AppData\Roaming\Malwarebytes

2009-12-29 00:37 . 2009-12-30 12:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-29 00:37 . 2009-12-30 12:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-29 00:37 . 2009-12-29 00:37 -------- d-----w- c:\programdata\Malwarebytes

2009-12-29 00:37 . 2010-01-03 18:31 -------- d-----w- c:\program files\virus

2009-12-29 00:27 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-12-29 00:27 . 2009-12-29 00:27 -------- d-----w- c:\program files\Panda Security

2009-12-28 20:04 . 2009-12-14 07:07 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091228.004\NAVENG.SYS

2009-12-28 20:04 . 2009-12-14 07:07 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091228.004\EECTRL.SYS

2009-12-28 20:04 . 2009-12-14 07:07 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091228.004\CCERASER.DLL

2009-12-28 20:04 . 2009-12-14 07:07 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091228.004\ECMSVR32.DLL

2009-12-28 20:04 . 2009-12-14 07:07 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091228.004\NAVENG32.DLL

2009-12-28 20:04 . 2009-12-14 07:07 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091228.004\NAVEX32A.DLL

2009-12-28 20:04 . 2009-12-14 07:07 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091228.004\NAVEX15.SYS

2009-12-28 20:04 . 2009-12-14 07:07 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091228.004\ERASER.SYS

2009-12-28 19:42 . 2009-12-28 19:42 -------- d-----w- c:\users\violet\AppData\Local\Symantec

2009-12-28 19:36 . 2009-12-28 19:42 -------- d-----w- c:\programdata\Symantec

2009-12-28 19:36 . 2009-12-28 19:41 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-12-28 19:36 . 2009-12-28 19:36 -------- d-----w- c:\program files\Symantec AntiVirus

2009-12-28 14:29 . 2009-12-27 14:55 212992 ----a-w- c:\users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmistrk.exe

2009-12-19 16:59 . 2009-12-19 17:03 -------- d-----w- c:\program files\Progetto Italiano 1

2009-12-10 09:14 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-12-10 09:14 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll

2009-12-10 09:14 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys

2009-12-09 11:32 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll

2009-12-09 11:32 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-03 18:17 . 2008-09-06 18:19 -------- d-----w- c:\users\violet\AppData\Roaming\Skype

2010-01-03 18:12 . 2008-09-07 02:15 836 ----a-w- c:\windows\bthservsdp.dat

2009-12-29 01:21 . 2008-09-07 02:51 -------- d-----w- c:\users\violet\AppData\Roaming\uTorrent

2009-12-29 00:48 . 2009-10-11 12:22 -------- d-----r- c:\program files\Skype

2009-12-28 23:21 . 2008-09-06 18:20 -------- d-----w- c:\users\violet\AppData\Roaming\skypePM

2009-12-28 21:12 . 2009-11-20 17:47 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-12-10 09:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-11-20 18:21 . 2008-09-07 02:22 101088 ----a-w- c:\users\violet\AppData\Local\GDIPFONTCACHEV1.DAT

2009-11-20 18:21 . 2009-11-20 18:21 -------- d-----w- c:\users\violet\AppData\Roaming\Corel

2009-11-20 17:53 . 2009-11-20 17:53 -------- d-----w- c:\programdata\InstallShield

2009-11-20 17:50 . 2009-11-20 17:50 -------- d-----w- c:\program files\Common Files\Corel

2009-11-20 17:50 . 2008-09-07 02:39 -------- d-----w- c:\program files\Common Files\InstallShield

2009-11-20 17:50 . 2009-11-20 17:45 -------- d-----w- c:\program files\Corel

2009-11-20 17:45 . 2008-09-07 02:35 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-02 18:42 . 2009-10-03 08:23 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 09:41 . 2009-11-26 01:01 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-27 13:20 . 2009-12-09 11:33 833024 ----a-w- c:\windows\system32\wininet.dll

2009-10-27 13:16 . 2009-12-09 11:33 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-27 10:55 . 2009-12-09 11:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2008-09-06 19:09 . 2008-09-06 19:09 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2008-04-09 23:35 . 2008-04-09 23:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"Google Update"="c:\users\violet\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-02 133104]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]

"IFXSPMGT"="c:\windows\system32\IFXSPMGT.exe" [2006-11-13 661024]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-06 1838592]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]

"WinampAgent"="d:\install\Winamp\winampa.exe" [2009-07-01 37888]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

 

c:\users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

wmistrk.exe [2009-12-27 212992]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Users^violet^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]

path=c:\users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk

backup=c:\windows\pss\CCC.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:21 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-253012040-1568701989-218809175-1000]

"EnableNotificationsRef"=dword:00000001

 

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [12/29/2009 2:27 AM 28552]

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [10/12/2006 2:37 PM 38952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/28/2009 10:04 PM 102448]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [12/29/2009 2:37 AM 38224]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [9/7/2008 4:43 AM 1132544]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - MBAMSWISSARMY

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

Contents of the 'Scheduled Tasks' folder

 

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-253012040-1568701989-218809175-1000Core.job

- c:\users\violet\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-02 21:57]

 

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-253012040-1568701989-218809175-1000UA.job

- c:\users\violet\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-02 21:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\violet\AppData\Roaming\Mozilla\Firefox\Profiles\3771b185.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\users\violet\AppData\Roaming\Mozilla\Firefox\Profiles\3771b185.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Opera\program\plugins\NPAXDLPI.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\users\violet\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-MSSMSGS - winyom32.rom

HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe

ActiveSetup-ccc-core-static - msiexec

AddRemove-GNU Octave - c:\program files\Octave\uninst.exe

AddRemove-Malwarebytes' Anti-Malware_is1 - d:\violet\v\unins000.exe

AddRemove-MJuiceWinamp - c:\program files\Mjuice Media PlayerMJUninst.exe

AddRemove-PDF Password Remover v2.1_is1 - c:\program files\PDF Password Remover v2.1\unins000.exe

AddRemove-Power MP3 Recorder Cutter_is1 - c:\program files\Cooolsoft\unins000.exe

AddRemove-VeryPDF PDF Editor v2.2_is1 - c:\program files\VeryPDF PDF Editor v2.2\unins000.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-03 21:01

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2010-01-03 21:06:46

ComboFix-quarantined-files.txt 2010-01-03 19:06

 

Pre-Run: 16,124,801,024 bytes free

Post-Run: 15,960,457,216 bytes free

 

- - End Of File - - D496CD148909D0110B0AC0F908150413

[B-boy/StyLe/]

Все пак положението не изглежда толкова зле:

 

Отворете Notepad.exe и с copy/paste поставете следната информация:

 

http://forums.softvisia.com/index.php?showtopic=8195&st=45

KILLALL::
Collect::
c:\users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmistrk.exe
Folder::
C:\_OTL

 

Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както на картинката отдолу):

 

http://img517.imageshack.us/img517/8662/cfscript10uc2.gif

 

Публикувайте новия лог файл и опитайте отново да инсталирате Malwarebytes.

[vil]

ComboFix 10-01-02.05 - violet 01/03/2010 22:38:12.3.2 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1023.316 [GMT 2:00]

Running from: c:\users\violet\Desktop\vilito.exe

Command switches used :: c:\users\violet\Desktop\CFScript.txt

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))

.

 

2010-01-03 20:46 . 2010-01-03 20:46 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-01-03 20:46 . 2010-01-03 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-03 20:35 . 2010-01-03 20:35 -------- d-----w- C:\vilito14891v

2010-01-03 19:06 . 2010-01-03 20:48 -------- d-----w- c:\users\violet\AppData\Local\temp

2010-01-03 18:51 . 2010-01-03 19:06 -------- d-----w- C:\vilito

2010-01-03 17:55 . 2010-01-03 17:55 -------- d-----w- C:\_OTL

2009-12-29 00:48 . 2009-12-29 00:48 -------- d-----w- c:\programdata\Skype

2009-12-29 00:37 . 2009-12-29 00:37 -------- d-----w- c:\users\violet\AppData\Roaming\Malwarebytes

2009-12-29 00:37 . 2009-12-30 12:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-29 00:37 . 2009-12-30 12:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-29 00:37 . 2009-12-29 00:37 -------- d-----w- c:\programdata\Malwarebytes

2009-12-29 00:37 . 2010-01-03 18:31 -------- d-----w- c:\program files\virus

2009-12-29 00:27 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-12-29 00:27 . 2009-12-29 00:27 -------- d-----w- c:\program files\Panda Security

2009-12-28 19:42 . 2009-12-28 19:42 -------- d-----w- c:\users\violet\AppData\Local\Symantec

2009-12-28 19:40 . 2009-12-28 19:41 109744 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-12-28 19:36 . 2009-12-28 19:41 -------- d-----w- c:\program files\Symantec

2009-12-28 19:36 . 2009-12-28 19:42 -------- d-----w- c:\programdata\Symantec

2009-12-28 19:36 . 2009-12-28 19:41 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-12-28 19:36 . 2009-12-28 19:36 -------- d-----w- c:\program files\Symantec AntiVirus

2009-12-19 16:59 . 2009-12-19 17:03 -------- d-----w- c:\program files\Progetto Italiano 1

2009-12-10 09:14 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-12-10 09:14 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll

2009-12-10 09:14 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys

2009-12-09 11:32 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll

2009-12-09 11:32 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-03 20:46 . 2008-09-07 02:15 836 ----a-w- c:\windows\bthservsdp.dat

2010-01-03 20:08 . 2008-09-06 18:19 -------- d-----w- c:\users\violet\AppData\Roaming\Skype

2009-12-29 01:21 . 2008-09-07 02:51 -------- d-----w- c:\users\violet\AppData\Roaming\uTorrent

2009-12-29 00:48 . 2009-10-11 12:22 -------- d-----r- c:\program files\Skype

2009-12-28 23:21 . 2008-09-06 18:20 -------- d-----w- c:\users\violet\AppData\Roaming\skypePM

2009-12-28 21:12 . 2009-11-20 17:47 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-12-28 19:41 . 2009-12-28 19:40 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-12-10 09:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-11-20 18:21 . 2008-09-07 02:22 101088 ----a-w- c:\users\violet\AppData\Local\GDIPFONTCACHEV1.DAT

2009-11-20 18:21 . 2009-11-20 18:21 -------- d-----w- c:\users\violet\AppData\Roaming\Corel

2009-11-20 17:53 . 2009-11-20 17:53 -------- d-----w- c:\programdata\InstallShield

2009-11-20 17:50 . 2009-11-20 17:50 -------- d-----w- c:\program files\Common Files\Corel

2009-11-20 17:50 . 2008-09-07 02:39 -------- d-----w- c:\program files\Common Files\InstallShield

2009-11-20 17:50 . 2009-11-20 17:45 -------- d-----w- c:\program files\Corel

2009-11-20 17:45 . 2008-09-07 02:35 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-02 18:42 . 2009-10-03 08:23 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 09:41 . 2009-11-26 01:01 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-27 13:20 . 2009-12-09 11:33 833024 ----a-w- c:\windows\system32\wininet.dll

2009-10-27 13:16 . 2009-12-09 11:33 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-27 10:55 . 2009-12-09 11:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2008-09-06 19:09 . 2008-09-06 19:09 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2008-04-09 23:35 . 2008-04-09 23:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"Google Update"="c:\users\violet\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-02 133104]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]

"IFXSPMGT"="c:\windows\system32\IFXSPMGT.exe" [2006-11-13 661024]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-06 1838592]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]

"WinampAgent"="d:\install\Winamp\winampa.exe" [2009-07-01 37888]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

 

c:\users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

wmistrk.exe [2009-12-27 212992]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Users^violet^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]

path=c:\users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk

backup=c:\windows\pss\CCC.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:21 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-253012040-1568701989-218809175-1000]

"EnableNotificationsRef"=dword:00000001

 

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [12/29/2009 2:27 AM 28552]

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [10/12/2006 2:37 PM 38952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/28/2009 10:04 PM 102448]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [9/7/2008 4:43 AM 1132544]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [12/29/2009 2:37 AM 38224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

Contents of the 'Scheduled Tasks' folder

 

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-253012040-1568701989-218809175-1000Core.job

- c:\users\violet\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-02 21:57]

 

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-253012040-1568701989-218809175-1000UA.job

- c:\users\violet\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-02 21:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\violet\AppData\Roaming\Mozilla\Firefox\Profiles\3771b185.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\users\violet\AppData\Roaming\Mozilla\Firefox\Profiles\3771b185.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Opera\program\plugins\NPAXDLPI.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\users\violet\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

 

**************************************************************************

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATK Hotkey\Hcontrol.exe

c:\program files\ATKOSD2\ATKOSD2.exe

c:\program files\Wireless Console 2\wcourier.exe

c:\program files\ATK Hotkey\ATKOSD.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\windows\system32\IFXTCS.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\IfxPsdSv.exe

c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

c:\windows\System32\StkCSrv.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\conime.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2010-01-03 22:58:50 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-03 20:58

ComboFix2.txt 2010-01-03 19:06

 

Pre-Run: 15,875,747,840 bytes free

Post-Run: 15,829,590,016 bytes free

 

- - End Of File - - EBB58B581865AD8B39E6022F2594F830

 

не се получава с инсталирането на Malwarebytes, пак не мога да сканирам :(

[B-boy/StyLe/]

Поради някаква причина скрипта не е проработил.

Може би причината е, че в NOTEPAD => Format => не сте сложили отметка пред Word Wrap.

 

Добре, да опитаме по друг начин:

 

СТЪПКА 1

 

Изтеглете OTM.exe и го запазете на десктопа.

 

Стартирайте файла http://membres.lycos.fr/wawaseb8/images/help/otico.JPG с двукратен клик на мишката и с copy/paste под колонката "Paste Instructions for Items to be Moved" въведете това:

 

:Processes

explorer.exe

:files

c:\users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmistrk.exe

C:\_OTL

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

 

Натиснете бутона http://billy-oneal.com/forums/Canned%20Speeches/speechimages/otmi3/btnmoveit.png

Ще се създаде лог файл след рестарта на машината.

Публикувайте го в следващия си пост.

[vil]

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

c:\users\violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmistrk.exe moved successfully.

C:\_OTL\MovedFiles\01032010_201118\C_Windows\temp folder moved successfully.

C:\_OTL\MovedFiles\01032010_201118\C_Windows\System32\drivers\etc folder moved successfully.

C:\_OTL\MovedFiles\01032010_201118\C_Windows\System32\drivers folder moved successfully.

C:\_OTL\MovedFiles\01032010_201118\C_Windows\System32 folder moved successfully.

C:\_OTL\MovedFiles\01032010_201118\C_Windows folder moved successfully.

C:\_OTL\MovedFiles\01032010_201118 folder moved successfully.

C:\_OTL\MovedFiles\01032010_195539\C_Windows\System32 folder moved successfully.

C:\_OTL\MovedFiles\01032010_195539\C_Windows folder moved successfully.

C:\_OTL\MovedFiles\01032010_195539\C_Users\violet folder moved successfully.

C:\_OTL\MovedFiles\01032010_195539\C_Users folder moved successfully.

C:\_OTL\MovedFiles\01032010_195539\C_Qoobox\Quarantine\Registry_backups folder moved successfully.

C:\_OTL\MovedFiles\01032010_195539\C_Qoobox\Quarantine folder moved successfully.

C:\_OTL\MovedFiles\01032010_195539\C_Qoobox folder moved successfully.

C:\_OTL\MovedFiles\01032010_195539\C_\Qoobox folder moved successfully.

C:\_OTL\MovedFiles\01032010_195539\C_ folder moved successfully.

C:\_OTL\MovedFiles\01032010_195539 folder moved successfully.

C:\_OTL\MovedFiles folder moved successfully.

C:\_OTL folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: violet

->Temp folder emptied: 994597 bytes

->Temporary Internet Files folder emptied: 5559381 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 15238678 bytes

->Opera cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 1024 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49355 bytes

RecycleBin emptied: 9149309 bytes

 

Total Files Cleaned = 30.00 mb

 

 

OTM by OldTimer - Version 3.1.4.0 log created on 01042010_113256

 

Files moved on Reboot...

File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

[B-boy/StyLe/]

Да не би да сте имали и втори Windows...защото вашия е инсталиран в папка C:\Windows, а гледам доста изтрити неща от папкa => C:\_Windows.

 

Пробвайте отново да инсталирате Malwarebytes, но изтеглете този файл и го поставете в папката C:\Program Files\Malwarebytes' Anti-Malware. Стартирайте го и вижте дали програмата ще стартира този път.

 

Ако не се получи отворете папката C:\Program Files\Malwarebytes' Anti-Malware и преименувайте файла mbam.exe на explorer.exe.

 

Ако отново не се получи, да пробваме със SUPERAntispyware.

 

За SUPERAntiSpyware:

* стартирайте програмата (ако не се стартира и тя, отворете папката C:\Program Files\SUPERAntiSpyware и стартирайте файла RUNSAS.EXE).

* кликнете бутонa Check For Updates

* след това изберете Scan Your Computer

* вляво изберете само дял C:, а вдясно изберете Perform Complete Scan

* кликнете Next и изчакайте да сканира

* кликнете Next, за да се премахнат намерените паразити и след това натиснете Finish.

* публикувайте лог файла, който ще намерите в Preferences => Statistics/Logs => изберете лог файла и натиснете View Log. Копирайте съдържанието му в следващия си пост.

[vil]

Успях да сканирам с Malwarebytes

 

Malwarebytes' Anti-Malware 1.43

Database version: 3491

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

1/4/2010 3:50:27 PM

mbam-log-2010-01-04 (15-50-27).txt

 

Scan type: Quick Scan

Objects scanned: 104274

Time elapsed: 7 minute(s), 12 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Users\violet\secupdat.dat (Worm.Autorun) -> Quarantined and deleted successfully.

 

означава ли това, че вече е премахнат?!?!?!?

[B-boy/StyLe/]

По кой начин проверихте с Malwarebytes ? - Преименувахте ли файлове и правихте ли някои от описаните врътки или се стартира нормално ?

 

Проверете и със SUPERAntispyware, по начина описан от мен в предишния ми пост и публикувайте лог файла.

[vil]

Проверих като свалих файла, посочен от вас, след това програмата тръгна сама.

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/04/2010 at 05:51 PM

 

Application Version : 4.32.1000

 

Core Rules Database Version : 4441

Trace Rules Database Version: 2265

 

Scan type : Complete Scan

Total Scan Time : 01:03:26

 

Memory items scanned : 515

Memory threats detected : 0

Registry items scanned : 8830

Registry threats detected : 0

File items scanned : 40974

File threats detected : 199

 

Adware.Tracking Cookie

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\violet@at.atwola[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\violet@atwola[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\violet@advertising[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\violet@cdn.at.atwola[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\violet@tacoda[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@2o7[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@99counters[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@account-bg[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@account.impulse[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@account.neogen[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ad.biscom[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ad.httpool[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ad.ieurop[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ad.investor[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ad.krasivi[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ad.slashgear[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ad.yieldmanager[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adbrite[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adfarm1.adition[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adopt.euroclick[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adrevolver[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.ad4game[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.back2bg[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.blackboardstudio[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.blitz[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.btv[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.canalblog[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.clicksor[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.contactmusic[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.elmaz[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.fema-bg[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.geek-tools[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.ibox[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.icn[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.kaldata[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.mobilis[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.mucunki[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.my32[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.neg[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.neogen[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.novsport[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.onmedia[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.partystars[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.phonearena[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.pointroll[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.pop[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.predictad[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.prisacom[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.socialreach[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.standartnews[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.torrentreactor[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.tvtv[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.us.e-planning[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.vkushti[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads.warmnetworks[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads1.travel[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads2.phonearena[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ads2.zonastop[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adserver.adreactor[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adserver.adtechus[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adserver.clubf1[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adserver.clubs1[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adserver.fusacapital[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adserver.infobolsa[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adserving.axill[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adtech[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adv.bb-team[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adv.famous[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adv.gamerzhut[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adv.helikon[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adv.mytech[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adv.novinar[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adv.webvariant[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@advertising[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@adviva[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@apmebf[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@arbanasi.bghotelite[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@at.atwola[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@atdmt[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@audit.median[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@austrianairlines.122.2o7[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@azjmp[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@balchik.bghotelite[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@banner.mymedia[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@banners.mymedia[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@bg.static.etargetnet[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@bghotelite[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@bluestreak[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@boursoramabanque.solution.weborama[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@bravenet[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@burstbeacon[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@burstnet[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@casalemedia[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@casalibro.112.2o7[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@cdn4.specificclick[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@cdn5.specificclick[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@chicagosuntimes.122.2o7[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@chitika[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@click.cashengines[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@click.mediadome[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@clicktorrent[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@collective-media[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@content.yieldmanager[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@content.yieldmanager[3].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@count.brat-online[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@count.rbc[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@delivery.usermedia[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@dobrinishte.bghotelite[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@doubleclick[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@eas.apm.emediate[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@economedia[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ehg-francetel.hitbox[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ehg-nokiafin.hitbox[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@fastclick[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@findarticles[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@gostats[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@grow.122.2o7[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@hdn.valueclick[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@highbeam.122.2o7[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@hitbox[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@hotelite[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@hotlog[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@ice.112.2o7[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@imrworldwide[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@indextools[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@insightexpressai[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@interclick[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@kontera[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@landing.hitfarm[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@lfstmedia[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@m1.webstats.motigo[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@media.adrevolver[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@media.diariocritico[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@media.exchange[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@media.photobucket[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@media6degrees[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@mediafire[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@medialand.relax[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@mediaplex[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@metroleap.rotator.hadj7.adjuggler[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@myxer.adbureau[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@nesebar.bghotelite[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@optimize.indieclick[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@overture[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@perf.overture[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@phg.hitbox[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@pointroll[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@pop.webfile[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@prisacom.112.2o7[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@questionmarket[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@rem.rezonmedia[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@revenue[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@revsci[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@richmedia.yahoo[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@rm.yieldmanager[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@rotator.adjuggler[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@serving-sys[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@smartadserver[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@socialmedia[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@specificclick[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@specificmedia[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@spylog[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@stat.dealtime[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@stat.onestat[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@statcounter[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@statse.webtrendslive[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@stepstone.112.2o7[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@stroitelstvo.economedia[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@tacoda[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@teenproblem[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@tracking-fundacioneroski[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@tradedoubler[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@trafficmp[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@tribalfusion[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@tripod[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@tsleducation.112.2o7[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@valueclick[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@viacom.adbureau[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@videoegg.adbureau[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@warnerbros.112.2o7[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@weborama[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.burstbeacon[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.burstnet[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.educadulto[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.googleadservices[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.googleadservices[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.googleadservices[3].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.googleadservices[4].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.hotelite[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.linkfinders[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.mediafire[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.socialtrack[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www.teenproblem[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www3.addfreestats[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@www6.addfreestats[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@xiti[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@yadro[2].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@yieldmanager[1].txt

C:\Users\violet\AppData\Roaming\Microsoft\Windows\Cookies\Low\violet@zedo[1].txt

[B-boy/StyLe/]

Лог файловете са чисти. Можете да обновите дефинициите на Malwarebytes и да видим дали ще засече изтрития от нея файл.

Но ми се струва, че сме готови.

 

За финал от Malwarebytes => Quarantine => натиснете Delete all за да почистите файловете в карантината.

[vil]

изтрих ги

Благодаря много за оказаното съдействие! дано не се появи вече и всичко е наред

 

Malwarebytes' Anti-Malware 1.43

Database version: 3492

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

1/4/2010 6:29:16 PM

mbam-log-2010-01-04 (18-29-16).txt

 

Scan type: Quick Scan

Objects scanned: 104021

Time elapsed: 6 minute(s), 46 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

надявам се, че това означава, че съм се отървала от тази гад :S