yes it's valid and up to date.
here are the logs:
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4215
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
6/20/2010 1:03:37 AM
mbam-log-2010-06-20 (01-03-37).txt
Scan type: Quick scan
Objects scanned: 195470
Time elapsed: 1 hour(s), 10 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 45
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\R oot\LEGACY_WINSPOOLSVC (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\WinSpoolSvc (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\nod32 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\nodqq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Application Data\cqsgf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Application Data\insnts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Application Data\vdolew.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\12gn6id2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\1thes92p.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\2bbi1ax.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\33r.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\9rfpp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\autorun.inf (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\pbyqfn.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\q0wfr.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\qhbfqx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\rfg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\rhwhin.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\rpw.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\xcr.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\xjb3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\awb3ryk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\bu8.exe (Worm.Tarterf) -> Quarantined and deleted successfully.
C:\ca.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\cobn8w3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\i8ikdjwt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\iuvvl9f3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\krwyrv0d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\n0qls.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\n6eyw.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\M6I77kEicE.log (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\nodqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temporary Internet Files\Content.IE5\Y8RAT3DN\9[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\yqq8eqil.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\XXXBA.RESUR (Malware.Trace) -> Quarantined and deleted successfully.
C:\cgaqyi.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\f662sjd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\p6xebrnt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\p9rs.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\dsoqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\dsoqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\dsoqq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\nodqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
ComboFix 10-06-18.03 - xev 06/20/2010 1:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.479.241 [GMT 8:00]
Running from: C:\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\2ul.exe
c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\lJ8kn.txt
c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\yaptm.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
C:\restore
c:\windows\04432.exe
c:\windows\3896.exe
c:\windows\42748.exe
c:\windows\543.exe
c:\windows\88773.exe
c:\windows\system32\SCLabel.ocx
c:\windows\YAHELITE.INI
D:\12gn6id2.exe
D:\1thes92p.exe
D:\2bbi1ax.exe
D:\2ul.exe
D:\33r.exe
D:\9rfpp.exe
D:\autorun.inf
D:\ca.exe
D:\cgaqyi.exe
D:\cobn8w3.exe
D:\f662sjd.exe
D:\i8ikdjwt.exe
D:\n0qls.exe
D:\n6eyw.exe
D:\p6xebrnt.exe
D:\q0wfr.exe
D:\qhbfqx.exe
D:\rfg.exe
D:\rhwhin.exe
D:\rpw.exe
D:\xcr.exe
D:\yqq8eqil.exe
.
((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.
2010-06-19 15:53 . 2010-06-19 15:57 3715012 ----a-r- C:\ComboFix.exe
2010-06-19 15:46 . 2010-06-19 15:46 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Malwarebytes
2010-06-19 15:45 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 15:45 . 2010-06-19 15:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-06-19 15:45 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 15:45 . 2010-06-19 17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 15:41 . 2010-06-19 15:43 6153352 ----a-w- C:\mbam-setup-1.46.exe
2010-06-19 14:50 . 2010-06-19 14:50 -------- d-----w- c:\program files\Trend Micro
2010-06-19 14:46 . 2010-06-19 14:46 812344 ----a-w- C:\HJTInstall.exe
2010-06-19 10:14 . 2010-06-19 10:35 67229047 ----a-w- C:\TricksterManualPatch(2).zip
2010-06-19 07:52 . 2006-06-01 11:09 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-19 07:48 . 2010-06-19 08:23 18794066 ----a-w- C:\TricksterManualPatch.zip
2010-06-18 15:28 . 2010-06-18 15:27 116224 --sh--r- C:\09lf.exe
2010-06-18 13:20 . 2010-06-19 10:40 -------- d-----w- C:\Ntreev USA
2010-06-18 09:02 . 2010-06-18 14:02 -------- d-----w- c:\program files\FlashGet
2010-06-18 08:39 . 2010-06-18 08:59 4653240 ----a-w- C:\flashget196en.exe
2010-06-18 08:01 . 2010-06-18 08:01 115712 --sh--r- C:\1gkbvsni.exe
2010-06-16 18:17 . 2010-06-19 14:55 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys
2010-06-15 05:49 . 2005-10-21 18:08 167936 ----a-w- C:\rmxpkegen.exe
2010-06-15 05:47 . 2010-06-15 05:48 77820 ----a-w- C:\Keygen.zip
2010-06-13 17:42 . 2010-06-15 05:50 88 --sh--r- c:\documents and settings\All Users.WINDOWS\Application Data\97A44125C9.sys
2010-06-13 17:42 . 2010-06-16 16:55 1682 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2010-06-13 17:37 . 2010-06-13 17:37 -------- d-----w- c:\program files\Common Files\Enterbrain
2010-06-13 17:26 . 2010-06-13 17:26 -------- d-----w- c:\program files\Enterbrain
2010-06-13 17:21 . 2010-06-13 17:22 -------- d-----w- C:\rpg maker
2010-06-12 05:29 . 2010-06-12 06:21 -------- d-----w- C:\4128646a06d2f43af186
2010-06-09 07:02 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2010-06-09 07:01 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2010-06-09 07:01 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-09 07:01 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-09 07:01 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-09 07:01 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2010-06-09 07:01 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfil terpipelinesvc.exe
2010-06-09 07:01 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-09 07:01 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-09 07:01 . 2010-06-09 07:02 -------- d-----w- C:\8edfe395bde670d887299caf066db9
2010-06-07 15:42 . 2010-06-07 15:42 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\PokerCreations
2010-06-07 13:17 . 2010-06-07 13:19 4687008 ----a-w- C:\GameInstaller.exe
2010-06-05 16:11 . 2010-06-05 16:11 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\%string%
2010-05-28 09:18 . 2010-06-02 16:05 -------- d-----w- c:\program files\RebirthRO
2010-05-27 16:57 . 2010-06-18 13:17 -------- d-----w- C:\downloads
2010-05-27 13:49 . 2010-05-27 13:49 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\MultiExtractor
2010-05-27 08:54 . 2010-05-27 13:26 -------- d-----w- c:\program files\Universal Extractor
2010-05-25 16:13 . 2010-05-25 16:13 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-25 16:13 . 2010-05-27 13:08 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-05-25 16:12 . 2010-05-25 16:21 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\DAEMON Tools Pro
2010-05-25 16:12 . 2010-05-25 16:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-19 07:52 . 2008-05-27 08:25 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-19 07:41 . 2009-02-23 05:44 42168 ----a-w- c:\documents and settings\xev.THE-D7A62AF55CF\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-16 10:14 . 2008-07-10 13:12 -------- d-----w- c:\program files\Free Music Zilla
2010-06-15 15:09 . 2009-03-10 22:26 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\LimeWire
2010-06-08 15:48 . 2010-04-11 14:05 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\U3
2010-06-07 14:13 . 2009-11-07 10:49 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\UFC Poker
2010-06-07 14:11 . 2009-11-07 10:48 -------- d-----w- c:\program files\UFC Poker
2010-05-27 14:30 . 2008-05-28 08:46 -------- d-----w- c:\program files\Samsung
2010-05-27 14:28 . 2008-05-27 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-27 14:21 . 2009-07-23 09:08 -------- d-----w- c:\program files\PokerStars
2010-05-27 09:06 . 2010-01-27 14:34 -------- d-----w- c:\program files\No-IP
2010-05-18 16:52 . 2010-05-18 16:52 -------- d-----w- c:\program files\psx emulation cheater
2010-05-06 04:45 . 2008-05-29 02:47 -------- d-----w- c:\program files\iTunes
2010-05-02 05:56 . 2004-08-03 21:17 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51 . 2004-08-03 22:56 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:36 . 2004-08-03 22:56 662016 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:36 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-03-31 09:58 . 2010-02-13 14:30 50354 -c--a-w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Facebook\uninstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-05 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_17\bin\jusched.exe" [2008-11-10 75264]
"VTPreset"="VTPreset.exe" [2004-02-25 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\documents and settings\xev.THE-D7A62AF55CF\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-26 113664]
Free Music Zilla.lnk - c:\program files\Free Music Zilla\FMZilla.exe [2008-7-10 732352]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-26 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5121:TCP"= 5121:TCP:map-server
"6121:TCP"= 6121:TCP:char-server
"6900:TCP"= 6900:TCP:login-server
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [12/21/2007 9:51 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 9:51 AM 468224]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/26/2010 12:13 AM 697328]
.
Contents of the 'Scheduled Tasks' folder
2010-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2010-06-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-01 15:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fmz.qiwa.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*
Yahoo! SearchBar Home Page
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*
Yahoo!
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Mozilla\Firefox\Profiles\mgksfskp.default\
FF - prefs.
js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJPI150_17.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
AddRemove-LimitRO Small Client Installer - d:\myro\uninst.exe
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-20 01:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2010-06-20 01:44:41
ComboFix-quarantined-files.txt 2010-06-19 17:44
Pre-Run: 1,073,954,816 bytes free
Post-Run: 1,445,826,560 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptOut
C:\GRLDR="Start Grub"
- - End Of File - - 183338DAC64156A711C5DA3BE28CCEBE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:03 AM, on 6/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Free Music Zilla Start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
Yahoo!
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\War Chess\Images\stg_drm.ocx
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
--
End of file - 5139 bytes
Dragon Nest Wiki
Eden Eternal Wiki
Rusty Hearts Wiki
Trickster Online Wiki
need help logging in trickster online
Linear Mode
