Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple virus/trojan/malware resides in my computer


  • This topic is locked This topic is locked
5 replies to this topic

#1 harison harison

harison harison

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 25 December 2009 - 02:32 AM

DDS (Ver_09-12-01.01) - NTFSx86
Run by Emil at 14:09:49.90 on Fri 12/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.860 [GMT 7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:WINDOWSsystem32igfxpers.exe
C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
C:Program FilesJavajre6binjusched.exe
svchost.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesKlikBCAcvpnd.exe
C:Program FilesSymantec_Client_SecuritySymantec AntiVirusDefWatch.exe
C:Program Filesfirebirdfirebird_1_5binfbguard.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:Program FilesSymantec_Client_SecuritySymantec AntiVirusRtvscan.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program Filesfirebirdfirebird_1_5binfbserver.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:Program FilesAviraAntiVir Desktopavscan.exe
C:WINDOWSsystem32notepad.exe
C:Documents and SettingsEmilDesktopOperation206(secret)dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://ibc.klikbca.com:8002/sme/login.jsp
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:program filesbearshare applicationsbearshareBearShareIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:program filesadobeacrobat 7.0acrobatAcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.4.4525.1752swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filesadobeacrobat 7.0acrobatAcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:program filesadobeacrobat 7.0acrobatAcroIEFavClient.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [msnmsgr] "c:program fileswindows livemessengermsnmsgr.exe" /background
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
mRun: [igfxtray] c:windowssystem32igfxtray.exe
mRun: [igfxhkcmd] c:windowssystem32hkcmd.exe
mRun: [igfxpers] c:windowssystem32igfxpers.exe
mRun: [vptray] c:progra~1symant~1symant~1vptray.exe
mRun: [IMJPMIG8.1] "c:windowsimeimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:windowssystem32imepintlgntImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:windowssystem32imetintlgntTINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:windowssystem32imetintlgntTINTSETP.EXE /IMEName
mRun: [<NO NAME>]
mRun: [UserFaultCheck] %systemroot%system32dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min
IE: &Clean Traces - f:softwaredapprivacy packagedapcleanerie.htm
IE: &Download with &DAP - f:softwaredapdapextie.htm
IE: Convert link target to Adobe PDF - c:program filesadobeacrobat 7.0acrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:program filesadobeacrobat 7.0acrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:program filesadobeacrobat 7.0acrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:program filesadobeacrobat 7.0acrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:program filesadobeacrobat 7.0acrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:program filesadobeacrobat 7.0acrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:program filesadobeacrobat 7.0acrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:program filesadobeacrobat 7.0acrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Download &all with DAP - f:softwaredapdapextie2.htm
IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:program filesyahoo!messengerYahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:program filesjavajre6binssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246347355765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235536629328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:windowssystem32NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1emilapplic~1mozillafirefoxprofilesgg50ufq8.default
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=
FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpmusicn.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpOGAPlugin.dll
FF - plugin: c:program filesoperaprogrampluginsnpmusicn.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:program filesaviraantivir desktopavgio.sys [2009-12-25 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesaviraantivir desktopsched.exe [2009-12-25 108289]
R2 AntiVirService;Avira AntiVir Guard;c:program filesaviraantivir desktopavguard.exe [2009-12-25 185089]
R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2009-12-25 55656]
R2 CVPNDRV;PT Bank Central Asia, Tbk. IPsec Driver;c:windowssystem32driversCVPNDrv.sys [2008-8-13 267335]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:program filesfirebirdfirebird_1_5binfbguard.exe [2004-2-23 65536]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2009-8-3 55152]
R2 NAVAPEL;NAVAPEL;c:program filessymantec_client_securitysymantec antivirusNavapel.sys [2002-6-19 29184]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:program filessymantec_client_securitysymantec antivirusRtvscan.exe [2002-7-30 573440]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:program filesfirebirdfirebird_1_5binfbserver.exe [2004-2-23 1515599]
R3 NAVAP;NAVAP;c:program filessymantec_client_securitysymantec antivirusNavap.sys [2002-6-19 218112]
R3 NAVENG;NAVENG;c:progra~1common~1symant~1virusd~120091224.002NAVENG.sys [2009-12-25 84912]
R3 NAVEX15;NAVEX15;c:progra~1common~1symant~1virusd~120091224.002NAVEX15.sys [2009-12-25 1323568]
S2 SPARKEY;sparkey driver;c:windowssystem32driverssparkey.sys [2009-6-8 12480]
S3 fsssvc;Windows Live Family Safety;c:program fileswindows livefamily safetyfsssvc.exe [2009-2-6 533360]
S3 GarenaPEngine;GarenaPEngine;??c:docume~1emillocals~1temprfbd.tmp --> c:docume~1emillocals~1tempRFBD.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:windowssystem32gamemon.des -service --> c:windowssystem32GameMon.des -service [?]
S3 rootrepeal;rootrepeal;??c:windowssystem32driversrootrepeal.sys --> c:windowssystem32driversrootrepeal.sys [?]
S3 vsdatant;vsdatant;c:windowssystem32vsdatant.sys [2008-8-13 145800]

=============== Created Last 30 ================

2009-12-25 02:53:11 0 d-----w- c:program filesCCleaner
2009-12-25 02:12:58 55656 ----a-w- c:windowssystem32driversavgntflt.sys
2009-12-25 02:12:53 0 d-----w- c:program filesAvira
2009-12-25 02:12:53 0 d-----w- c:docume~1alluse~1applic~1Avira
2009-12-10 09:16:29 0 d-----w- c:windowssystem32NtmsData

==================== Find3M ====================

2009-10-29 07:45:38 916480 ----a-w- c:windowssystem32wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:windowssystem32strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:windowssystem32httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:windowssystem32oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:windowssystem32rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:windowssystem32raschap.dll
2009-10-10 21:17:27 411368 -c--a-w- c:windowssystem32deploytk.dll
2008-12-10 16:48:58 23 -c--a-w- c:program filesQTW.TPR
2008-12-10 16:48:56 44 -c--a-w- c:program fileslauncher.ini
2008-12-10 16:48:56 1065 -c--a-w- c:program filesTPRTech.INI
2009-07-09 00:32:40 245760 -csha-w- c:windowssystem32configsystemprofileietldcacheindex.dat
2009-07-09 00:32:40 32768 -csha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009070920090710index.dat

============= FINISH: 14:11:01.85 ===============




Avira AntiVir Personal
Report file date: Friday, December 25, 2009 12:36

Scanning for 1473402 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : EMIL

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 04:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 03:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 04:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 03:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:18:05
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 02:18:06
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 02:18:06
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 02:18:07
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 02:18:07
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 02:18:07
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 02:18:08
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 02:18:09
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 02:18:09
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 02:18:10
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 02:18:10
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 02:18:10
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 02:18:32
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 02:18:41
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 02:18:49
VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 02:18:55
VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 02:19:12
VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 02:19:25
VBASE019.VDF : 7.10.2.31 2048 Bytes 12/21/2009 02:19:25
VBASE020.VDF : 7.10.2.32 2048 Bytes 12/21/2009 02:19:26
VBASE021.VDF : 7.10.2.33 2048 Bytes 12/21/2009 02:19:26
VBASE022.VDF : 7.10.2.34 2048 Bytes 12/21/2009 02:19:27
VBASE023.VDF : 7.10.2.35 2048 Bytes 12/21/2009 02:19:27
VBASE024.VDF : 7.10.2.36 2048 Bytes 12/21/2009 02:19:27
VBASE025.VDF : 7.10.2.37 2048 Bytes 12/21/2009 02:19:28
VBASE026.VDF : 7.10.2.38 2048 Bytes 12/21/2009 02:19:28
VBASE027.VDF : 7.10.2.39 2048 Bytes 12/21/2009 02:19:29
VBASE028.VDF : 7.10.2.40 2048 Bytes 12/21/2009 02:19:29
VBASE029.VDF : 7.10.2.41 2048 Bytes 12/21/2009 02:19:29
VBASE030.VDF : 7.10.2.42 2048 Bytes 12/21/2009 02:19:30
VBASE031.VDF : 7.10.2.60 187392 Bytes 12/24/2009 02:19:39
Engineversion : 8.2.1.122
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 00:38:52
AESCRIPT.DLL : 8.1.3.4 586105 Bytes 12/25/2009 02:20:52
AESCN.DLL : 8.1.3.0 127348 Bytes 12/25/2009 02:20:44
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 00:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 12/25/2009 02:20:41
AEPACK.DLL : 8.2.0.3 422261 Bytes 11/8/2009 00:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 00:38:38
AEHEUR.DLL : 8.1.0.189 2195833 Bytes 12/25/2009 02:20:33
AEHELP.DLL : 8.1.9.0 237943 Bytes 12/25/2009 02:19:55
AEGEN.DLL : 8.1.1.82 369014 Bytes 12/25/2009 02:19:50
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 00:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 12/25/2009 02:19:43
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 00:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 01:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 08:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 07:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 03:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 08:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 03:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 08:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 01:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 03:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 08:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 05:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:program filesaviraantivir desktopsysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Friday, December 25, 2009 12:36

Starting search for hidden objects.
'55970' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'fbserver.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'Rtvscan.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'fbguard.exe' - '1' Module(s) have been scanned
Scan process 'DefWatch.exe' - '1' Module(s) have been scanned
Scan process 'cvpnd.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'VPTray.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:'
[INFO] No virus was found!
Boot sector 'D:'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '68' files ).


Starting the file scan:

Begin scan in 'C:' <System Disk >
C:pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mbyvti[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mcrlqbxsz[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mcxiazko[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mczvyuf[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mdkanr[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mdrvudd[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mdwjozb[2].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mfknvwag[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mgtrbw[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mgtrbw[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mhrliftf[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mhzgliqic[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mkbvy[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mlopesvg[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mnytn[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Moenpaka[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mttvk[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mvcjrutb[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Myxlmw[2].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mzmrzmq[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOdwjozb[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOgjofgp[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOgtrbw[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOgtrbw[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOhrliftf[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOhrliftf[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOhrliftf[2].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOpamujq[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOqbziri[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOtttt[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOtzzq[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27akekdjjv[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27cxiazko[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27drvudd[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27dwjozb[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27edlhjd[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27fknvwag[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27fknvwag[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27genrv[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27kbbrtvnp[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27lopesvg[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27nbet[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27pamujq[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27tyid[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27vdwccv[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27wfksfsv[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27wpxohto[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27zmrzmq[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5dkanr[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5edlhjd[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5edlhjd[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5fvhguz[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5gtrbw[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5ptpxfmyd[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5rjfhxu[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5tndwf[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5whvqoaej[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5wpxohto[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:Program FilesACD SystemsACDSee9.0Crack.exe
[DETECTION] Is the TR/Agent.37701.A Trojan
C:Program FilesFitness Dashfitnessdash.exe
[DETECTION] Is the TR/Agent.430080.G Trojan
Begin scan in 'D:' <DATA BANK>

Beginning disinfection:
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mbyvti[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4baa6472.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mcrlqbxsz[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba0646b.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mcxiazko[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b9d6471.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mczvyuf[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4baa6473.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mdkanr[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b956464.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mdrvudd[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4baa646b.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mdwjozb[2].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b9e6470.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mfknvwag[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba26464.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mgtrbw[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba6646d.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mgtrbw[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4d75ebce.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mhrliftf[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba0646c.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mhzgliqic[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b9b6474.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mkbvy[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4baa645c.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mlopesvg[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba46469.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mnytn[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba86473.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Moenpaka[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba2645f.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mttvk[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4baa646e.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mvcjrutb[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b9e645d.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Myxlmw[2].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba06472.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE55OI4EM6Mzmrzmq[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba66467.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOdwjozb[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b9e6471.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOgjofgp[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba36464.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOgtrbw[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba6646e.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOgtrbw[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba6646f.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOhrliftf[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba0646d.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOhrliftf[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4d44684e.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOhrliftf[2].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4d457786.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOpamujq[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba1645c.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOqbziri[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4bae645d.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOtttt[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba8646f.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5GHX6N4ZOtzzq[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4bae6475.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27akekdjjv[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b996466.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27cxiazko[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b9d6473.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27drvudd[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4d462e0f.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27dwjozb[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b9e6473.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27edlhjd[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba06460.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27fknvwag[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba26467.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27fknvwag[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '482d84c8.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27genrv[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba26461.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27kbbrtvnp[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b96645e.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27lopesvg[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba4646b.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27nbet[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b99645e.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27pamujq[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba1645d.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27tyid[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b9d6475.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27vdwccv[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4bab6460.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27wfksfsv[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b9f6462.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27wpxohto[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4bac646c.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5WTQJGD27zmrzmq[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba66469.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5dkanr[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b956467.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5edlhjd[1].bmp
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba06461.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5edlhjd[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '483d21aa.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5fvhguz[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b9c6473.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5gtrbw[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba66471.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5ptpxfmyd[1].png
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4ba46471.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5rjfhxu[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b9a6467.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5tndwf[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4b98646b.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5whvqoaej[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4baa6465.qua'!
C:Documents and SettingsNetworkServiceLocal SettingsTemporary Internet FilesContent.IE5YZQR67C5wpxohto[1].jpg
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4bac646d.qua'!
C:Program FilesACD SystemsACDSee9.0Crack.exe
[DETECTION] Is the TR/Agent.37701.A Trojan
[NOTE] The file was moved to '4b95646f.qua'!
C:Program FilesFitness Dashfitnessdash.exe
[DETECTION] Is the TR/Agent.430080.G Trojan
[NOTE] The file was moved to '4ba86466.qua'!


End of the scan: Friday, December 25, 2009 14:04
Used time: 1:20:39 Hour(s)

The scan has been done completely.

11194 Scanned directories
370441 Files were scanned
60 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
60 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
370380 Files not concerned
2999 Archives were scanned
1 Warnings
61 Notes
55970 Objects were scanned with rootkit scan
0 Hidden objects were found

Above are the dds scan, avira antivir scan and rootrepeal scan results. The computer just running really slow and I installed avira antivir and found 60 viruses. Previously I have symantec corporate installed and still have it in my computer.

The expertise assistance is needed. Thanks :(

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 25 December 2009 - 02:59 AM.


BC AdBot (Login to Remove)

 


#2 harison harison

harison harison
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 25 December 2009 - 03:12 AM

Above are the dds scan, avira antivir scan and rootrepeal scan results. The computer just running really slow and I installed avira antivir and found 60 viruses. Previously I have symantec corporate installed and still have it in my computer.

The expertise assistance is needed. Thanks :(

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 29 December 2009 - 08:20 PM.


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,419 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 05 January 2010 - 07:06 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#4 harison harison

harison harison
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 06 January 2010 - 12:57 PM

Hi Etavares,

I understand what is your position. Thanks for getting back on me after all. I have problem/s that my computer was running slow. I have tried couple of things to improve performance only to increase my small mount. Then I decided to replace my old norton with avira antivir and found 61 viruses/trojans/malwares in my computer. I have since repair them all. I have also installed the new version of java. This is all I have done so far.

Thanks,
Harison
_______________________________________________________________________________________________________________________________

DDS (Ver_09-12-01.01) - NTFSx86
Run by Emil at 0:46:09.92 on Thu 01/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1034 [GMT 7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\KlikBCA\cvpnd.exe
C:\Program Files\firebird\firebird_1_5\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\firebird\firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\csrcs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emil\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://ibc.klikbca.com:8002/sme/login.jsp
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Shell=Explorer.exe csrcs.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunServices: [csrcs] c:\windows\system32\csrcs.exe
mExplorerRun: [csrcs] c:\windows\system32\csrcs.exe
IE: &Clean Traces - f:\software\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - f:\software\dap\dapextie.htm
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download &all with DAP - f:\software\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246347355765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235536629328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\emil\applic~1\mozilla\firefox\profiles\gg50ufq8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\npmusicn.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-25 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-25 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-25 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-25 56816]
R2 CVPNDRV;PT Bank Central Asia, Tbk. IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2008-8-13 267335]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbguard.exe [2004-2-23 65536]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-3 54752]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbserver.exe [2004-2-23 1515599]
S2 SPARKEY;sparkey driver;c:\windows\system32\drivers\sparkey.sys [2009-6-8 12480]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\emil\locals~1\temp\rfbd.tmp --> c:\docume~1\emil\locals~1\temp\RFBD.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-8-13 145800]

=============== Created Last 30 ================

2010-01-06 08:03:04 3244 ----a-w- c:\windows\system32\wbem\Outlook_01ca8ea6acafec6a.mof
2010-01-04 08:21:54 0 --sha-r- C:\khw
2009-12-29 04:31:15 937 --shatr- c:\windows\system32\autorun.in
2009-12-29 04:31:15 603 --shatr- c:\windows\system32\autorun.i
2009-12-26 01:44:26 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-25 17:31:54 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-12-25 02:53:11 0 d-----w- c:\program files\CCleaner
2009-12-25 02:12:58 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-25 02:12:53 0 d-----w- c:\program files\Avira
2009-12-25 02:12:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-12-10 09:16:29 0 d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2010-01-05 06:58:27 207468 ----a-w- c:\windows\fonts\AdobeFnt09.lst
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-10 21:17:27 411368 -c--a-w- c:\windows\system32\deploytk.dll
2008-12-10 16:48:58 23 -c--a-w- c:\program files\QTW.TPR
2008-12-10 16:48:56 44 -c--a-w- c:\program files\launcher.ini
2008-12-10 16:48:56 1065 -c--a-w- c:\program files\TPRTech.INI
2008-04-14 08:20:49 808546 --sha-r- c:\windows\system32\csrcs.exe
2009-07-09 00:32:40 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-07-09 00:32:40 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009070920090710\index.dat

============= FINISH: 0:46:46.79 ===============

Attached Files



#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:59 AM

Posted 06 January 2010 - 10:53 PM

Hello Harison,

My name is Syler and I will be helping you to solve your Malware issues.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Then please post back here with the following logs:
  • MBAM log
  • log.txt
  • info.txt
Thanks
Posted Image
If I have helped you, and you would like to make a donation to me, click here

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:59 AM

Posted 11 January 2010 - 09:21 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
If I have helped you, and you would like to make a donation to me, click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users