Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware resides in my computer


  • Please log in to reply
22 replies to this topic

#1 harison harison

harison harison

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 06 August 2009 - 06:17 PM

When my computer starts a message pops up saying: Windows can not find 'C\WINDOWS\system32\drivers\ntndis.exe'. Make sure you typed the name correctly and try again. I have tried to run the registry editor and couldn't find 'C\WINDOWS\system32\drivers\ntndis.exe' destination.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Harison Harison at 0:48:56.34 on 07/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1188 [GMT 10:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\QUT VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Sheer Notes\sheernotes.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harison Harison\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Shell=Explorer.exe c:\windows\system32\drivers\ntndis.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Sheer Notes] c:\program files\sheer notes\sheernotes.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec

shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
dRunOnce: [<NO NAME>]
mExplorerRun: [Explorer] .vbs
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-15 55152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-28 1251720]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon --> c:\program files\common files\symantec shared\ccSvcHst.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon --> c:\program files\common files\symantec shared\ccSvcHst.exe [?]
S2 ntndis;ntndis;c:\windows\system32\drivers\ntndis.sys []
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-7 61952]
S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2007-10-6 133504]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2009-08-03 21:29 <DIR> --d----- c:\docume~1\hariso~1\applic~1\Blackberry Desktop
2009-08-03 21:27 256 a------- c:\windows\system32\pool.bin
2009-08-03 21:27 <DIR> --d----- c:\docume~1\hariso~1\applic~1\Research In Motion
2009-08-03 21:14 <DIR> --d----- c:\program files\Roxio
2009-08-03 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Research In Motion
2009-08-03 21:12 27,136 a----r-- c:\windows\system32\drivers\RimSerial.sys
2009-08-03 21:11 <DIR> --d----- c:\program files\common files\Research In Motion
2009-08-03 21:11 <DIR> --d----- c:\program files\Research In Motion
2009-08-03 19:29 <DIR> --d-h--- C:\autorun.inf
2009-08-03 18:43 <DIR> --d----- c:\program files\BitTorrent
2009-08-03 18:27 <DIR> --d----- c:\program files\Xobni
2009-08-03 18:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-08-03 18:26 <DIR> --d----- c:\docume~1\hariso~1\applic~1\Azureus
2009-08-03 18:17 33,280 a------- c:\windows\system32\octqk.exe
2009-08-03 18:17 33,280 ----h--- c:\documents and settings\harison harison\rlp.exe
2009-08-03 18:16 10 a------- c:\windows\system32\kr_done1
2009-08-03 18:14 <DIR> --d----- C:\tmp
2009-08-03 18:14 <DIR> --d----- C:\output
2009-08-03 18:14 <DIR> --d----- c:\docume~1\hariso~1\applic~1\YCanPDF
2009-08-03 16:00 664 a------- c:\windows\system32\d3d9caps.dat
2009-08-02 21:49 <DIR> --dsh--- c:\documents and settings\harison harison\IECompatCache
2009-08-02 21:44 <DIR> --dsh--- c:\documents and settings\harison harison\PrivacIE
2009-08-02 11:21 <DIR> --dsh--- c:\documents and settings\harison harison\IETldCache
2009-08-02 09:48 <DIR> --d----- c:\docume~1\hariso~1\applic~1\Camfrog
2009-08-02 09:47 <DIR> --d----- c:\program files\Camfrog
2009-08-02 09:21 <DIR> --d----- c:\docume~1\hariso~1\applic~1\Thinstall
2009-08-02 08:57 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-02 08:57 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-02 08:57 <DIR> --d----- c:\windows\ie8updates
2009-08-02 08:55 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-08-02 08:52 <DIR> -cd-h--- c:\windows\ie8
2009-08-02 08:32 <DIR> --d----- c:\program files\Miracle Technology
2009-08-02 08:26 <DIR> --d----- C:\PDFZilla
2009-07-28 02:14 116,841 a------- c:\windows\hpqins00.dat
2009-07-20 13:38 <DIR> --d----- c:\program files\iPod
2009-07-20 13:38 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-08-03 18:17 15,872 a------- c:\windows\system32\drivers\beep.sys
2009-07-19 23:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-04 03:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-04 03:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-04 03:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-04 03:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-04 03:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-04 03:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-04 03:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-04 03:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-04 03:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-04 03:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 21:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-03 01:05 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-06-30 02:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 21:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-17 00:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-17 00:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-17 00:36 81,920 -------- c:\windows\system32\fontsub.dll
2009-06-17 00:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-04 05:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-04 05:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-15 13:41 410,984 a------- c:\windows\system32\deploytk.dll
2008-04-21 22:46 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2009-08-30 22:35 245,760 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 0:49:50.67 ===============

____________________________________________________________________________________________________________________________________________________

I also did a panda scan, here's the result

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-07 09:08:21
PROTECTIONS: 0
MALWARE: 27
SUSPECTS: 7
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@mediaplex[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@bs.serving-sys[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[.adtech.de/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@statse.webtrendslive[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@questionmarket[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison_harison@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\f6b6de53.default\cookies.txt[.go.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Harison Harison\Cookies\harison harison@atwola[2].txt
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
00433807 Bck/Radmin.AN Virus/Trojan No 1 Yes No C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32
00450614 Adware/2Search Adware No 0 No No C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe[PPCToolbar.dll]
00519366 W32/Sdbot.JEE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP256\A0050757.sys
00519366 W32/Sdbot.JEE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP254\A0050439.sys
00519366 W32/Sdbot.JEE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0049446.sys
00519366 W32/Sdbot.JEE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP254\A0050556.sys
00519366 W32/Sdbot.JEE.worm Virus/Worm Yes 2 Yes No C:\WINDOWS\system32\drivers\ntndis.sys
00519366 W32/Sdbot.JEE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP254\A0050456.sys
00519366 W32/Sdbot.JEE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP256\A0050644.sys
00519366 W32/Sdbot.JEE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048446.sys
01535212 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Harison Harison\Local Settings\Temp\hjshdpuu.exe
01928643 Bck/Bifrose.AKL Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP256\A0050637.exe
01928643 Bck/Bifrose.AKL Virus/Trojan No 1 Yes No C:\Documents and Settings\Harison Harison\Local Settings\Temp\ni.exe
01928643 Bck/Bifrose.AKL Virus/Trojan No 1 Yes No C:\Documents and Settings\Harison Harison\Desktop\Perfect Optimizer 4.0.12.25 Portable\Perfect Optimizer.exe
01928643 Bck/Bifrose.AKL Virus/Trojan No 1 Yes No C:\Documents and Settings\Harison Harison\Local Settings\Temp\crypted.exe
01928643 Bck/Bifrose.AKL Virus/Trojan No 1 Yes No C:\WINDOWS\system32\drivers\ntndis.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP236\A0041356.dll
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Harison Harison\Temporary Internet Files\Content.IE5\OJLI3KKR\Keygen.PDFZilla.v1.2.0[1].exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP252\A0050295.exe
05214377 W32/AutoRun.DJ.worm Virus/Trojan No 1 Yes No C:\Documents and Settings\Harison Harison\Desktop\TOMTOM2\information.vbs
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP236\A0041358.exe
No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP248\A0048133.msi[unk_0071][perfectoptimizer.exe1]
No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP248\A0048133.msi[unk_0071][winupdate.exe1]
No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048155.rbf
No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048226.rbf
No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP252\A0050298.exe
No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP254\A0050493.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:47 AM

Posted 08 August 2009 - 06:50 PM

Hello harison harison,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..

I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed !
This is somewhat suicidal in today's digital world. :thumbup2:
That's why I want you to install one first!!

Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus :!:

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThis log.

Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirus scan is not present which should be able to deal with most and prevent further reinfection.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 harison harison

harison harison
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 09 August 2009 - 06:32 AM

When my computer starts a message pops up saying: Windows can not find 'C\WINDOWS\system32\drivers\ntndis.exe'. Make sure you typed the name correctly and try again. I have tried to run the registry editor and couldn't find 'C\WINDOWS\system32\drivers\ntndis.exe' destination.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Harison Harison at 21:29:35.95 on 09/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1258 [GMT 10:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\QUT VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Sheer Notes\sheernotes.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harison Harison\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Shell=Explorer.exe c:\windows\system32\drivers\ntndis.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Sheer Notes] c:\program files\sheer notes\sheernotes.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [<NO NAME>]
mExplorerRun: [Explorer] .vbs
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hariso~1\applic~1\mozilla\firefox\profiles\lb42dxgn.default\
FF - plugin: c:\documents and settings\harison harison\application data\mozilla\firefox\profiles\lb42dxgn.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\harison harison\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-30 28544]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-9 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-9 108289]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-9 55656]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-15 55152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-28 1251720]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-9 185089]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon --> c:\program files\common files\symantec shared\ccSvcHst.exe [?]
S2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon --> c:\program files\common files\symantec shared\ccSvcHst.exe [?]
S2 ntndis;ntndis;c:\windows\system32\drivers\ntndis.sys []
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-7 61952]
S3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2007-10-6 133504]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2009-08-09 10:36 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-09 10:36 <DIR> --d----- c:\program files\Avira
2009-08-09 10:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-08 11:12 <DIR> --d----- c:\docume~1\hariso~1\applic~1\BitTorrent
2009-08-03 21:29 <DIR> --d----- c:\docume~1\hariso~1\applic~1\Blackberry Desktop
2009-08-03 21:27 256 a------- c:\windows\system32\pool.bin
2009-08-03 21:27 <DIR> --d----- c:\docume~1\hariso~1\applic~1\Research In Motion
2009-08-03 21:14 <DIR> --d----- c:\program files\Roxio
2009-08-03 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Research In Motion
2009-08-03 21:12 27,136 a----r-- c:\windows\system32\drivers\RimSerial.sys
2009-08-03 21:11 <DIR> --d----- c:\program files\common files\Research In Motion
2009-08-03 21:11 <DIR> --d----- c:\program files\Research In Motion
2009-08-03 19:29 <DIR> --d-h--- C:\autorun.inf
2009-08-03 18:43 <DIR> --d----- c:\program files\BitTorrent
2009-08-03 18:27 <DIR> --d----- c:\program files\Xobni
2009-08-03 18:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-08-03 18:26 <DIR> --d----- c:\docume~1\hariso~1\applic~1\Azureus
2009-08-03 18:16 10 a------- c:\windows\system32\kr_done1
2009-08-03 18:14 <DIR> --d----- C:\tmp
2009-08-03 18:14 <DIR> --d----- C:\output
2009-08-03 18:14 <DIR> --d----- c:\docume~1\hariso~1\applic~1\YCanPDF
2009-08-03 16:00 664 a------- c:\windows\system32\d3d9caps.dat
2009-08-02 21:49 <DIR> --dsh--- c:\documents and settings\harison harison\IECompatCache
2009-08-02 21:44 <DIR> --dsh--- c:\documents and settings\harison harison\PrivacIE
2009-08-02 11:21 <DIR> --dsh--- c:\documents and settings\harison harison\IETldCache
2009-08-02 09:48 <DIR> --d----- c:\docume~1\hariso~1\applic~1\Camfrog
2009-08-02 09:47 <DIR> --d----- c:\program files\Camfrog
2009-08-02 09:21 <DIR> --d----- c:\docume~1\hariso~1\applic~1\Thinstall
2009-08-02 08:57 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-02 08:57 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-02 08:57 <DIR> --d----- c:\windows\ie8updates
2009-08-02 08:55 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-08-02 08:52 <DIR> -cd-h--- c:\windows\ie8
2009-08-02 08:32 <DIR> --d----- c:\program files\Miracle Technology
2009-07-28 02:14 116,841 a------- c:\windows\hpqins00.dat
2009-07-20 13:38 <DIR> --d----- c:\program files\iPod
2009-07-20 13:38 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-08-03 18:17 15,872 a------- c:\windows\system32\drivers\beep.sys
2009-07-19 23:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-04 03:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-04 03:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-04 03:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-04 03:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-04 03:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-04 03:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-04 03:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-04 03:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-04 03:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-04 03:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 21:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-03 01:05 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-06-30 02:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 21:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-17 00:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-17 00:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-17 00:36 81,920 -------- c:\windows\system32\fontsub.dll
2009-06-17 00:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-04 05:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-04 05:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-15 13:41 410,984 a------- c:\windows\system32\deploytk.dll
2008-04-21 22:46 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 21:30:25.25 ===============



Avira AntiVir Personal
Report file date: 09 August 2009 10:43

Scanning for 1618860 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HARISON

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 04:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 01:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 02:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 01:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 03:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 00:21:42
ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 8/3/2009 00:40:43
ANTIVIR3.VDF : 7.1.5.85 445952 Bytes 8/7/2009 00:40:53
Engineversion : 8.2.0.248
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 04:31:50
AESCRIPT.DLL : 8.1.2.23 455033 Bytes 8/9/2009 00:41:22
AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 00:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 00:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 04:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 00:59:39
AEHEUR.DLL : 8.1.0.154 1917302 Bytes 8/9/2009 00:41:17
AEHELP.DLL : 8.1.5.3 233846 Bytes 7/23/2009 00:59:39
AEGEN.DLL : 8.1.1.55 356723 Bytes 8/9/2009 00:40:58
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 05:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 00:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 05:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/11/2008 23:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 01:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 05:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 01:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 06:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 01:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 06:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/1/2009 23:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 01:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 06:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 01:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 09 August 2009 10:43

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVCM.EXE' - '1' Module(s) have been scanned
Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'cvpnd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'HPWebcam.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RIMAutoUpdate.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'LBTWiz.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'sheernotes.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LBTServ.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
84 processes with 84 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '89' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Harison Harison\rlp.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\Harison Harison\Desktop\Perfect Optimizer 4.0.12.25 Portable\Perfect Optimizer.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\Harison Harison\Desktop\TOMTOM2\autorun.inf
[DETECTION] Is the TR/TPT.A Trojan
C:\Documents and Settings\Harison Harison\Desktop\TOMTOM2\information.vbs
[DETECTION] Contains recognition pattern of the WORM/Autorun.AK.1 worm
C:\Documents and Settings\Harison Harison\Local Settings\Temp\hjshdpuu.exe
[DETECTION] Contains recognition pattern of the RKIT/Agent.15872.1 root kit
C:\Documents and Settings\Harison Harison\Local Settings\Temp\ni.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\Harison Harison\Temporary Internet Files\Content.IE5\OJLI3KKR\Keygen.PDFZilla.v1.2.0[1].exe
[DETECTION] Is the TR/Proxy.Agent.BBQ.27 Trojan
C:\Program Files\Adobe\Adobe Illustrator CS\Templates\Restaurant\Restaurant 1 Wine List.ait
[DETECTION] Contains recognition pattern of the HTML/Malicious.PDF.Gen HTML script virus
C:\Program Files\Adobe\Adobe Illustrator CS\Templates-en_US-back\Restaurant\Restaurant 1 Wine List.ait
[DETECTION] Contains recognition pattern of the HTML/Malicious.PDF.Gen HTML script virus
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048446.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0049446.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP252\A0050295.exe
[DETECTION] Is the TR/Proxy.Agent.BBQ.27 Trojan
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP252\A0050298.exe
[DETECTION] Contains recognition pattern of the DR/Click.VBiframe.RW dropper
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP254\A0050439.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP254\A0050456.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP254\A0050556.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP256\A0050644.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP256\A0050757.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP257\A0050843.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
C:\WINDOWS\system32\.uce
[DETECTION] Is the TR/TPT.A Trojan
C:\WINDOWS\system32\octqk.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\Documents and Settings\Harison Harison\rlp.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4aeeacca.qua'!
C:\Documents and Settings\Harison Harison\Desktop\Perfect Optimizer 4.0.12.25 Portable\Perfect Optimizer.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4af0acc3.qua'!
C:\Documents and Settings\Harison Harison\Desktop\TOMTOM2\autorun.inf
[DETECTION] Is the TR/TPT.A Trojan
[NOTE] The file was moved to '4af2acd4.qua'!
C:\Documents and Settings\Harison Harison\Desktop\TOMTOM2\information.vbs
[DETECTION] Contains recognition pattern of the WORM/Autorun.AK.1 worm
[NOTE] The file was moved to '4ae4accd.qua'!
C:\Documents and Settings\Harison Harison\Local Settings\Temp\hjshdpuu.exe
[DETECTION] Contains recognition pattern of the RKIT/Agent.15872.1 root kit
[NOTE] The file was moved to '4af1acc9.qua'!
C:\Documents and Settings\Harison Harison\Local Settings\Temp\ni.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4aacacc8.qua'!
C:\Documents and Settings\Harison Harison\Temporary Internet Files\Content.IE5\OJLI3KKR\Keygen.PDFZilla.v1.2.0[1].exe
[DETECTION] Is the TR/Proxy.Agent.BBQ.27 Trojan
[NOTE] The file was moved to '4af7acc4.qua'!
C:\Program Files\Adobe\Adobe Illustrator CS\Templates\Restaurant\Restaurant 1 Wine List.ait
[DETECTION] Contains recognition pattern of the HTML/Malicious.PDF.Gen HTML script virus
[NOTE] The file was moved to '4af1acc4.qua'!
C:\Program Files\Adobe\Adobe Illustrator CS\Templates-en_US-back\Restaurant\Restaurant 1 Wine List.ait
[DETECTION] Contains recognition pattern of the HTML/Malicious.PDF.Gen HTML script virus
[NOTE] The file was moved to '4af1acc5.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048446.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
[NOTE] The file was moved to '4aaeac91.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0049446.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
[NOTE] The file was moved to '4912fcfa.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP252\A0050295.exe
[DETECTION] Is the TR/Proxy.Agent.BBQ.27 Trojan
[NOTE] The file was moved to '49198512.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP252\A0050298.exe
[DETECTION] Contains recognition pattern of the DR/Click.VBiframe.RW dropper
[NOTE] The file was moved to '4f68ddd2.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP254\A0050439.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
[NOTE] The file was moved to '4aaeac93.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP254\A0050456.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
[NOTE] The file was moved to '4f64357c.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP254\A0050556.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
[NOTE] The file was moved to '4f6fe6cc.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP256\A0050644.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
[NOTE] The file was moved to '4f616c44.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP256\A0050757.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
[NOTE] The file was moved to '4f650d24.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP257\A0050843.sys
[DETECTION] Contains recognition pattern of the WORM/ForBot.31916.A worm
[NOTE] The file was moved to '4aaeac94.qua'!
C:\WINDOWS\system32\.uce
[DETECTION] Is the TR/TPT.A Trojan
[NOTE] The file was moved to '4af3ac92.qua'!
C:\WINDOWS\system32\octqk.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4af2acc7.qua'!


End of the scan: 09 August 2009 21:00
Used time: 1:51:31 Hour(s)

The scan has been done completely.

23008 Scanned directories
850889 Files were scanned
21 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
21 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
850865 Files not concerned
19312 Archives were scanned
3 Warnings
23 Notes

Attached Files



#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:47 AM

Posted 09 August 2009 - 02:29 PM

Hello harison harison,

I have merged your latest topic to your previously existing topic where it belongs. Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom right. Starting new topics confuses things for everyone and delays the assistance you receive.

Back to you SifuMike,

Orange Blossom ~ forum moderator
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:47 AM

Posted 09 August 2009 - 03:29 PM

Hi harison harison

Is your Norton 360 out of date?


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Please download Java Version 6 Update 15
  • Click the "Free Java Download" button.
  • Click "Free Java Download" again
  • Save the file jxpiinstall.exe to your desktop
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 6
    Java™ 6 Update 13
    Java™ 6 Update 3

  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jxpiinstall.exe to install the newest version.
****************

Download Lop S&D
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

You can enable them after the scan.

You can find a detailed instructions with visuals here

Double-click Lop S&D.exe

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

****************


Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

****************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom right.
Starting new topics confuses things for everyone and delays the assistance you receive.

Edited by SifuMike, 09 August 2009 - 03:41 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 harison harison

harison harison
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 09 August 2009 - 08:14 PM

Hi SifuMike --> I like your name very much

I used to have a crack version of norton 360 but then I noticed after my windows was autoupdated my norton stop working, however, when I check my program list, it was still listed. So I uninstall it since it had no use if it wasn't working. But I never able to delete all components.

I have follow all steps and after I reboot my system, the message stop popping out. Thanks for your help. Any recommendation of a good antivirus? (free one if possible) is there any downside if I use the crack version?

Thanks,
Harison
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion™ 64 X2 Mobile Technology TL-52 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Harison Harison ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)
C:\ (Local Disk) - NTFS - Total:80 Go (Free:36 Go)
D:\ (Local Disk) - FAT32 - Total:11 Go (Free:1 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 10/08/2009| 9:21 )

--------------------\\ Listing folders in APPLIC~1

[17/09/2007|15:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[17/09/2007|15:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intuit
[17/09/2007|15:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[17/09/2007|15:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[21/04/2009|10:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[02/08/2009|02:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[03/08/2009|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[16/11/2007|21:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[09/08/2009|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[31/10/2007|00:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[03/08/2009|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[06/10/2007|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[06/02/2008|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DIGStream
[23/02/2008|20:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[24/10/2008|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[24/10/2008|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[12/11/2008|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[24/10/2008|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
[17/09/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[17/09/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intuit
[21/04/2009|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[21/04/2009|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[02/08/2009|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[15/03/2009|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[20/07/2009|13:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[04/06/2009|14:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[02/08/2009|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[28/11/2006|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[29/04/2009|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[03/08/2009|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Research In Motion
[03/08/2009|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[26/02/2008|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[17/09/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[09/08/2009|23:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[03/08/2009|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[03/08/2009|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[19/03/2009|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Thomson.ResearchSoft.Installers
[15/09/2008|09:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[26/02/2008|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[20/04/2009|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks
[18/10/2007|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[17/09/2007|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[02/03/2008|07:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/02/2008|14:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[05/02/2008|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[28/11/2007|12:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[17/09/2007|15:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[17/09/2007|15:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intuit
[17/09/2007|15:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[17/09/2007|15:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[11/07/2009|04:45] C:\DOCUME~1\Guest\APPLIC~1\CyberLink
[11/07/2009|04:44] C:\DOCUME~1\Guest\APPLIC~1\HP
[17/09/2007|15:16] C:\DOCUME~1\Guest\APPLIC~1\Identities
[17/09/2007|15:16] C:\DOCUME~1\Guest\APPLIC~1\Intuit
[30/06/2009|09:53] C:\DOCUME~1\Guest\APPLIC~1\Logitech
[17/09/2007|15:16] C:\DOCUME~1\Guest\APPLIC~1\Macromedia
[30/06/2009|11:23] C:\DOCUME~1\Guest\APPLIC~1\MathWorks
[06/07/2009|05:51] C:\DOCUME~1\Guest\APPLIC~1\Microsoft
[21/10/2007|12:22] C:\DOCUME~1\Guest\APPLIC~1\Mozilla
[13/10/2007|12:17] C:\DOCUME~1\Guest\APPLIC~1\Real
[21/10/2007|13:00] C:\DOCUME~1\Guest\APPLIC~1\Symantec

[02/08/2009|02:33] C:\DOCUME~1\HARISO~1\APPLIC~1\Adobe
[13/03/2009|08:06] C:\DOCUME~1\HARISO~1\APPLIC~1\AdobeAUM
[07/06/2009|12:23] C:\DOCUME~1\HARISO~1\APPLIC~1\AdobeUM
[16/11/2007|21:56] C:\DOCUME~1\HARISO~1\APPLIC~1\Apple Computer
[31/10/2007|00:55] C:\DOCUME~1\HARISO~1\APPLIC~1\AVS4YOU
[03/08/2009|18:35] C:\DOCUME~1\HARISO~1\APPLIC~1\Azureus
[08/08/2009|15:04] C:\DOCUME~1\HARISO~1\APPLIC~1\BitTorrent
[03/08/2009|21:29] C:\DOCUME~1\HARISO~1\APPLIC~1\Blackberry Desktop
[18/07/2008|01:46] C:\DOCUME~1\HARISO~1\APPLIC~1\Brother
[02/08/2009|09:48] C:\DOCUME~1\HARISO~1\APPLIC~1\Camfrog
[23/10/2008|13:30] C:\DOCUME~1\HARISO~1\APPLIC~1\Canon
[23/12/2007|18:16] C:\DOCUME~1\HARISO~1\APPLIC~1\CyberLink
[08/08/2009|10:05] C:\DOCUME~1\HARISO~1\APPLIC~1\EndNote
[23/02/2008|20:35] C:\DOCUME~1\HARISO~1\APPLIC~1\Google
[01/03/2008|01:19] C:\DOCUME~1\HARISO~1\APPLIC~1\GTek
[24/10/2008|16:23] C:\DOCUME~1\HARISO~1\APPLIC~1\HP
[17/09/2007|15:16] C:\DOCUME~1\HARISO~1\APPLIC~1\Identities
[03/08/2009|21:17] C:\DOCUME~1\HARISO~1\APPLIC~1\InstallShield
[17/09/2007|15:16] C:\DOCUME~1\HARISO~1\APPLIC~1\Intuit
[16/11/2007|20:51] C:\DOCUME~1\HARISO~1\APPLIC~1\Leadertech
[28/07/2009|10:25] C:\DOCUME~1\HARISO~1\APPLIC~1\LimeWire
[21/04/2009|17:36] C:\DOCUME~1\HARISO~1\APPLIC~1\Logitech
[17/09/2007|15:16] C:\DOCUME~1\HARISO~1\APPLIC~1\Macromedia
[12/09/2008|18:18] C:\DOCUME~1\HARISO~1\APPLIC~1\MathWorks
[05/08/2009|09:32] C:\DOCUME~1\HARISO~1\APPLIC~1\Microsoft
[18/06/2008|02:04] C:\DOCUME~1\HARISO~1\APPLIC~1\Mozilla
[04/06/2009|15:00] C:\DOCUME~1\HARISO~1\APPLIC~1\muvee Technologies
[01/05/2009|10:29] C:\DOCUME~1\HARISO~1\APPLIC~1\Netscape
[21/02/2008|11:00] C:\DOCUME~1\HARISO~1\APPLIC~1\Real
[03/08/2009|21:40] C:\DOCUME~1\HARISO~1\APPLIC~1\Research In Motion
[03/08/2009|21:33] C:\DOCUME~1\HARISO~1\APPLIC~1\Roxio
[21/12/2007|19:26] C:\DOCUME~1\HARISO~1\APPLIC~1\SecuROM
[10/08/2009|09:08] C:\DOCUME~1\HARISO~1\APPLIC~1\Skype
[09/08/2009|23:58] C:\DOCUME~1\HARISO~1\APPLIC~1\skypePM
[10/12/2008|05:50] C:\DOCUME~1\HARISO~1\APPLIC~1\SopCast
[21/12/2007|19:30] C:\DOCUME~1\HARISO~1\APPLIC~1\Sports Interactive
[19/10/2007|13:27] C:\DOCUME~1\HARISO~1\APPLIC~1\Sun
[10/10/2007|13:09] C:\DOCUME~1\HARISO~1\APPLIC~1\Symantec
[02/08/2009|09:21] C:\DOCUME~1\HARISO~1\APPLIC~1\Thinstall
[15/09/2008|09:04] C:\DOCUME~1\HARISO~1\APPLIC~1\TomTom
[27/02/2008|05:29] C:\DOCUME~1\HARISO~1\APPLIC~1\TVU Networks
[05/06/2009|11:21] C:\DOCUME~1\HARISO~1\APPLIC~1\U3
[07/02/2008|13:06] C:\DOCUME~1\HARISO~1\APPLIC~1\yahoo!
[03/08/2009|18:14] C:\DOCUME~1\HARISO~1\APPLIC~1\YCanPDF

[09/08/2009|10:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[17/09/2007|15:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[03/08/2009|21:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio

[10/12/2008|00:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[10/12/2008|00:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[17/09/2007|15:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/08/2009 12:00][--a------] C:\WINDOWS\tasks\PerfectOptimizer_home.job
[10/08/2009 08:52][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3306445178-3300979841-2253164422-1006UA.job
[10/08/2009 01:52][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3306445178-3300979841-2253164422-1006Core.job
[10/08/2009 00:20][--a------] C:\WINDOWS\tasks\OGADaily.job
[10/08/2009 09:12][--a------] C:\WINDOWS\tasks\OGALogon.job
[25/05/2009 15:36][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/08/2009 09:09][--ah-----] C:\WINDOWS\tasks\SA.DAT
[16/03/2006 14:00][---------] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/08/2009|02:39] C:\Program Files\Adobe
[30/08/2008|11:20] C:\Program Files\Apple Software Update
[09/08/2009|10:36] C:\Program Files\Avira
[03/08/2009|18:43] C:\Program Files\BitTorrent
[06/10/2007|23:51] C:\Program Files\BlazeVideo
[21/04/2009|10:35] C:\Program Files\Bonjour
[25/09/2007|02:06] C:\Program Files\Broadcom
[05/03/2009|23:44] C:\Program Files\Brother
[05/03/2009|23:44] C:\Program Files\Brownie
[03/08/2009|16:10] C:\Program Files\Camfrog
[09/08/2009|23:58] C:\Program Files\Common Files
[28/11/2006|00:17] C:\Program Files\ComPlus Applications
[25/09/2007|01:13] C:\Program Files\CONEXANT
[17/09/2007|15:23] C:\Program Files\DivX
[17/09/2007|15:23] C:\Program Files\Encarta Online
[03/08/2009|18:36] C:\Program Files\EndItAll
[19/03/2009|19:39] C:\Program Files\EndNote X2
[17/09/2007|15:23] C:\Program Files\EnglishOtto
[16/09/2007|23:33] C:\Program Files\ESPNMotion
[17/09/2007|15:23] C:\Program Files\GemMaster
[23/02/2008|20:34] C:\Program Files\Google
[17/09/2007|16:59] C:\Program Files\Hewlett-Packard
[24/10/2008|14:48] C:\Program Files\HP
[17/09/2007|16:59] C:\Program Files\HP Pavilion Webcam Demo
[17/09/2007|15:25] C:\Program Files\HP Rhapsody
[17/09/2007|15:25] C:\Program Files\HPQ
[28/11/2007|12:25] C:\Program Files\Huawei technologies
[01/05/2009|14:03] C:\Program Files\InstallShield Installation Information
[02/08/2009|11:15] C:\Program Files\Internet Explorer
[20/07/2009|13:38] C:\Program Files\iPod
[20/07/2009|13:39] C:\Program Files\iTunes
[10/08/2009|09:04] C:\Program Files\Java
[21/04/2009|10:25] C:\Program Files\LimeWire
[21/04/2009|16:07] C:\Program Files\Logitech
[12/09/2008|17:37] C:\Program Files\MagicDisc
[12/09/2008|17:36] C:\Program Files\MagicISO
[12/09/2008|17:44] C:\Program Files\MATLAB
[22/09/2008|15:24] C:\Program Files\Messenger
[15/03/2009|08:33] C:\Program Files\Microsoft
[19/09/2007|23:55] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/09/2007|15:25] C:\Program Files\microsoft frontpage
[27/02/2009|16:36] C:\Program Files\Microsoft Money 2006
[06/10/2007|22:45] C:\Program Files\Microsoft Office
[15/03/2009|08:33] C:\Program Files\Microsoft Office Outlook Connector
[17/09/2007|15:25] C:\Program Files\Microsoft Office Trial Wizard
[02/08/2009|01:28] C:\Program Files\Microsoft Silverlight
[15/03/2009|08:30] C:\Program Files\Microsoft SQL Server Compact Edition
[15/03/2009|08:31] C:\Program Files\Microsoft Sync Framework
[06/10/2007|22:45] C:\Program Files\Microsoft Visual Studio
[06/10/2007|22:46] C:\Program Files\Microsoft Works
[06/10/2007|22:44] C:\Program Files\Microsoft.NET
[02/08/2009|08:32] C:\Program Files\Miracle Technology
[22/09/2008|15:16] C:\Program Files\Movie Maker
[10/08/2009|08:58] C:\Program Files\Mozilla Firefox
[06/10/2007|22:45] C:\Program Files\MSBuild
[17/09/2007|15:26] C:\Program Files\MSN
[17/09/2007|15:26] C:\Program Files\MSN Gaming Zone
[02/03/2008|07:29] C:\Program Files\MSN Messenger
[19/09/2007|23:47] C:\Program Files\MSXML 4.0
[17/09/2007|15:26] C:\Program Files\music_now
[17/09/2007|15:26] C:\Program Files\muvee Technologies
[22/09/2008|15:10] C:\Program Files\NetMeeting
[17/09/2007|15:26] C:\Program Files\Netscape
[25/09/2007|01:13] C:\Program Files\NetWaiting
[02/08/2009|11:21] C:\Program Files\NOS
[17/09/2007|15:27] C:\Program Files\Online Services
[22/09/2008|15:09] C:\Program Files\Outlook Express
[10/08/2009|09:04] C:\Program Files\Panda Security
[17/09/2008|03:42] C:\Program Files\QHLiveII
[17/09/2007|15:28] C:\Program Files\Quicken
[17/09/2007|15:28] C:\Program Files\Quickensetup
[07/06/2009|09:48] C:\Program Files\QuickTime
[03/11/2007|14:11] C:\Program Files\QUT VPN Client
[12/10/2007|23:44] C:\Program Files\Real
[03/08/2009|21:13] C:\Program Files\Research In Motion
[17/09/2007|15:28] C:\Program Files\RGB
[12/10/2007|23:45] C:\Program Files\Rhapsody
[03/08/2009|21:14] C:\Program Files\Roxio
[07/10/2007|01:24] C:\Program Files\Sheer Notes
[09/08/2009|23:58] C:\Program Files\Skype
[17/09/2007|15:28] C:\Program Files\Sonic
[10/12/2008|05:51] C:\Program Files\SopCast
[21/12/2007|19:22] C:\Program Files\Sports Interactive
[03/08/2009|18:56] C:\Program Files\Symantec
[17/09/2007|15:28] C:\Program Files\Synaptics
[15/09/2008|08:59] C:\Program Files\TomTom DesktopSuite
[15/09/2008|09:03] C:\Program Files\TomTom HOME 2
[25/05/2008|18:18] C:\Program Files\Touchpad Pro
[20/04/2009|01:14] C:\Program Files\TVUPlayer
[28/11/2006|00:17] C:\Program Files\Uninstall Information
[29/05/2008|11:54] C:\Program Files\uusee
[18/10/2008|17:02] C:\Program Files\Visio
[04/10/2007|21:46] C:\Program Files\WildTangent
[15/03/2009|08:32] C:\Program Files\Windows Live
[21/04/2009|01:57] C:\Program Files\Windows Live Safety Center
[15/03/2009|08:25] C:\Program Files\Windows Live SkyDrive
[18/10/2007|00:57] C:\Program Files\Windows Media Connect 2
[18/10/2007|00:57] C:\Program Files\Windows Media Player
[22/09/2008|15:09] C:\Program Files\Windows NT
[17/09/2007|15:32] C:\Program Files\Windows Plus
[28/11/2006|00:17] C:\Program Files\WindowsUpdate
[17/06/2008|09:32] C:\Program Files\WinRAR
[03/08/2009|18:48] C:\Program Files\WM Converter
[17/09/2007|15:32] C:\Program Files\xerox
[03/08/2009|18:47] C:\Program Files\Xobni
[05/02/2008|14:08] C:\Program Files\Yahoo!
[21/12/2007|19:22] C:\Program Files\Zero G Registry

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/08/2009|02:39] C:\Program Files\Common Files\Adobe
[02/08/2009|02:33] C:\Program Files\Common Files\Adobe AIR
[22/11/2007|21:50] C:\Program Files\Common Files\Adobe Systems Shared
[20/07/2009|13:38] C:\Program Files\Common Files\Apple
[31/10/2007|00:55] C:\Program Files\Common Files\AVSMedia
[06/10/2007|22:45] C:\Program Files\Common Files\DESIGNER
[01/11/2007|10:06] C:\Program Files\Common Files\Deterministic Networks
[24/10/2008|14:43] C:\Program Files\Common Files\Hewlett-Packard
[17/09/2007|15:22] C:\Program Files\Common Files\HP
[05/03/2009|23:44] C:\Program Files\Common Files\InstallShield
[17/09/2007|15:22] C:\Program Files\Common Files\Intuit
[17/09/2007|15:22] C:\Program Files\Common Files\Java
[25/09/2007|01:31] C:\Program Files\Common Files\LightScribe
[21/04/2009|16:08] C:\Program Files\Common Files\Logishrd
[04/08/2009|22:10] C:\Program Files\Common Files\Microsoft Shared
[17/09/2007|15:22] C:\Program Files\Common Files\MSSoap
[17/09/2007|15:23] C:\Program Files\Common Files\muvee Technologies
[17/09/2007|15:23] C:\Program Files\Common Files\ODBC
[17/09/2007|15:23] C:\Program Files\Common Files\Palo Alto Software
[28/09/2008|08:10] C:\Program Files\Common Files\Real
[03/08/2009|21:12] C:\Program Files\Common Files\Research In Motion
[19/03/2009|19:39] C:\Program Files\Common Files\ResearchSoft
[19/03/2009|19:39] C:\Program Files\Common Files\Risxtd
[03/08/2009|21:15] C:\Program Files\Common Files\Roxio Shared
[17/09/2007|15:23] C:\Program Files\Common Files\Services
[09/08/2009|23:58] C:\Program Files\Common Files\Skype
[17/09/2007|15:23] C:\Program Files\Common Files\Sonic Shared
[17/09/2007|15:23] C:\Program Files\Common Files\SpeechEngines
[17/09/2007|15:23] C:\Program Files\Common Files\SureThing Shared
[07/10/2007|10:19] C:\Program Files\Common Files\SWF Studio
[03/08/2009|21:21] C:\Program Files\Common Files\Symantec Shared
[15/03/2009|08:33] C:\Program Files\Common Files\System
[17/09/2007|15:23] C:\Program Files\Common Files\TiVo Shared
[02/11/2008|03:06] C:\Program Files\Common Files\uusee
[15/03/2009|08:12] C:\Program Files\Common Files\Windows Live
[02/03/2008|07:33] C:\Program Files\Common Files\WindowsLiveInstaller
[28/09/2008|08:10] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 79 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\HARISO~1\LOCALS~1\Temp\nszD14.tmp
C:\DOCUME~1\HARISO~1\LOCALS~1\Temp\stadistic.log
C:\DOCUME~1\HARISO~1\Cookies\harison_harison@advertising[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 09:22:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\WINDOWS\System32\drivers\ntndis.exe 232960 bytes executable
C:\WINDOWS\System32\drivers\ntndis.sys 4864 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 23

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\JN0S0VA5\pdfzilla-v120-keygen-crack-serial-rapishare[1].html
C:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\OJLI3KKR\warez-full-version-2066900-rapidshare-megaupload-downloads-torrent-crack-serial-keygen[1].htm
C:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\X4TWSU9K\download-PDFZilla-1.2.0-full-crack-serial-keygen-rapidhare-by-CrackDelivery-2066900[1].htm
C:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\X4TWSU9K\full-pdfzilla-120-crack-serial-keygen[1].htm


[F:478][D:66]-> C:\DOCUME~1\HARISO~1\LOCALS~1\Temp
[F:197][D:0]-> C:\DOCUME~1\HARISO~1\Cookies
[F:211][D:24]-> C:\DOCUME~1\HARISO~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/08/2009| 9:26 - Option : [1]

--------------------\\ Scan completed at 9:26:15

Results of screen317's Security Check version 0.98.7
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Norton 360


Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 15
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1.3
Japanese Fonts Support For Adobe Reader 8
``````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe


``````````````````````````````
DNS Vulnerability Check:


`````````End of Log```````````

Malwarebytes' Anti-Malware 1.40
Database version: 2587
Windows 5.1.2600 Service Pack 3

10/08/2009 10:58:37
mbam-log-2009-08-10 (10-58-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 408025
Time elapsed: 1 hour(s), 25 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Explorer (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Rogue.Multiple) -> Data: c:\windows\system32\drivers\ntndis.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Rogue.Multiple) -> Data: system32\drivers\ntndis.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Harison Harison\Local Settings\Temp\crypted.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Harison Harison\Local Settings\Temp\Perfect Optimizer.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048152.rbf (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048153.rbf (Pup.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048154.rbf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048155.rbf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048226.rbf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048227.rbf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048228.rbf (Pup.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048229.rbf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP249\A0048151.rbf (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP252\A0050296.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP256\A0050637.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP260\A0050903.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP266\A0051527.sys (Backdoor.SdBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ntndis.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ntndis.sys (Backdoor.SdBot) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:47 AM

Posted 09 August 2009 - 09:30 PM

Hi harison harison,


I see you're not afraid of visiting crack sites - using illegal software. From the logs I can see that you actually installed some plug ins that appear on crack sites and keygens to get access to the cracks. They install the malware on your system.

If you visit crack sites, use cracks or keygens, you'll ALWAYS get infected :thumbup2: .

This not only because of the crack itself, but because one single click entering that site may already download and install a huge malware bundle.

You really have to change your surfing habits, because these malware bundles may contain a key logger, collecting all your passwords and installing other random malware, compromising your system including infecting other computers. And this all, because you visited some illegal sites.

Also, keep in mind, malware DAMAGES A LOT! And the damage can't always be repaired, so a format and reinstall is the only solution in such cases.

So is it really worth it? Get illegal software for "free", but compromise/break your computer instead....
Better to avoid this instead and change your surfing habits. Then this wouldn't have happened.



Please close FireFox and Internet Explorer browser before running OTM.

Please download OTM by OldTimer and save it to your desktop.
Double click the icon on your desktop to run it.
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).


Copy the lines in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C[/b] (or, after highlighting, right-click and choose Copy):
Do not include the word "Code".


:filesC:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\JN0S0VA5\pdfzilla-v120-keygen-crack-serial-rapishare[1].html
C:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\OJLI3KKR\warez-full-version-2066900-rapidshare-megaupload-downloads-torrent-crack-serial-keygen[1].htm
C:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\X4TWSU9K\download-PDFZilla-1.2.0-full-crack-serial-keygen-rapidhare-by-CrackDelivery-2066900[1].htm
C:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\X4TWSU9K\full-pdfzilla-120-crack-serial-keygen[1].htm
:commands
[emptytemp]
[Reboot]


Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

I used to have a crack version of norton 360 but then I noticed after my windows was autoupdated my norton stop working, however, when I check my program list, it was still listed. So I uninstall it since it had no use if it wasn't working. But I never able to delete all components

.

And installing cracks is how you got badly infected! :)

To fully remove Norton AntiVirus or other Symantec related products, select the product you want to uninstall from this list in order to download the removal tool.
Please read the instructions first before you use it.

For older versions of Norton (2000, 2001, 2002), choose this link.

Also read the next article in case you're having problems with uninstalling Norton if above instructions didn't work, or noticed problems after uninstalling Norton: http://basconotw.mvps.org/SymRem.htm
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 harison harison

harison harison
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 09 August 2009 - 09:57 PM

I have already uninstall pdf zilla prior to this step, I don't know if it has anything to do with the error.

All processes killed
Error: Unable to interpret <:filesC:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\JN0S0VA5\pdfzilla-v120-keygen-crack-serial-rapishare[1].html> in the current context!
Error: Unable to interpret <C:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\OJLI3KKR\warez-full-version-2066900-rapidshare-megaupload-downloads-torrent-crack-serial-keygen[1].htm> in the current context!
Error: Unable to interpret <C:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\X4TWSU9K\download-PDFZilla-1.2.0-full-crack-serial-keygen-rapidhare-by-CrackDelivery-2066900[1].htm> in the current context!
Error: Unable to interpret <C:\DOCUME~1\HARISO~1\Temporary Internet Files\Content.IE5\X4TWSU9K\full-pdfzilla-120-crack-serial-keygen[1].htm> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 59554 bytes
->Temporary Internet Files folder emptied: 619084 bytes
->FireFox cache emptied: 13504591 bytes

User: Harison Harison
->Temp folder emptied: 97352729 bytes
File delete failed. C:\Documents and Settings\Harison Harison\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 45782846 bytes
->Java cache emptied: 27516502 bytes
->FireFox cache emptied: 57869527 bytes
->Google Chrome cache emptied: 400521688 bytes
->Apple Safari cache emptied: 45354959 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 49961550 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 704.40 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08102009_124143

Files moved on Reboot...

Registry entries deleted on Reboot...

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:47 AM

Posted 09 August 2009 - 10:12 PM

Hi,


Did you use the norton remover tool to get rid of Norton 360? It will take out all the remenents left on your computer.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 harison harison

harison harison
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 09 August 2009 - 10:16 PM

Hi SifuMike,

I have removed norton 360 using norton removal. Is there anything else I should do? Any recommendation on good antivirus? I promise I'll get the genuine one for this time.

Thanks,
Harison

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:47 AM

Posted 09 August 2009 - 10:31 PM

Hi harison harison,

Any recommendation on good antivirus?


You already have avira antivir installed on your computer. That is a very good free antivirus.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Post a fresh Hijackthis log and tell me how the computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 harison harison

harison harison
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 09 August 2009 - 10:40 PM

I have already installed the avira antivirus buat can't seem to activate the guard system (the umbrella icon is not open). Should I post new log or just addreply? How do you want me to write the post? any particular aspect you want me to look at?

#13 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:47 AM

Posted 09 August 2009 - 10:47 PM

can't seem to activate the guard system (the umbrella icon is not open).


Uninstall avira antiviri then download and install a fresh version of Avira Antivirus: http://www.free-av.com/

See if it now works ok.

Should I post new log or just addreply



Please do this:
1. Download HijackThis here:
http://www.trendsecure.com/portal/en-US/to...ools/hijackthis

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.
Please post it.
Use the add reply button to post it.

Edited by SifuMike, 09 August 2009 - 10:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 harison harison

harison harison
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 09 August 2009 - 11:07 PM

I solved the problem with Avira, Thanks :thumbup2:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:05:32, on 10/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\QUT VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Sheer Notes\sheernotes.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harison Harison\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Sheer Notes] C:\Program Files\Sheer Notes\sheernotes.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\QUT VPN Client\cvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 15038 bytes

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:47 AM

Posted 09 August 2009 - 11:14 PM

Hi harison harison,

Your log looks clean. :thumbup2: How is the computer running.

We still have to do some clean up.

Edited by SifuMike, 09 August 2009 - 11:20 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users