[Not curable - Ramnit] Google Re-direct-having problems, can't download GMER

Status
Not open for further replies.
Ok i did that, the folder is still in Program Files though but it looks like it did a full report for a change! Here is the log:

ComboFix 11-04-24.02 - User 25/04/2011 14:18:08.13.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1795 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Steam\Steam.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-25 to 2011-04-25 )))))))))))))))))))))))))))))))
.
.
2011-04-24 20:17 . 2011-04-25 13:23 -------- d-----w- c:\program files\Steam
2011-04-24 17:06 . 2011-04-24 17:06 -------- d-----w- c:\documents and settings\UpdatusUser
2011-04-24 17:06 . 2011-04-24 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-04-24 17:05 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-24 17:05 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-24 17:05 . 2011-04-08 05:14 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-24 17:05 . 2011-04-08 05:14 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-24 17:05 . 2011-04-08 05:14 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-24 17:05 . 2011-04-08 05:14 2116894 ----a-w- c:\windows\system32\nvdata.bin
2011-04-24 17:05 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-24 17:05 . 2011-04-08 05:14 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-24 17:05 . 2011-04-08 05:14 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-24 17:05 . 2011-04-08 05:14 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-24 15:40 . 2011-04-24 15:40 -------- d-----w- C:\NVIDIA
2011-04-24 13:20 . 2011-04-24 19:53 -------- d-----w- c:\program files\khwsfwle
2011-04-24 13:14 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-04-24 13:14 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-04-24 13:14 . 2004-08-04 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2011-04-24 13:14 . 2004-08-04 12:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2011-04-24 13:14 . 2004-08-04 12:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2011-04-24 13:14 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2011-04-24 13:14 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2011-04-24 13:14 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2011-04-24 13:14 . 2004-08-04 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2011-04-24 13:14 . 2004-08-04 12:00 363520 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2011-04-24 13:12 . 2004-08-04 12:00 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
2011-04-24 13:11 . 2004-08-04 12:00 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll
2011-04-24 13:10 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-04-24 13:10 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-04-24 13:10 . 2004-08-04 12:00 8192 -c--a-w- c:\windows\system32\dllcache\bitsprx2.dll
2011-04-24 13:10 . 2004-08-04 12:00 8192 ----a-w- c:\windows\system32\bitsprx2.dll
2011-04-24 13:10 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx3.dll
2011-04-24 13:10 . 2004-08-04 12:00 7168 ----a-w- c:\windows\system32\bitsprx3.dll
2011-04-24 12:58 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-04-24 12:58 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-04-24 12:58 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-04-24 12:58 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-04-24 01:42 . 2011-04-24 01:42 -------- d-----w- C:\_OTL
2011-04-24 00:10 . 2011-04-24 00:11 -------- d-----w- c:\documents and settings\Administrator
2011-04-23 12:22 . 2011-04-23 13:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-04-23 02:56 . 2011-04-23 02:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-23 02:53 . 2011-04-23 02:54 -------- dc-h--w- c:\windows\ie8
2011-04-23 02:53 . 2011-04-23 02:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-23 02:53 . 2011-04-24 14:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2011-04-23 02:52 . 2011-04-23 02:53 -------- d-----w- c:\program files\Google
2011-04-23 00:58 . 2011-04-24 20:21 -------- d-----w- c:\windows\system32\NtmsData
2011-04-23 00:57 . 2011-04-23 00:57 -------- d-----w- c:\documents and settings\User\Application Data\Avira
2011-04-23 00:55 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-23 00:55 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-23 00:55 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-23 00:55 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-23 00:55 . 2011-04-23 00:55 -------- d-----w- c:\program files\Avira
2011-04-23 00:55 . 2011-04-23 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-04-22 21:30 . 2011-04-23 00:48 166768 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\isuspmmgr.exe
2011-04-22 21:30 . 2011-04-23 00:48 166768 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agentmgr.exe
2011-04-22 21:23 . 2011-04-22 21:23 -------- d-----w- c:\program files\VS Revo Group
2011-04-15 17:17 . 2011-04-15 17:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Trusteer
2011-04-14 22:04 . 2011-04-14 22:04 -------- d-----w- c:\program files\Spotify
2011-04-07 21:15 . 2011-04-07 21:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 21:15 . 2011-04-07 21:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 21:15 . 2011-04-07 21:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 21:15 . 2011-04-07 21:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:15 . 2011-04-07 21:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:15 . 2011-04-07 21:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 21:15 . 2011-04-07 21:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-06 11:23 . 2011-04-06 11:23 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 05:14 . 2010-07-10 04:38 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2010-07-10 04:38 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-17 12:32 . 2010-10-08 11:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-24_19.50.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-12 20:45 . 2011-04-24 20:17 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2011-01-12 20:45 . 2011-01-12 20:45 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2005-12-20 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Age Of Empires II\\Age Of Empires II The Conquerors\\age2_x1.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 23:43 59240]
S1 RapportCerberus_25973;RapportCerberus_25973;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [13/04/2011 12:17 57144]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 23:43 169320]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/04/2011 01:55 135336]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [27/01/2011 19:03 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/04/2011 03:53 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [24/04/2011 18:06 2218600]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27/01/2011 19:03 36608]
S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UND.SYS [08/10/2010 12:18 117632]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
AddRemove-Steam App 34220 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-25 14:24
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\User\Start Menu\Programs\Startup\skofparu.exe 166768 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-25 14:26:07
ComboFix-quarantined-files.txt 2011-04-25 13:26
.
Pre-Run: 424,099,659,776 bytes free
Post-Run: 424,078,569,472 bytes free
.
- - End Of File - - 50D51C92107DBF6145369E556CDC86E7
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\documents and settings\User\Start Menu\Programs\Startup\skofparu.exe

Folder::
c:\program files\khwsfwle


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Ok have done that, i think they're still on there though! Here is the log:

ComboFix 11-04-24.02 - User 25/04/2011 18:39:22.14.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1793 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\documents and settings\User\Start Menu\Programs\Startup\skofparu.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Start Menu\Programs\Startup\skofparu.exe
c:\program files\Steam\Steam.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-25 to 2011-04-25 )))))))))))))))))))))))))))))))
.
.
2011-04-24 20:17 . 2011-04-25 17:45 -------- d-----w- c:\program files\Steam
2011-04-24 17:06 . 2011-04-24 17:06 -------- d-----w- c:\documents and settings\UpdatusUser
2011-04-24 17:06 . 2011-04-24 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-04-24 17:05 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-24 17:05 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-24 17:05 . 2011-04-08 05:14 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-24 17:05 . 2011-04-08 05:14 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-24 17:05 . 2011-04-08 05:14 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-24 17:05 . 2011-04-08 05:14 2116894 ----a-w- c:\windows\system32\nvdata.bin
2011-04-24 17:05 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-24 17:05 . 2011-04-08 05:14 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-24 17:05 . 2011-04-08 05:14 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-24 17:05 . 2011-04-08 05:14 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-24 15:40 . 2011-04-24 15:40 -------- d-----w- C:\NVIDIA
2011-04-24 13:20 . 2011-04-25 13:28 -------- d-----w- c:\program files\khwsfwle
2011-04-24 13:14 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-04-24 13:14 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-04-24 13:14 . 2004-08-04 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2011-04-24 13:14 . 2004-08-04 12:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2011-04-24 13:14 . 2004-08-04 12:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2011-04-24 13:14 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2011-04-24 13:14 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2011-04-24 13:14 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2011-04-24 13:14 . 2004-08-04 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2011-04-24 13:14 . 2004-08-04 12:00 363520 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2011-04-24 13:12 . 2004-08-04 12:00 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
2011-04-24 13:11 . 2004-08-04 12:00 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll
2011-04-24 13:10 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-04-24 13:10 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-04-24 13:10 . 2004-08-04 12:00 8192 -c--a-w- c:\windows\system32\dllcache\bitsprx2.dll
2011-04-24 13:10 . 2004-08-04 12:00 8192 ----a-w- c:\windows\system32\bitsprx2.dll
2011-04-24 13:10 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx3.dll
2011-04-24 13:10 . 2004-08-04 12:00 7168 ----a-w- c:\windows\system32\bitsprx3.dll
2011-04-24 12:58 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-04-24 12:58 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-04-24 12:58 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-04-24 12:58 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-04-24 01:42 . 2011-04-24 01:42 -------- d-----w- C:\_OTL
2011-04-24 00:10 . 2011-04-24 00:11 -------- d-----w- c:\documents and settings\Administrator
2011-04-23 12:22 . 2011-04-23 13:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-04-23 02:56 . 2011-04-23 02:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-23 02:53 . 2011-04-23 02:54 -------- dc-h--w- c:\windows\ie8
2011-04-23 02:53 . 2011-04-23 02:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-23 02:53 . 2011-04-24 14:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2011-04-23 02:52 . 2011-04-23 02:53 -------- d-----w- c:\program files\Google
2011-04-23 00:58 . 2011-04-24 20:21 -------- d-----w- c:\windows\system32\NtmsData
2011-04-23 00:57 . 2011-04-23 00:57 -------- d-----w- c:\documents and settings\User\Application Data\Avira
2011-04-23 00:55 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-23 00:55 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-23 00:55 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-23 00:55 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-23 00:55 . 2011-04-23 00:55 -------- d-----w- c:\program files\Avira
2011-04-23 00:55 . 2011-04-23 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-04-22 21:30 . 2011-04-23 00:48 166768 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\isuspmmgr.exe
2011-04-22 21:30 . 2011-04-23 00:48 166768 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agentmgr.exe
2011-04-22 21:23 . 2011-04-22 21:23 -------- d-----w- c:\program files\VS Revo Group
2011-04-15 17:17 . 2011-04-15 17:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Trusteer
2011-04-14 22:04 . 2011-04-14 22:04 -------- d-----w- c:\program files\Spotify
2011-04-07 21:15 . 2011-04-07 21:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 21:15 . 2011-04-07 21:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 21:15 . 2011-04-07 21:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 21:15 . 2011-04-07 21:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:15 . 2011-04-07 21:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:15 . 2011-04-07 21:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 21:15 . 2011-04-07 21:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-06 11:23 . 2011-04-06 11:23 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 05:14 . 2010-07-10 04:38 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2010-07-10 04:38 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-17 12:32 . 2010-10-08 11:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-24_19.50.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-12 20:45 . 2011-04-25 14:08 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2011-01-12 20:45 . 2011-01-12 20:45 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-23 39408]
"Steam"="c:\program files\Steam\Steam.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2005-12-20 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Age Of Empires II\\Age Of Empires II The Conquerors\\age2_x1.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 23:43 59240]
S1 RapportCerberus_25973;RapportCerberus_25973;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [13/04/2011 12:17 57144]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 23:43 169320]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/04/2011 01:55 135336]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [27/01/2011 19:03 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/04/2011 03:53 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [24/04/2011 18:06 2218600]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27/01/2011 19:03 36608]
S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UND.SYS [08/10/2010 12:18 117632]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-25 18:45
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\User\Start Menu\Programs\Startup\skofparu.exe 166768 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-25 18:47:22
ComboFix-quarantined-files.txt 2011-04-25 17:47
ComboFix2.txt 2011-04-25 13:26
.
Pre-Run: 422,576,500,736 bytes free
Post-Run: 422,557,208,576 bytes free
.
- - End Of File - - 3765B9A22F472339C31B5073D745E817
 
Please download The Avenger by Swandog46 to your Desktop.
- Right click on the Avenger.zip folder and select Extract All...
- Follow the prompts and extract the avenger folder to your desktop

Double click on avenger.exe.
Click OK in pop-up window.

Avenger window will open.

Click on Execute button.
Click OK in two consecutive pop-up windows.

Your computer will re-boot now.

Upon re-boot, Notepad window will open.
Select all text, copy it, and paste it into next reply.

NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.
 
Ok here is the log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
 
1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code: 
Begin copying here:
Files to delete:
c:\documents and settings\User\Start Menu\Programs\Startup\skofparu.exe

Folders to delete:
c:\program files\khwsfwle


2. Now, open the Avenger folder and start The Avenger program by clicking on its icon.

* Right click on the window under Input script here:, and select Paste.
* You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
* Click on Execute
* Answer "Yes" twice when prompted.


3. The Avenger will automatically do the following:

* It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
* On reboot, it will briefly open a black command window on your desktop, this is normal.
* After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
* The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply
 
Ok thats done, here is the log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\documents and settings\User\Start Menu\Programs\Startup\skofparu.exe" not found!
Deletion of file "c:\documents and settings\User\Start Menu\Programs\Startup\skofparu.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "c:\program files\khwsfwle" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 
Excellent news!
Let's see what we got in Combofix log....

ComboFix 11-04-24.02 - User 25/04/2011 21:30:09.15.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1790 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-25 to 2011-04-25 )))))))))))))))))))))))))))))))
.
.
2011-04-25 20:24 . 2011-04-25 20:24 -------- d-----w- c:\windows\LastGood
2011-04-25 20:07 . 2008-04-14 00:10 966656 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obemetal.dll
2011-04-25 20:07 . 2008-04-14 00:10 86016 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obepopc.dll
2011-04-25 20:07 . 2008-04-14 00:10 229376 ------w- c:\program files\MSN\MSNCoreFiles\OOBE\obelog.dll
2011-04-25 20:07 . 2008-04-14 00:12 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-04-25 20:07 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-04-25 20:07 . 2008-05-02 14:01 83968 ------w- c:\program files\Messenger\msgsc.dll
2011-04-25 20:05 . 2006-12-28 19:01 19569 ----a-w- c:\windows\003400_.tmp
2011-04-25 20:05 . 2008-04-14 00:11 650752 ------w- c:\windows\system32\dot3ui.dll
2011-04-25 20:05 . 2008-04-14 00:11 56320 ------w- c:\windows\system32\dot3msm.dll
2011-04-25 20:05 . 2008-04-14 00:11 39936 ------w- c:\windows\system32\dot3gpclnt.dll
2011-04-25 20:05 . 2008-04-14 00:11 132096 ------w- c:\windows\system32\dot3svc.dll
2011-04-25 20:05 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-04-25 20:05 . 2008-04-14 00:11 7168 ------w- c:\windows\system32\bitsprx4.dll
2011-04-25 20:05 . 2008-04-14 00:11 233472 ------w- c:\windows\system32\azroles.dll
2011-04-25 20:04 . 2008-04-14 00:11 516768 ------w- c:\windows\system32\ativvaxx.dll
2011-04-25 20:04 . 2008-04-14 00:11 32768 ------w- c:\windows\system32\ativtmxx.dll
2011-04-25 19:59 . 2011-04-25 19:59 -------- d-----w- c:\program files\MSXML 6.0
2011-04-25 19:57 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-04-25 19:57 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-04-25 19:57 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-04-25 19:57 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-25 19:57 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-04-25 19:57 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-04-25 19:57 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-24 20:17 . 2011-04-25 17:45 -------- d-----w- c:\program files\Steam
2011-04-24 17:06 . 2011-04-25 20:07 -------- d-----w- c:\documents and settings\UpdatusUser
2011-04-24 17:06 . 2011-04-24 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-04-24 17:05 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-24 17:05 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-24 17:05 . 2011-04-08 05:14 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-24 17:05 . 2011-04-08 05:14 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-24 17:05 . 2011-04-08 05:14 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-24 17:05 . 2011-04-08 05:14 2116894 ----a-w- c:\windows\system32\nvdata.bin
2011-04-24 17:05 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-24 17:05 . 2011-04-08 05:14 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-24 17:05 . 2011-04-08 05:14 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-24 17:05 . 2011-04-08 05:14 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-24 15:40 . 2011-04-24 15:40 -------- d-----w- C:\NVIDIA
2011-04-24 13:14 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-04-24 13:14 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-04-24 13:14 . 2004-08-04 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2011-04-24 13:14 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2011-04-24 13:14 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2011-04-24 13:14 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2011-04-24 13:14 . 2004-08-04 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2011-04-24 13:12 . 2008-04-14 00:09 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
2011-04-24 13:11 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-04-24 13:11 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-04-24 13:11 . 2004-08-04 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-04-24 13:11 . 2004-08-04 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2011-04-24 13:11 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2011-04-24 13:11 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-04-24 13:10 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-04-24 13:10 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-04-24 13:10 . 2008-04-14 00:11 8192 ----a-w- c:\windows\system32\bitsprx2.dll
2011-04-24 13:10 . 2008-04-14 00:11 7168 ----a-w- c:\windows\system32\bitsprx3.dll
2011-04-24 12:58 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-04-24 12:58 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-04-24 12:58 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-04-24 12:58 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-04-24 01:42 . 2011-04-24 01:42 -------- d-----w- C:\_OTL
2011-04-24 00:10 . 2011-04-24 00:11 -------- d-----w- c:\documents and settings\Administrator
2011-04-23 12:22 . 2011-04-23 13:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-04-23 02:56 . 2011-04-23 02:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-23 02:53 . 2011-04-25 19:57 -------- dc-h--w- c:\windows\ie8
2011-04-23 02:53 . 2011-04-23 02:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-23 02:53 . 2011-04-24 14:28 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2011-04-23 02:52 . 2011-04-23 02:53 -------- d-----w- c:\program files\Google
2011-04-23 00:58 . 2011-04-24 20:21 -------- d-----w- c:\windows\system32\NtmsData
2011-04-23 00:57 . 2011-04-23 00:57 -------- d-----w- c:\documents and settings\User\Application Data\Avira
2011-04-23 00:55 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-23 00:55 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-23 00:55 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-23 00:55 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-23 00:55 . 2011-04-23 00:55 -------- d-----w- c:\program files\Avira
2011-04-23 00:55 . 2011-04-23 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-04-22 21:30 . 2011-04-23 00:48 166768 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\isuspmmgr.exe
2011-04-22 21:30 . 2011-04-23 00:48 166768 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agentmgr.exe
2011-04-22 21:23 . 2011-04-22 21:23 -------- d-----w- c:\program files\VS Revo Group
2011-04-15 17:17 . 2011-04-15 17:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Trusteer
2011-04-14 22:04 . 2011-04-14 22:04 -------- d-----w- c:\program files\Spotify
2011-04-07 21:15 . 2011-04-07 21:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 21:15 . 2011-04-07 21:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 21:15 . 2011-04-07 21:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 21:15 . 2011-04-07 21:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:15 . 2011-04-07 21:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:15 . 2011-04-07 21:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 21:15 . 2011-04-07 21:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-06 11:23 . 2011-04-06 11:23 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 05:14 . 2010-07-10 04:38 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2010-07-10 04:38 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-17 12:32 . 2010-10-08 11:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-24_19.50.33 )))))))))))))))))))))))))))))))))))))))))
.
[skipped - Broni]
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-23 39408]
"Steam"="c:\program files\Steam\Steam.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2005-12-20 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Age Of Empires II\\Age Of Empires II The Conquerors\\age2_x1.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/3/2010 11:43 PM 59240]
S1 RapportCerberus_25973;RapportCerberus_25973;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [4/13/2011 12:17 PM 57144]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 11:43 PM 169320]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/23/2011 1:55 AM 135336]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [1/27/2011 7:03 PM 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2011 3:53 AM 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [4/24/2011 6:06 PM 2218600]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [1/27/2011 7:03 PM 36608]
S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UND.SYS [10/8/2010 12:18 PM 117632]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SPUPDSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-25 21:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(856)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-04-25 21:38:40
ComboFix-quarantined-files.txt 2011-04-25 20:38
ComboFix2.txt 2011-04-25 17:47
ComboFix3.txt 2011-04-25 13:26
.
Pre-Run: 420,061,495,296 bytes free
Post-Run: 420,006,375,424 bytes free
.
- - End Of File - - 98BF67C6BCD9E187402D31993B2B1F4F
 
Looks good :)

Restart in normal mode, update MBAM, run "Quick scan" and post new log.
 
Great! Its working fine, here is the MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6443

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/04/2011 22:24:20
mbam-log-2011-04-25 (22-24-20).txt

Scan type: Quick scan
Objects scanned: 161634
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Super!

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Ok, i've done that, here are the logs:

OTL logfile created on: 25/04/2011 22:30:35 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 390.73 Gb Free Space | 83.89% Space Free | Partition Type: NTFS

Computer Name: USER-1EBAC01BAD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 22:29:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/01/08 10:42:54 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/25 22:29:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WMPNetworkSvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/01/08 10:42:54 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/13 12:17:06 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys -- (RapportCerberus_25973)
DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/08 13:01:37 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/10/03 23:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/08 10:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/02/22 16:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 16:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 16:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/12/21 16:26:48 | 004,405,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/09/12 09:18:04 | 000,117,632 | R--- | M] (Integrated System Solution Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\W35UND.SYS -- (W35UND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-343818398-776561741-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-343818398-776561741-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-343818398-776561741-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-776561741-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/04/25 18:45:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\S-1-5-21-343818398-776561741-725345543-1003..\Run: [Steam] File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-343818398-776561741-725345543-1005..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2011/04/24 18:44:38 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2011/04/24 18:44:38 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2011/04/24 18:44:38 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-776561741-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-776561741-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-776561741-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-776561741-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-343818398-776561741-725345543-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-776561741-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-776561741-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286537024059 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1286537114027 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/08 12:00:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/25 22:29:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/04/25 21:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/04/25 21:38:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/25 21:14:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/04/25 21:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\WinRAR
[2011/04/25 20:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/04/25 20:58:59 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/25 19:42:04 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/04/25 19:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\WinRAR
[2011/04/25 19:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/04/25 19:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/04/25 15:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Backup
[2011/04/24 21:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/04/24 21:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Copy Folder
[2011/04/24 19:43:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/24 18:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\3
[2011/04/24 18:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\1
[2011/04/24 18:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\2
[2011/04/24 18:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Nvidia Driver
[2011/04/24 18:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/04/24 18:05:35 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/04/24 16:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\HDAudio
[2011/04/24 16:40:27 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/04/24 14:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Misc
[2011/04/24 14:13:37 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/04/24 14:13:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/04/24 14:12:25 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/04/24 03:15:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/04/24 02:42:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/23 19:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/23 19:20:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/23 19:20:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/23 19:20:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/23 19:20:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/23 19:19:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/23 19:19:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/23 13:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/23 03:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Google
[2011/04/23 03:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/04/23 03:53:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/04/23 03:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/04/23 03:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Google
[2011/04/23 03:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/04/23 03:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/04/23 01:58:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/04/23 01:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira
[2011/04/23 01:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/04/23 01:55:54 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/23 01:55:54 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/23 01:55:54 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/23 01:55:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/23 01:55:54 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/23 01:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/23 01:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/04/22 22:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/22 22:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Revo Uninstaller
[2011/04/15 18:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Trusteer
[2011/04/14 23:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2011/04/06 12:23:51 | 000,000,000 | ---D | C] -- C:\found.000
[2011/03/28 13:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\DP Design
[2011/03/27 20:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Age Of Empires II
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/25 22:29:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/04/25 22:09:22 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/25 22:08:55 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/25 22:08:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/25 22:03:55 | 000,463,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/25 22:03:55 | 000,078,926 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/25 22:02:12 | 000,285,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/25 22:00:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/25 21:58:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/25 21:43:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/25 21:28:48 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/25 19:39:42 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\User\Desktop\WinRAR.lnk
[2011/04/25 18:45:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/25 15:12:53 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/04/25 14:48:50 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/24 21:59:24 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/04/24 21:42:16 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Football Manager 2011.lnk
[2011/04/24 21:01:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/24 20:44:30 | 004,328,608 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/04/24 18:15:05 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/24 18:15:05 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/24 18:15:04 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/24 18:00:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/24 14:19:37 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/04/24 14:14:44 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/04/24 14:11:32 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/24 14:11:32 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/24 14:11:22 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/24 14:08:50 | 000,023,348 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/24 14:07:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/23 14:11:46 | 000,458,279 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/04/23 13:23:03 | 000,657,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/04/23 03:56:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/23 01:56:03 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/22 22:23:14 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Revo Uninstaller.lnk
[2011/04/14 23:04:17 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Spotify.lnk
[2011/04/13 23:45:41 | 000,001,402 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Email.rtf
[2011/04/08 12:01:39 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/04/08 06:14:00 | 002,116,894 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2011/04/08 06:14:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/04/08 06:14:00 | 000,003,629 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/04/06 12:46:34 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2011/04/06 12:46:34 | 000,001,466 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DivX Movies.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/25 21:08:46 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/04/25 21:08:46 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/04/25 21:08:46 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/04/25 21:08:46 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/04/25 21:08:46 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/04/25 21:08:46 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/04/25 21:08:46 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/04/25 21:08:45 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/04/25 21:08:45 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/04/25 21:08:45 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/04/25 21:08:45 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/04/25 21:08:45 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/04/25 21:08:45 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/04/25 21:08:45 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/04/25 21:08:45 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/04/25 21:08:45 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/04/25 21:08:44 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/04/25 21:08:42 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/04/25 21:08:41 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/04/25 21:08:41 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/04/25 21:08:41 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/04/25 21:08:41 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/04/25 21:08:41 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/04/25 21:08:41 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/04/25 21:08:41 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/04/25 21:08:41 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/04/25 21:08:41 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/04/25 21:08:40 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/04/25 21:08:32 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/04/25 21:08:31 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/04/25 21:08:31 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/04/25 21:08:20 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/04/25 21:08:20 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/04/25 21:08:20 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/04/25 21:08:20 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/04/25 21:08:20 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/04/25 21:08:20 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/04/25 21:08:16 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/04/25 21:08:16 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/04/25 21:08:16 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/04/25 21:08:16 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/04/25 21:08:04 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/04/25 21:08:02 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/04/25 21:07:53 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/04/25 21:07:50 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/04/25 21:07:39 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/04/25 21:07:39 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/04/25 21:07:39 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/04/25 21:07:39 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/04/25 21:07:38 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/04/25 21:07:38 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/04/25 21:07:38 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/04/25 21:07:38 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/04/25 21:07:38 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/04/25 21:07:38 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/04/25 21:07:38 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/04/25 21:07:38 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/04/25 21:07:38 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/04/25 21:07:38 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/04/25 21:07:37 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/04/25 21:07:37 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/04/25 21:07:23 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/04/25 21:07:19 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/04/25 21:07:19 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/04/25 21:06:50 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/04/25 21:06:50 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/04/25 21:06:49 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/04/25 21:06:41 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/04/25 21:05:39 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/04/25 21:05:13 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/04/25 21:05:13 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/04/25 21:05:13 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/04/25 21:05:13 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/04/25 21:05:11 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/04/25 21:05:10 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/04/25 21:05:10 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/04/25 21:05:10 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/04/25 21:05:08 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/04/25 21:05:08 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/04/25 21:05:02 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/04/24 21:42:16 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Football Manager 2011.lnk
[2011/04/24 21:17:06 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/04/24 19:39:42 | 004,328,608 | R--- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/04/24 18:40:28 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\User\Desktop\WinRAR.lnk
[2011/04/24 18:05:35 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/04/24 14:48:43 | 2145,386,496 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2011/04/24 14:13:29 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/04/24 14:13:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/24 14:13:00 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/04/24 14:12:59 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/04/24 14:12:58 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/24 14:12:49 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/24 14:12:44 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/24 14:12:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/04/24 13:57:53 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/04/24 13:57:53 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/04/24 13:57:53 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/04/24 13:57:53 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/04/24 13:57:53 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/04/24 13:57:53 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/04/24 13:57:53 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/04/23 19:22:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/23 19:22:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/23 19:20:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/23 19:20:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/23 19:20:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/23 19:20:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/23 19:20:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/23 13:22:56 | 000,657,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/04/23 03:53:16 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/23 03:53:15 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/23 01:56:03 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/22 22:23:14 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Revo Uninstaller.lnk
[2011/04/14 23:04:17 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Spotify.lnk
[2011/01/27 19:03:01 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/01/27 19:03:01 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/01/27 19:02:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\User\Application Data\$_hpcst$.hpc
[2010/12/23 02:18:57 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/12/23 02:18:57 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/11/17 21:55:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/30 17:03:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/12 02:06:12 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/10/11 14:16:26 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/10/09 01:49:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2010/10/08 22:32:58 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/08 13:35:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/10/08 12:48:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/08 12:45:31 | 000,285,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/08 12:36:32 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/08 12:36:30 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/08 12:36:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/08 12:02:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/08 11:55:18 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 13:00:00 | 000,463,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 13:00:00 | 000,078,926 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/13 10:56:20 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2010/11/25 19:45:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/22 22:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/09 14:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2011/04/23 14:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/09 13:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/12/01 22:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/05 14:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\deluge
[2010/10/08 13:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2011/01/27 19:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Samsung
[2011/02/02 22:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive
[2011/04/21 20:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify
[2010/10/11 17:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Trusteer
[2010/10/08 16:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2010/10/08 21:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/08 13:25:52 | 000,000,032 | ---- | M] () -- C:\ALCSetup.log
[2010/10/08 12:00:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/04/25 20:21:47 | 000,001,576 | ---- | M] () -- C:\avenger.txt
[2011/04/24 14:07:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/24 21:01:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/24 04:02:41 | 000,010,064 | ---- | M] () -- C:\bootex.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/25 21:38:40 | 000,785,363 | ---- | M] () -- C:\ComboFix.txt
[2010/10/08 12:00:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/08 12:00:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/08 12:00:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/10/08 15:08:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/25 22:08:46 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/04/25 21:28:08 | 000,000,436 | ---- | M] () -- C:\rkill.log
[2011/04/23 18:41:14 | 000,036,266 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_23.04.2011_18.40.40_log.txt
[2011/04/23 18:45:59 | 000,036,266 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_23.04.2011_18.41.30_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/04/24 14:11:05 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/04/24 14:55:21 | 000,294,912 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011/04/24 05:09:54 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2011/04/24 14:55:21 | 026,554,368 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011/04/24 14:55:21 | 012,058,624 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/04/25 21:22:19 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/08 15:38:36 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/10/08 12:04:18 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/24 20:44:30 | 004,328,608 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/04/25 22:29:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/08/04 20:34:10 | 077,976,864 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\User\My Documents\iTunesSetup.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/08 15:38:36 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\User\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >
 
2nd part of 1st log:

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/25 21:43:57 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\User\Cookies\desktop.ini
[2011/04/25 22:29:01 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\User\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 01:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 15:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 23:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 23:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 23:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
That's fine....

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O4 - HKU\S-1-5-21-343818398-776561741-725345543-1003..\Run: [Steam] File not found
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Ok OTL Log:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-343818398-776561741-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
C:\WINDOWS\003400_.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: User
->Temp folder emptied: 10918882 bytes
->Temporary Internet Files folder emptied: 4410144 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 9427 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 459498 bytes

Total Files Cleaned = 15.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04252011_231930

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF327A.tmp not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF3297.tmp not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF3311.tmp not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF332E.tmp not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF3381.tmp not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF339E.tmp not found!
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TNCU3TA1\topic164252-5[1].html moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\OQRRGYLR\918[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\OQRRGYLR\gsloader[1].html moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\OQRRGYLR\partner[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\AF5DBKJA\918[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\AF5DBKJA\sh39[1].html moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\8TZSS2XG\controller[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\8TZSS2XG\likebox[1].htm moved successfully.
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!

Registry entries deleted on Reboot...
 
Security Check log:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
 
Its still running, has found a load of threats in 'system volume information_restore', don't know how bad they are though, will post when finished
 
After all those tools, we used, Eset will, most likely, discover only some leftovers.
 
Ok heres the log:

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\addr_file.html Win32/Ramnit.A virus
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loadermgr.exe a variant of Win32/Kryptik.MYT trojan
C:\Program Files\Common Files\InstallShield\UpdateService\agentmgr.exe a variant of Win32/Kryptik.MYT trojan
C:\Program Files\Common Files\InstallShield\UpdateService\isuspmmgr.exe a variant of Win32/Kryptik.MYT trojan
C:\Program Files\Steam\Public\Account.html Win32/Ramnit.A virus
C:\Program Files\Steam\Public\ssa_english.htm Win32/Ramnit.A virus
C:\Program Files\Steam\Public\ssa_french.htm Win32/Ramnit.A virus
C:\Program Files\Steam\Public\ssa_german.htm Win32/Ramnit.A virus
C:\Program Files\Steam\Public\ssa_italian.htm Win32/Ramnit.A virus
C:\Program Files\Steam\Public\ssa_russian.htm Win32/Ramnit.A virus
C:\Program Files\Steam\Public\ssa_spanish.htm Win32/Ramnit.A virus
C:\Program Files\Steam\SteamApps\common\football manager 2011\IntelLaptopGamingVista.dll Win32/Ramnit.H virus
C:\Program Files\Steam\SteamApps\common\football manager 2011\saAudit2005MT.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0000039.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0000222.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0000260.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0000261.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0001828.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0001829.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0001988.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0001989.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0001992.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0001993.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0002018.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP1\A0002028.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP2\A0002136.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP2\A0002139.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP2\A0002155.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP2\A0002247.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP2\A0002251.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0002315.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0002325.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0002499.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0002583.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0002653.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0003583.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0003639.scr Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0003640.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0003651.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0003682.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0003831.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0003871.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0003872.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004393.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004408.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004411.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004420.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004426.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004547.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004548.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004552.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004553.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004554.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004555.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004557.EXE Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004699.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004700.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004701.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004703.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004705.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004710.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004712.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004721.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004725.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004726.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004733.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0004745.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005585.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005586.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005587.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005588.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005589.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005591.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005608.scr Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005609.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005652.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005655.EXE Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005837.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005875.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0005876.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0006546.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0006827.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0006830.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0006837.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0006839.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0006842.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0006846.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0006850.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0006854.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0006863.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0006872.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007068.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007083.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007086.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007094.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007100.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007111.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007112.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007116.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007117.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007118.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007119.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007121.EXE Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007580.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007588.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007589.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007590.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007591.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007592.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007593.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007649.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP3\A0007662.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0007883.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0007884.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0007888.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0007889.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0007890.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0007891.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0007892.EXE Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0008656.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0008662.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0008663.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0008664.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0008665.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0008666.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0008668.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009663.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009665.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009666.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009667.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009668.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009669.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009718.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009722.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009727.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009731.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009736.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009738.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009740.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009741.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009742.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009743.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009744.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009745.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009751.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009821.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009822.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009826.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009827.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009828.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009829.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009887.EXE Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009937.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009944.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009947.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009952.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009955.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009965.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0009970.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0010031.dll Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0010042.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0010267.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0010305.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0010306.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0011912.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0011913.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0012205.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0012209.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0012300.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0012301.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP4\A0012303.exe a variant of Win32/Kryptik.MYT trojan
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP5\A0012314.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP5\A0012322.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP5\A0012324.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP5\A0012325.exe Win32/Ramnit.H virus
C:\System Volume Information\_restore{3C9BD2D0-0FC9-45F8-AF7F-DC26035C9CA0}\RP5\A0012326.dll Win32/Ramnit.H virus
C:\_OTL\MovedFiles\04242011_024253\C_Documents and Settings\User\Desktop\khwsfwle\skofparu.exe a variant of Win32/Kryptik.MYT trojan
C:\_OTL\MovedFiles\04242011_024253\C_Program Files\khwsfwle\skofparu.exe a variant of Win32/Kryptik.MYT trojan
 
Status
Not open for further replies.

Similar threads

Julio Franco
The complete list of alternatives to all Google products
2 3 4
Replies
98
Views
34K
wizardB
wizardB
P
Google founders Sergey Brin and Larry Page step down from their Alphabet leadership roles
Replies
4
Views
2K
OortCloud
O
Julio Franco
5 alternatives to using WhatsApp in 2021
Replies
18
Views
3K
Danny101
Danny101

Latest posts

Back