Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System check virus/Google re-direct


  • Please log in to reply
5 replies to this topic

#1 nick10v

nick10v

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 19 February 2012 - 12:40 PM

Hey there,

Just read a similar post and looks like people are experiencing the same problem/virus.

Was on the internet last night browsing, all of a sudden fake alert windows appeared followed by a fake system check box - http://trojan-killer.net/wp-content/uploads/SystemCheck.jpg

After following the instructions I read on this site: http://www.myantispyware.com/2012/01/02/how-to-remove-system-check-virus/

I managed to install Malwarebytes and remove some infected files. I downloaded TDSSKiller but was unable to open it from my desktop, even though I changed the name.

Ran combofix but unsure is it suceeded.

Basically, the system check windows have all gone, but my internet is messed up with re-directs, spam pages, etc. Firefox also keeps closing and my OS: Windows Vista often crashes with a blue page and computer restart.

How do I fix this?

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:35 PM

Posted 19 February 2012 - 01:07 PM

Ran combofix but unsure is it suceeded.

As you have ran combofix,

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here and post the required logs

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#3 nick10v

nick10v
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 19 February 2012 - 02:04 PM

Trying to run the DDS scan, but computer keeps freezing. Would this be the virus??

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:35 PM

Posted 19 February 2012 - 06:16 PM

If DDS freezes follow the instructions suggested by boopme in this topic

http://www.bleepingcomputer.com/forums/topic442100.html/page__st__15

OTL log should be enough

good luck

#5 nick10v

nick10v
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 19 February 2012 - 08:27 PM

OK, so because I could not run DDS, I used OTL and the log is below. Having removed most of the virus (I think) I am not experiencing as many redirects. I have also used spybot to get rid of some spyware/malware.
However, my PC often crashes and switches to Blue screen before restarting itself...

OTL LOG:

OTL logfile created on: 20/02/2012 00:51:32 - Run 2
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Nick\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 43.34% Memory free
4.10 Gb Paging File | 3.04 Gb Available in Paging File | 74.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.76 Gb Total Space | 17.62 Gb Free Space | 3.87% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nick\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Nick\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\GfxUI.exe (Intel Corporation)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\Haali\splitter.ax ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkx.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\Haali\avi.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()


========== Win32 Services (SafeList) ==========

SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (ePowerSvc) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows ® Win 7 DDK provider)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=0709&m=e525
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=0709&m=e525


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=0709&m=e525
IE - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.socks_version: 0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Nick\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/23 16:43:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 05:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/19 16:52:10 | 000,000,000 | ---D | M]

[2012/02/10 20:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2012/02/16 23:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sebn9b53.default\extensions
[2012/02/16 23:03:59 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\sebn9b53.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2012/01/12 14:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/18 05:10:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/13 23:09:01 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/13 23:09:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/16 21:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2012/02/13 23:09:01 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/13 23:09:01 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/13 23:09:01 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/19 23:07:01 | 000,441,256 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15168 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000..\Run: [Media Finder] C:\Program Files\Media Finder\MF.exe /opentotray File not found
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2230593745-3079682940-3412958634-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3AC2C08-618A-4156-896E-6A99AF6A9586}: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC3164EB-7DC9-4C7A-A6AD-6A7A7620A448}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2da7beff-baca-11de-b4ec-00235aed83cd}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{650baae4-c139-11df-8159-00235aed83cd}\Shell - "" = AutoRun
O33 - MountPoints2\{650baae4-c139-11df-8159-00235aed83cd}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{77697fc0-20f3-11df-947a-00235aed83cd}\Shell - "" = AutoRun
O33 - MountPoints2\{77697fc0-20f3-11df-947a-00235aed83cd}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{81aadbb0-bd1e-11de-a667-00235aed83cd}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{824406be-ec4d-11de-851c-00235aed83cd}\Shell - "" = AutoRun
O33 - MountPoints2\{824406be-ec4d-11de-851c-00235aed83cd}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{9159d45d-f2f2-11de-8bff-00235aed83cd}\Shell\Auto\command - "" = McRegWizz.exe e
O33 - MountPoints2\{9159d45d-f2f2-11de-8bff-00235aed83cd}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe e
O33 - MountPoints2\{b7fdf866-fe63-11df-82e3-00235aed83cd}\Shell - "" = AutoRun
O33 - MountPoints2\{b7fdf866-fe63-11df-82e3-00235aed83cd}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{c37530a1-b1cb-11de-a63b-00235aed83cd}\Shell\AutoRun\command - "" = d1vmq.exe
O33 - MountPoints2\{c37530a1-b1cb-11de-a63b-00235aed83cd}\Shell\open\Command - "" = d1vmq.exe
O33 - MountPoints2\{e583f162-22ab-11e0-8300-00235aed83cd}\Shell - "" = AutoRun
O33 - MountPoints2\{e583f162-22ab-11e0-8300-00235aed83cd}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/20 00:36:17 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2012/02/19 20:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/19 20:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/19 20:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/19 19:42:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\echo1
[2012/02/19 19:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/02/19 19:38:15 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Simply Super Software
[2012/02/19 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012/02/19 19:37:54 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Trojan Remover 6.8.2
[2012/02/19 17:35:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/19 17:35:20 | 000,000,000 | ---D | C] -- C:\079a61b04dda315617ebda4ae64b5a02
[2012/02/19 17:34:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/19 17:34:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/19 17:34:50 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/19 17:34:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/19 17:34:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/19 17:34:49 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/19 17:34:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/19 17:34:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/19 17:34:47 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/19 17:34:47 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/19 17:34:47 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/19 17:34:47 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/19 17:34:47 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/19 17:34:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/19 17:34:46 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/19 17:34:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/19 17:34:46 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/19 17:34:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/19 17:34:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/19 17:34:45 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/19 17:34:45 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/19 17:34:45 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/19 17:34:44 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/19 17:34:44 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/19 17:34:43 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/19 17:34:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/19 17:34:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/19 17:34:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/19 17:34:42 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/19 17:34:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/19 17:34:41 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/19 17:34:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/19 17:34:40 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/19 17:34:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/19 17:34:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/19 17:34:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/19 17:34:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/19 16:24:04 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\321.exe
[2012/02/18 21:56:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/18 21:56:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/18 21:56:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/18 21:54:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/18 21:54:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/18 21:50:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2012/02/18 21:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012/02/18 21:50:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/18 21:49:26 | 000,000,000 | R--D | C] -- C:\Users\Nick\Desktop\Videos
[2012/02/18 20:26:03 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\myapp.exe.exe
[2012/02/18 20:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/02/18 20:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/02/18 19:48:42 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Malwarebytes
[2012/02/18 19:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/18 19:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/18 19:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/18 18:41:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/02/18 15:57:45 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\font
[2012/02/17 13:02:33 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/02/17 03:01:09 | 000,000,000 | ---D | C] -- C:\b92218e5462abac91756
[2012/02/16 20:54:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Download
[2012/02/16 03:17:20 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/14 18:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV to MP4 Converter
[2012/02/14 18:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\FLV to MP4 Converter
[2012/02/12 23:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\PSPad editor
[2012/02/11 21:21:41 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\FileZilla
[2012/02/11 21:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012/02/11 21:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/02/11 19:33:14 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\wordpress
[2012/02/11 19:29:09 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Bonsai theme
[2012/02/11 19:28:59 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\bonsai
[2012/02/10 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Media Finder
[2012/02/10 20:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012/02/03 17:30:24 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Microsoft Help
[2012/01/24 02:43:05 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{8752E384-227F-4A66-98BD-251CC51D5EB5}
[2010/08/25 18:59:08 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/20 00:50:42 | 000,000,878 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/20 00:50:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 00:50:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 00:49:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/20 00:49:53 | 230,181,427 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/20 00:36:16 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2012/02/20 00:01:01 | 000,000,882 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/19 20:27:54 | 000,030,392 | ---- | M] () -- C:\Users\Nick\Desktop\screenshot.png
[2012/02/19 20:00:15 | 000,001,041 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/19 20:00:15 | 000,001,017 | ---- | M] () -- C:\Users\Nick\Desktop\Spybot - Search & Destroy.lnk
[2012/02/19 19:38:30 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012/02/19 19:19:20 | 393,470,867 | ---- | M] () -- C:\Users\Nick\Desktop\Echo Croatia.rar
[2012/02/19 17:46:37 | 000,000,905 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/19 17:35:04 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/19 17:35:04 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/19 17:34:51 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/19 17:34:51 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/19 17:34:50 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/19 17:34:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/19 17:34:49 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/19 17:34:49 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/19 17:34:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/19 17:34:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/19 17:34:47 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/19 17:34:47 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/19 17:34:47 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/19 17:34:47 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/19 17:34:47 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/19 17:34:47 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/19 17:34:46 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/19 17:34:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/19 17:34:46 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/19 17:34:46 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/19 17:34:46 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/19 17:34:45 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/19 17:34:45 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/19 17:34:45 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/19 17:34:45 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/19 17:34:44 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/19 17:34:44 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/19 17:34:43 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/19 17:34:42 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/19 17:34:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/19 17:34:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/19 17:34:42 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/19 17:34:42 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/19 17:34:41 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/19 17:34:41 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/19 17:34:40 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/19 17:34:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/19 17:34:39 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/19 17:34:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/19 17:34:38 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/19 16:10:46 | 093,177,690 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/02/18 22:00:59 | 000,001,557 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox - Shortcut.lnk
[2012/02/18 20:21:53 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\ds.lnk
[2012/02/18 19:48:34 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 18:57:23 | 000,000,456 | ---- | M] () -- C:\ProgramData\123
[2012/02/18 18:56:05 | 000,000,272 | ---- | M] () -- C:\ProgramData\cdf
[2012/02/18 18:56:05 | 000,000,184 | ---- | M] () -- C:\ProgramData\c
[2012/02/18 18:55:58 | 000,000,631 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/18 18:54:55 | 000,609,196 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/18 18:54:55 | 000,108,672 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/18 18:41:55 | 000,000,607 | ---- | M] () -- C:\Users\Nick\Desktop\System Check.lnk
[2012/02/18 15:52:59 | 000,237,592 | ---- | M] () -- C:\Users\Nick\Desktop\webfontkit-20120218-105236.zip
[2012/02/18 15:50:48 | 000,048,927 | ---- | M] () -- C:\Users\Nick\Desktop\zag.zip
[2012/02/17 23:44:24 | 002,401,936 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/17 13:02:48 | 000,000,922 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/16 00:52:42 | 000,028,678 | ---- | M] () -- C:\Users\Nick\Desktop\1.odt
[2012/02/15 22:33:09 | 000,034,446 | ---- | M] () -- C:\Users\Nick\Desktop\soundcloud-shortcode(1).zip
[2012/02/15 19:34:16 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\myapp.exe.exe
[2012/02/15 19:34:16 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\321.exe
[2012/02/14 18:33:14 | 000,163,328 | ---- | M] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 00:42:20 | 000,000,680 | ---- | M] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat
[2012/02/13 23:03:52 | 000,012,972 | ---- | M] () -- C:\Users\Nick\Desktop\notes today.odt
[2012/02/11 19:25:23 | 002,902,537 | ---- | M] () -- C:\Users\Nick\Desktop\bonsai-minimalist-wordpress-theme.zip
[2012/02/01 16:09:59 | 000,028,747 | ---- | M] () -- C:\Users\Nick\Desktop\Untitled 1.odt
[2012/01/30 19:51:58 | 000,099,196 | ---- | M] () -- C:\Users\Nick\Documents\liz final ps.jpg
[2012/01/29 15:17:49 | 000,013,193 | ---- | M] () -- C:\Users\Nick\Documents\UVA Grades (Erasmus).ods
[2012/01/25 22:45:58 | 000,012,560 | ---- | M] () -- C:\Users\Nick\Desktop\soundcloud-shortcode.php
[2012/01/25 18:46:23 | 009,297,306 | ---- | M] () -- C:\Users\Nick\Desktop\Function_Subtle_Grunge_2.zip
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/19 20:27:53 | 000,030,392 | ---- | C] () -- C:\Users\Nick\Desktop\screenshot.png
[2012/02/19 20:00:15 | 000,001,041 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/19 20:00:15 | 000,001,017 | ---- | C] () -- C:\Users\Nick\Desktop\Spybot - Search & Destroy.lnk
[2012/02/19 19:38:30 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012/02/19 19:13:54 | 393,470,867 | ---- | C] () -- C:\Users\Nick\Desktop\Echo Croatia.rar
[2012/02/19 17:46:37 | 000,000,905 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/19 17:34:46 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/18 22:00:58 | 000,001,557 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox - Shortcut.lnk
[2012/02/18 21:56:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/18 21:56:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/18 21:56:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/18 21:56:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/18 21:56:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/18 21:50:42 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012/02/18 21:50:42 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012/02/18 21:50:42 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012/02/18 21:50:42 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012/02/18 20:21:53 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\ds.lnk
[2012/02/18 19:48:34 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 18:55:58 | 000,000,631 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/18 18:41:56 | 000,000,184 | ---- | C] () -- C:\ProgramData\c
[2012/02/18 18:41:55 | 000,000,607 | ---- | C] () -- C:\Users\Nick\Desktop\System Check.lnk
[2012/02/18 18:41:55 | 000,000,272 | ---- | C] () -- C:\ProgramData\cdf
[2012/02/18 18:41:54 | 000,000,456 | ---- | C] () -- C:\ProgramData\123
[2012/02/18 15:52:59 | 000,237,592 | ---- | C] () -- C:\Users\Nick\Desktop\webfontkit-20120218-105236.zip
[2012/02/18 15:51:20 | 000,035,976 | ---- | C] () -- C:\Users\Nick\Desktop\Zag Regular.otf
[2012/02/18 15:51:20 | 000,035,968 | ---- | C] () -- C:\Users\Nick\Desktop\Zag Bold.otf
[2012/02/18 15:50:37 | 000,048,927 | ---- | C] () -- C:\Users\Nick\Desktop\zag.zip
[2012/02/17 13:02:48 | 000,000,922 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/16 00:52:41 | 000,028,678 | ---- | C] () -- C:\Users\Nick\Desktop\1.odt
[2012/02/15 22:35:47 | 000,012,560 | ---- | C] () -- C:\Users\Nick\Desktop\soundcloud-shortcode.php
[2012/02/15 22:33:08 | 000,034,446 | ---- | C] () -- C:\Users\Nick\Desktop\soundcloud-shortcode(1).zip
[2012/02/13 23:03:49 | 000,012,972 | ---- | C] () -- C:\Users\Nick\Desktop\notes today.odt
[2012/02/11 19:24:55 | 002,902,537 | ---- | C] () -- C:\Users\Nick\Desktop\bonsai-minimalist-wordpress-theme.zip
[2012/02/10 20:15:59 | 002,811,992 | ---- | C] () -- C:\Users\Nick\Documents\0415091411.pdf
[2012/02/03 20:02:44 | 000,035,276 | ---- | C] () -- C:\Users\Nick\Desktop\plstk.ttf
[2012/01/30 19:51:57 | 000,099,196 | ---- | C] () -- C:\Users\Nick\Documents\liz final ps.jpg
[2012/01/29 15:17:49 | 000,013,193 | ---- | C] () -- C:\Users\Nick\Documents\UVA Grades (Erasmus).ods
[2012/01/26 17:36:26 | 000,028,747 | ---- | C] () -- C:\Users\Nick\Desktop\Untitled 1.odt
[2012/01/25 18:45:53 | 009,297,306 | ---- | C] () -- C:\Users\Nick\Desktop\Function_Subtle_Grunge_2.zip
[2011/12/16 02:32:34 | 000,000,000 | ---- | C] () -- C:\Users\Nick\AppData\Local\{FB857894-7406-4EC4-9001-175EEB8E453C}
[2011/08/19 08:26:20 | 010,898,456 | -H-- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 08:26:20 | 000,336,408 | -H-- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 08:26:20 | 000,104,472 | -H-- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/07/26 05:48:54 | 000,028,418 | -H-- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/02/24 03:21:25 | 000,165,376 | -H-- | C] () -- C:\Windows\System32\unrar.dll
[2010/12/23 08:23:27 | 000,000,127 | -H-- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/25 19:30:02 | 000,439,308 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/04/15 13:59:57 | 000,045,568 | -H-- | C] () -- C:\Windows\UniFish3.exe
[2010/03/19 06:52:54 | 000,009,748 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\wklnhst.dat
[2009/12/19 00:07:51 | 000,000,680 | ---- | C] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat
[2009/10/12 21:16:00 | 000,163,328 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files - Unicode (All) ==========
[2011/03/07 23:37:05 | 002,102,017 | ---- | C] ()(C:\Users\Nick\Documents\?????1.ai) -- C:\Users\Nick\Documents\зкште1.ai
[2011/03/07 23:36:49 | 002,099,580 | ---- | C] ()(C:\Users\Nick\Documents\????????.ai) -- C:\Users\Nick\Documents\ДЩПЩывыф.ai
[2011/03/07 23:34:14 | 002,102,017 | ---- | M] ()(C:\Users\Nick\Documents\?????1.ai) -- C:\Users\Nick\Documents\зкште1.ai
[2011/03/07 22:18:16 | 002,099,580 | ---- | M] ()(C:\Users\Nick\Documents\????????.ai) -- C:\Users\Nick\Documents\ДЩПЩывыф.ai

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:35 PM

Posted 19 February 2012 - 08:34 PM

DO NOT POST IT HERE :)

Create a topic here and post the required logs

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users