Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Trojan-gen


  • This topic is locked This topic is locked
16 replies to this topic

#1 DottieR

DottieR

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 03 January 2009 - 09:41 PM

All my antivirus programs show no infections. But while Clamwin antivirus is running an Avast window comes up with this info -

Win32:Trojan-gen {Other}
C:\docume~1\me67e5~1.dor\locals~1\temp\clamav-062b9cdb73c

090102-0, 01/02/2009

From Event Viewer -

Sign of "Win32:Trojan-gen {Other}" has been found in "C:\docume~1\me67e5~1.dor\locals~1\temp\clamav-ac3398939e16142c8f3d709055c3e8c3.00000468.clamtmp" file.


I clicked on "move to virus chest" which was recommended, but it keeps coming up. Then Clamwin continues to run and gives a no infection message when done.
Browser seems slow, I think.

Thanks,
Dorothy


DDS (Version 1.1.0) - FAT32x86
Run by Me at 19:25:20.89 on Sat 01/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.72 [GMT -7:00]

AV: avast! antivirus 4.8.1296 [VPS 090103-1] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lunabar\Lunabar.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Me.DOROTHY\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://mail.google.com/mail/?ui=1
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PhoneTray] c:\program files\traysoft\phonetray\PhoneTray.exe
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\me67e5~1.dor\startm~1\programs\startup\lunaba~1.lnk - c:\program files\lunabar\Lunabar.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\www.update
TCP: {E5EC226A-5490-4C76-B19C-B80092C7B7C5} = 67.211.172.29 67.211.172.30
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me67e5~1.dor\nethood\applic~1\mozilla\firefox\profiles\j566hkka.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?ui=1
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=
FF - plugin: c:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

ATTENTION: FIREFOX POLICES IS IN FORCE

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-12 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-12 352920]
R3 PhoneTrayDriver;PhoneTrayDriver;c:\windows\system32\drivers\ptdrv.sys [2007-12-20 30032]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-12 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-12 155160]
R4 CSIScanner;CSIScanner;c:\program files\prevxcsi\prevxcsi.exe [2009-1-2 927288]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S?4 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2009-1-2 26808]
S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2006-12-18 12128]
S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [2006-12-18 17700]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
S3 VQ21FIL;ViewQuest USB Filter Driver (FILTER);c:\windows\system32\drivers\VQ2101XP.SYS [2006-12-14 5593]
S4 PV8630;PV8630 WDM Device Driver;System\PV8630.sys --> System\PV8630.sys [?]
S4 Symantec Core LC;Symantec Core LC; [x]
S4 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2006-12-18 76260]

=============== Created Last 30 ================

2009-01-03 15:28 262,144 a------- C:\ntuser.dat
2009-01-03 13:39 <DIR> --d----- c:\program files\Free Window Registry Repair
2009-01-03 09:26 344,064 a------- c:\windows\system32\msvcr70.dll
2009-01-03 09:26 487,424 a------- c:\windows\system32\msvcp70.dll
2009-01-03 09:26 974,848 a------- c:\windows\system32\mfc70.dll
2009-01-03 09:26 <DIR> --d----- c:\program files\AML Products
2009-01-03 07:38 <DIR> --d----- c:\program files\RegSeeker
2009-01-02 21:52 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-01-02 21:48 67,638 a------- c:\windows\HVDWALL.BMP
2009-01-02 21:48 <DIR> --d----- c:\program files\HoverDesk
2009-01-02 17:59 26,808 a------- c:\windows\system32\drivers\pxark.sys
2009-01-02 17:59 <DIR> --d----- c:\program files\PrevxCSI
2009-01-01 12:10 <DIR> --d----- C:\Brute Force Uninstaller
2008-12-30 15:21 <DIR> --d----- c:\docume~1\me67e5~1.dor\nethood\applic~1\OpenOffice.org
2008-12-30 15:19 <DIR> --d----- c:\docume~1\me67e5~1.dor\nethood\applic~1\.clamwin
2008-12-30 15:19 <DIR> --d----- c:\program files\ClamWin
2008-12-30 15:19 <DIR> --d----- c:\documents and settings\all users\.clamwin
2008-12-30 15:06 <DIR> --d----- c:\program files\JRE
2008-12-30 15:06 <DIR> --d----- c:\program files\OpenOffice.org 3
2008-12-26 10:04 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-26 10:04 1,409 a------- c:\windows\QTFont.for
2008-12-25 19:35 <DIR> --d----- c:\program files\VideoLAN
2008-12-25 16:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Babylon
2008-12-25 16:36 <DIR> --d----- c:\docume~1\me67e5~1.dor\nethood\applic~1\Babylon
2008-12-25 15:20 <DIR> --d----- c:\program files\AskBarDis
2008-12-25 15:20 <DIR> --d----- c:\program files\Foxit Software
2008-12-25 15:20 <DIR> --d----- c:\docume~1\me67e5~1.dor\nethood\applic~1\Foxit
2008-12-24 13:36 <DIR> --d----- c:\program files\Traysoft
2008-12-13 10:33 <DIR> --d----- C:\Sun
2008-12-12 13:55 <DIR> --d----- c:\program files\PrevxCSI (registry check)
2008-12-12 13:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2008-12-12 13:55 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\~0
2008-12-12 13:22 <DIR> --d----- c:\docume~1\me67e5~1.dor\nethood\applic~1\Uniblue
2008-12-12 12:12 <DIR> --d----- c:\program files\Uniblue

==================== Find3M ====================

2008-12-12 23:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-03 19:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 19:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-24 23:32 2,051,465 a------- c:\program files\SmitfraudFix.cmd
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-07 16:45 2,174,976 a------- c:\windows\system32\dllcache\WMVCore.dll
2008-11-03 08:20 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-24 04:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 05:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 05:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 06:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 06:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 09:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 00:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 00:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-08-02 12:40 1,012,800 a------- c:\program files\Google Updater.exe
2008-05-07 09:03 4,098,010 a------- c:\program files\lunabar6.zip
2007-07-31 17:50 23,402,288 a------- c:\program files\AdbeRdr810_en_US.exe
2007-07-31 11:32 20,539,017 a------- c:\program files\AdbeRdr810_en_US.exe.part
2007-07-30 15:14 15,505,200 a------- c:\program files\IE7-WindowsXP-x86-enu.exe
2007-07-06 10:47 422 a------- c:\program files\Shortcut to Internet Explorer.lnk
2006-08-10 21:24 16,706,160 a------- c:\program files\AdbeRdr60_enu_full.exe
2006-07-29 21:10 266 ---sh--- c:\program files\desktop.ini
2006-07-29 21:10 11,079 ----h--- c:\program files\folder.htt

============= FINISH: 19:26:24.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 16 January 2009 - 08:08 AM

Hello DottieR

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 16 January 2009 - 03:37 PM

I only got one file.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Me at 2009-01-16 13:27:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (42%) free of 19 GB
Total RAM: 512 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:42, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lunabar\Lunabar.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Me.DOROTHY\Desktop\RSIT.exe
C:\Program Files\trend micro\HijackThis\Me.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?ui=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185235554345
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Me.DOROTHY\My Documents\My Pictures\NASA\globe_west_540.jpg

--
End of file - 6467 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\avast! Antivirus.job
C:\WINDOWS\tasks\Windows Defender.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-21 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-29 196608]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"PhoneTray"=C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe [2008-03-18 845824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2003-07-15 34880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\OPLIMIT\ocraware.exe [1996-11-11 51216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-08-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2005-11-04 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [1999-09-04 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2006-12-17 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UMAX VistaAccess.lnk]
C:\Vstascan\vsaccess.exe [2000-01-06 159232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Me.DOROTHY^Start Menu^Programs^Startup^UMAX VistaAccess.lnk]
C:\VSTASCAN\vsaccess.exe [2000-01-06 159232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2

C:\Documents and Settings\Me.DOROTHY\Start Menu\Programs\Startup
Lunabar Taskbar Icon.lnk - C:\Program Files\Lunabar\Lunabar.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-01-16 11:57:01 ----A---- C:\WINDOWS\ModemLog_PCI Soft Voice SoftRing Modem.txt
2009-01-16 11:53:22 ----RA---- C:\WINDOWS\system32\Uci32114.dll
2009-01-16 11:52:53 ----D---- C:\WINDOWS\LastGood
2009-01-15 07:14:10 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-13 20:18:25 ----D---- C:\Documents and Settings\Me.DOROTHY\NetHood\Application Data\Mozilla
2009-01-13 18:42:14 ----A---- C:\WINDOWS\imsins.BAK
2009-01-13 18:42:09 ----HD---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-13 17:33:08 ----A---- C:\Program Files\Firefox Setup 3.0.5.exe
2009-01-03 13:39:23 ----D---- C:\Program Files\Free Window Registry Repair
2009-01-03 09:26:33 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-01-03 09:26:32 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-01-03 09:26:31 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-01-03 09:26:30 ----D---- C:\Program Files\AML Products
2009-01-03 07:38:55 ----D---- C:\Program Files\RegSeeker
2009-01-02 21:52:13 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2009-01-02 21:48:28 ----D---- C:\Program Files\HoverDesk
2009-01-01 12:10:46 ----D---- C:\Brute Force Uninstaller
2008-12-30 15:21:01 ----D---- C:\Documents and Settings\Me.DOROTHY\NetHood\Application Data\OpenOffice.org
2008-12-30 15:06:46 ----D---- C:\Program Files\JRE
2008-12-30 15:06:38 ----D---- C:\Program Files\OpenOffice.org 3
2008-12-30 15:05:52 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-30 15:05:52 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-30 15:05:52 ----A---- C:\WINDOWS\system32\java.exe
2008-12-30 15:04:48 ----D---- C:\Program Files\Common Files\Java
2008-12-27 15:25:26 ----D---- C:\Documents and Settings\Me.DOROTHY\NetHood\Application Data\dvdcss
2008-12-25 19:36:28 ----D---- C:\Documents and Settings\Me.DOROTHY\NetHood\Application Data\vlc
2008-12-25 19:35:03 ----D---- C:\Program Files\VideoLAN
2008-12-25 16:36:57 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2008-12-25 16:36:56 ----D---- C:\Documents and Settings\Me.DOROTHY\NetHood\Application Data\Babylon
2008-12-25 15:20:16 ----D---- C:\Program Files\AskBarDis
2008-12-25 15:20:02 ----D---- C:\Program Files\Foxit Software
2008-12-25 15:20:02 ----D---- C:\Documents and Settings\Me.DOROTHY\NetHood\Application Data\Foxit
2008-12-24 13:36:52 ----D---- C:\Program Files\Traysoft

======List of files/folders modified in the last 1 months======

2009-01-16 11:08:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-16 09:41:58 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2009-01-15 21:41:02 ----SH---- C:\boot.ini
2009-01-15 21:41:02 ----A---- C:\WINDOWS\win.ini
2009-01-15 21:41:02 ----A---- C:\WINDOWS\system.ini
2009-01-14 15:56:42 ----A---- C:\WINDOWS\solfire5.ini
2009-01-09 18:35:28 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\WINDOWS\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2006-11-08 258048]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 PhoneTrayDriver;PhoneTrayDriver; C:\WINDOWS\System32\Drivers\ptdrv.sys [2007-12-20 30032]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]
S1 AEC671X;AEC671X; C:\WINDOWS\System32\drivers\AEC671X.SYS [1998-05-05 12128]
S1 DMX3191;DMX3191; C:\WINDOWS\System32\drivers\DMX3191.SYS [1999-02-23 17700]
S2 PV8630;PV8630 WDM Device Driver; C:\WINDOWS\System\PV8630.sys [2001-02-18 17284]
S2 UDNT;UDNT; C:\WINDOWS\system32\drivers\UDNT.sys [1998-09-18 76260]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-22 21744]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-03-16 221440]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VQ21FIL;ViewQuest USB Filter Driver (FILTER); C:\WINDOWS\system32\DRIVERS\VQ2101XP.SYS [2002-07-26 5593]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-21 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S2 XAudioService;XAudioService; C:\WINDOWS\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]

-----------------EOF-----------------

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 16 January 2009 - 06:56 PM

Win32:Trojan-gen {Other}
C:\docume~1\me67e5~1.dor\locals~1\temp\clamav-062b9cdb73c

These detections by Avast are false positives they are files related to clam Antivirus.
============
I recommend removing clam antivirus.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 16 January 2009 - 08:46 PM

I have already uninstalled Clamwin antivirus. I already have Malware AM and it never finds anything. Guess I just had too many antivirus programs. Dumped Previx CSI also.

Thanks,
Dorothy

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 17 January 2009 - 08:28 AM

That is it precisely :)
AVast actually commonly finds othe antivirus software files to be malicious.
It is not uncommon to get false positives when running too many protection programs.

Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

Edited by kahdah, 17 January 2009 - 08:29 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 17 January 2009 - 11:14 AM

I am running Avast.
I now have Super AntiSpyware free Ed and Spyware Blaster running.
I also have Spybot S&D, Malwarebytes AM and Ad-Aware.

If I need to delete any of these, Please, let me know.
I will say that since I have been running SAS and SB, Ad-Aware does not find much.

Also I replaced the modem. But the old one kept making dirty bits. The disk is clean not, but I still cannot defrag it. I get a message, "disk defrag could not start".

I am looking at the system restore info. Not sure why I need to do that. What will I loose?

Dorothy

#8 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 17 January 2009 - 11:24 AM

Should I eliminate Avast and just use Spybot since you are recommending it?
Do I need to add Spyguard with what I already have?
You people tell me to add this stuff, not you personally, then say I have too much.

Someone said to uninstall and reload FireFox. I have not been able to reload my favorites. The instructions from FireFix help are not getting me anywhere. I don't find the files they need. I saved them to a stick.

Dorothy

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 18 January 2009 - 09:49 AM

2 antivirus programs are always too much.
Leave avast get rid of Superantispyware.
Uninstall Spybot S&D leave Malwarebytes.


Here are proper instructions for uninstalling and re-installing Firefox:
http://kb.mozillazine.org/Uninstalling_Firefox

Copy them from your flash drive to the correct location on your computer.

AFter that you are good to go.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 18 January 2009 - 12:10 PM

Got it all. Thanks. Now I just need to get my defragger working, but this is probably not the right forum.

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 18 January 2009 - 05:42 PM

Hi this should fix the Disk defragmenter issue:

Click Start, Run and type:

rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\dfrg.inf

then hit Ok.

Then reboot and try to run disk defragmenter again.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 18 January 2009 - 07:28 PM

Awww... Didn't work. Could it be a permission thing? A while back I got a message from something, don't remember what that, I was not authorized to do whatever, then it went ahead and did it anyway. I cleared the passwords in setup, don't know how to check the windows stuff.
I did have a bad modem which was making dirty bits and has been replaced, but I ran check disk and now it is clean.

Dorothy

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 18 January 2009 - 09:19 PM

Ok well then I recommend using a third party utility to defrag:

These are some that are good:
http://www.auslogics.com/disk-defrag
http://www.kessels.com/JkDefrag/
http://majorgeeks.com/download.php?det=1207

Let me know if that helps and we will wrap this thread up.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 18 January 2009 - 09:34 PM

I am on a modem. There must be a better solution than going online to defrag. It was working fine up to a week or two ago.

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 18 January 2009 - 09:35 PM

Those are programs you do not have to go online other than to download them.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users