Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow internet


  • This topic is locked This topic is locked
11 replies to this topic

#1 rocho

rocho

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 02 November 2009 - 10:56 PM

on google links i see the websites going to other websites and on other websites the page just stops.
help needed!!! thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:03 PM, on 11/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\SamsungSM\PanelMgr\SSMMgr.exe
C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zmpxdjb] C:\WINDOWS\system32\zmpxdjb.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SamsungSM PanelMgr] C:\WINDOWS\SamsungSM\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.13\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 GTB5" -"http://coursewareobjects.elsevier.com/objects/elr/Canada/Potter/fundamentals3e/testpage.html"
O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10316 bytes

BC AdBot (Login to Remove)

 


#2 rocho

rocho
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 06 November 2009 - 07:55 PM

hello!! i'm having major problems with the running processes of the computer as well as the internet. When i am currently using the computer avg keeps popping up different infected files which not only increases my anxiety over my computer failing on me that very second but also prevents me (and annoys me) while doing anything on the computer. i downloaded dds and rootrepel to run before hjt, but for some reason it was not able to run.
please help! thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:20 PM, on 11/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\ThreatWork.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://join.clonecashsystem.com/track/NjU1...zUuMC4wLjAuMC4w
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [1770] C:\WINDOWS\system32\8A.tmp.exe
O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [8655] C:\WINDOWS\system32\11.tmp.exe
O4 - HKLM\..\Run: [27560] C:\WINDOWS\system32\9.tmp.exe
O4 - HKLM\..\Run: [10419] C:\WINDOWS\system32\4.tmp.exe
O4 - HKLM\..\RunOnce: [N@] N@
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.13\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 GTB5" -"http://coursewareobjects.elsevier.com/objects/elr/Canada/Potter/fundamentals3e/testpage.html"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9618 bytes

Merged topics for the sake of continuity and to avoid confusion. ~ OB

Edited by Orange Blossom, 06 November 2009 - 09:36 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:37 PM

Posted 08 November 2009 - 06:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 rocho

rocho
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 11 November 2009 - 01:28 AM

because of the viruses and other computer problems i was only able to post the otl.txt

OTL logfile created on: 11/10/2009 9:00:37 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 224.20 Mb Available Physical Memory | 43.83% Memory free
1.22 Gb Paging File | 0.69 Gb Available in Paging File | 56.74% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 55.54 Gb Free Space | 43.40% Space Free | Partition Type: NTFS
Drive D: | 58.32 Gb Total Space | 37.69 Gb Free Space | 64.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC02
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\explorer.exe:userini.exe
PRC - File not found -- C:\WINDOWS\explorer.exe:userini.exe
PRC - File not found -- C:\WINDOWS\explorer.exe:userini.exe
PRC - File not found -- C:\WINDOWS\explorer.exe:userini.exe
PRC - [2009/11/10 20:58:41 | 00,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/11/10 20:48:23 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/10/31 17:10:37 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/31 17:10:36 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/10/31 17:10:35 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/31 17:10:33 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/31 17:10:14 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/31 16:21:34 | 00,788,368 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/31 16:21:33 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/28 21:39:27 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/06 19:36:40 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/02 20:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/03/23 00:13:46 | 01,612,288 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2005/07/08 17:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/12/14 23:01:00 | 00,159,744 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004/07/20 14:15:20 | 00,110,592 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe


========== Modules (SafeList) ==========

MOD - [2009/11/10 20:58:41 | 00,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2009/11/04 22:13:38 | 00,061,440 | ---- | M] (USA) -- C:\WINDOWS\system32\msxm192z.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 10:56:44 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Norton AntiVirus Server)
SRV - File not found -- -- (ImapiService)
SRV - [2009/10/31 17:10:14 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/31 16:21:33 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/03/22 19:34:44 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/16 17:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/01/02 21:46:54 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006/12/10 22:29:24 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/12/08 13:09:46 | 00,088,064 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2005/07/08 17:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/12/14 23:01:00 | 00,159,744 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/08/03 10:56:58 | 00,160,768 | ---- | M] () -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2004/08/03 10:56:58 | 00,109,568 | ---- | M] () -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2004/08/03 10:56:58 | 00,093,184 | ---- | M] () -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2004/08/03 10:56:50 | 00,244,736 | ---- | M] () -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2004/08/03 10:56:50 | 00,025,088 | ---- | M] () -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2004/08/03 10:56:50 | 00,025,088 | ---- | M] () -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2004/08/03 10:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/07/20 14:15:20 | 00,110,592 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/12/15 19:30:20 | 00,067,072 | ---- | M] () -- C:\WINDOWS\system32\FastNetSrv.exe -- (fastnetsrv)
SRV - [2001/12/15 19:30:20 | 00,045,568 | ---- | M] (FTD2XX Software Technology) -- C:\WINDOWS\system32\BtwSrv.dll -- (BtwSrv)
SRV - [2001/09/24 07:59:00 | 00,053,248 | ---- | M] () -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - [2009/11/09 21:12:01 | 00,153,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\nmme905.sys -- (nmme905)
DRV - [2009/11/06 18:43:28 | 00,018,944 | -H-- | M] () -- C:\WINDOWS\system32\drivers\protect.sys -- (protect)
DRV - [2009/10/31 17:11:16 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/31 17:11:11 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/31 17:11:08 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/19 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/23 07:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/30 10:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/02/15 23:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/11/17 01:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/02/15 04:00:00 | 00,895,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080215.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/02/15 04:00:00 | 00,082,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080215.021\NAVENG.SYS -- (NAVENG)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/12/03 09:32:53 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/12/03 09:32:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/12/03 09:32:36 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/11/30 16:42:30 | 00,041,984 | ---- | M] (DeviceGuys, Inc.) -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2005/07/08 17:17:54 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 17:17:36 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/08 09:17:32 | 00,028,672 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/12/14 23:01:00 | 03,329,504 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/12/14 10:55:22 | 00,009,472 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/08/02 08:09:18 | 00,635,281 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/07/20 14:19:16 | 00,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004/06/02 21:40:50 | 00,068,224 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2004/06/02 21:40:46 | 00,079,360 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/02/23 22:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/23 06:32:00 | 00,174,464 | ---- | M] (Marvell Semiconductor Inc.) -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003/10/29 00:02:00 | 00,021,120 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/12/15 19:31:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/09/24 07:59:00 | 00,176,208 | ---- | M] () -- C:\Program Files\NavNT\navap.sys -- (NAVAP)
DRV - [2001/09/24 07:59:00 | 00,009,232 | ---- | M] () -- C:\Program Files\NavNT\Navapel.sys -- (NAVAPEL)
DRV - [2001/09/23 23:29:00 | 00,057,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://join.clonecashsystem.com/track/NjU1...zUuMC4wLjAuMC4w
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://join.clonecashsystem.com/track/NjU1...zUuMC4wLjAuMC4w
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://join.clonecashsystem.com/track/NjU1...zUuMC4wLjAuMC4w

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://join.clonecashsystem.com/track/NjU1...zUuMC4wLjAuMC4w

IE - HKU\S-1-5-21-839522115-1425521274-2146812355-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-839522115-1425521274-2146812355-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-839522115-1425521274-2146812355-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-839522115-1425521274-2146812355-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-839522115-1425521274-2146812355-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://join.clonecashsystem.com/track/NjU1...zUuMC4wLjAuMC4w
IE - HKU\S-1-5-21-839522115-1425521274-2146812355-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-839522115-1425521274-2146812355-500\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-839522115-1425521274-2146812355-500\S-1-5-21-839522115-1425521274-2146812355-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-1425521274-2146812355-500\S-1-5-21-839522115-1425521274-2146812355-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:1.5.41.0
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090813W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/31 17:10:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/02 20:30:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 21:39:34 | 00,000,000 | ---D | M]

[2008/09/05 06:52:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008/09/05 06:52:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/10 21:03:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6f04gbie.default\extensions
[2009/01/17 09:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6f04gbie.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2009/09/17 19:32:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6f04gbie.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/30 22:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6f04gbie.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/11/10 21:03:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/05 22:59:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/28 21:39:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/01/09 18:50:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009/10/28 21:39:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/28 21:39:27 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 16:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2008/12/05 22:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/05/12 13:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/10/28 21:39:28 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/12/23 18:21:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/12/23 18:21:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/12/23 18:21:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/12/23 18:21:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/12/23 18:21:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/12/23 18:21:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/12/23 18:21:09 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/12/21 13:36:34 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2009/05/01 16:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2008/10/03 09:21:47 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2008/10/03 09:21:47 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2008/10/03 09:21:47 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2008/12/02 11:41:23 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2008/10/03 09:21:47 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008/10/03 09:21:47 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2008/10/03 09:21:47 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (347115 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11904 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-21-839522115-1425521274-2146812355-500\..\Toolbar\ShellBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-839522115-1425521274-2146812355-500\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-839522115-1425521274-2146812355-500\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O4 - HKLM..\Run: [3971] C:\WINDOWS\System32\21.tmp.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ter8m] C:\WINDOWS\System32\msxm192z.DLL (USA)
O4 - HKLM..\Run: [userini] C:\WINDOWS\system32\userini.exe ()
O4 - HKU\.DEFAULT..\Run: [restorer32_a] C:\WINDOWS\System32\20.tmp ()
O4 - HKU\.DEFAULT..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe File not found
O4 - HKU\S-1-5-18..\Run: [restorer32_a] C:\WINDOWS\System32\20.tmp ()
O4 - HKU\S-1-5-18..\Run: [userini] C:\WINDOWS\explorer.exe:userini.exe File not found
O4 - HKU\S-1-5-21-839522115-1425521274-2146812355-500..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKU\S-1-5-21-839522115-1425521274-2146812355-500..\Run: [iLike] C:\Program Files\iLike\1.1.13\ilikesidebar.exe File not found
O4 - HKU\S-1-5-21-839522115-1425521274-2146812355-500..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-839522115-1425521274-2146812355-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-839522115-1425521274-2146812355-500..\Run: [userini] C:\WINDOWS\system32\userini.exe ()
O4 - HKLM..\RunOnce: [N@] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-21-839522115-1425521274-2146812355-500..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\5.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1425521274-2146812355-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1425521274-2146812355-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-839522115-1425521274-2146812355-500\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...or/sw_promo.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\1.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmd.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O27 - HKLM IFEO\reader_s.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O27 - HKLM IFEO\servises.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O27 - HKLM IFEO\sys64_nov.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/08 10:54:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e7de11f5-86a7-11db-9d43-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e7de11f5-86a7-11db-9d43-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e7de11f5-86a7-11db-9d43-806d6172696f}\Shell\AutoRun\command - "" = E:\AutoRun\Demo.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/10 20:58:38 | 00,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/11/10 20:47:54 | 00,089,088 | ---- | C] (USA) -- C:\WINDOWS\System32\4411824.exe
[2009/11/09 21:11:42 | 00,089,088 | ---- | C] (USA) -- C:\WINDOWS\System32\8552907.exe
[2009/11/06 18:25:01 | 00,493,568 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/11/06 18:17:45 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/04 22:13:37 | 00,061,440 | ---- | C] (USA) -- C:\WINDOWS\System32\msxm192z.dll
[2009/11/04 22:12:46 | 00,000,000 | ---D | C] -- C:\Program Files\Protection System
[2009/11/04 22:12:22 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL
[2009/11/02 20:56:22 | 00,016,648 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys
[2009/11/02 20:05:25 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/11/02 20:04:55 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/11/02 07:46:34 | 00,000,000 | ---D | C] -- C:\Program Files\AntiVirus Plus
[2009/11/02 01:56:28 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/31 17:11:44 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/31 17:11:16 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/31 17:11:16 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/31 17:11:10 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/31 17:11:08 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/31 17:10:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/31 17:10:05 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/31 17:10:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/31 16:23:14 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/10/31 16:22:57 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/31 16:20:13 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/31 16:19:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/30 22:37:39 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/10/30 22:36:48 | 01,221,512 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2009/10/26 00:50:21 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/10/26 00:50:20 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/10/26 00:50:20 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/10/26 00:50:19 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/10/25 21:53:14 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/10/25 14:56:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/10/25 14:54:41 | 00,037,602 | ---- | C] (Privat) -- C:\WINDOWS\System32\net.net
[2009/10/25 14:49:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{43753DBA-83B7-4C05-9D1F-5D241E40FE4F}
[35 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/10 21:03:33 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2009/11/10 20:58:41 | 00,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/11/10 20:56:05 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/10 20:52:53 | 00,000,428 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/11/10 20:52:39 | 00,000,335 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/11/10 20:52:17 | 00,049,664 | ---- | M] () -- C:\WINDOWS\System32\userini.exe
[2009/11/10 20:51:45 | 00,017,555 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/10 20:51:17 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/10 20:50:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/10 20:49:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/10 20:48:41 | 00,000,100 | ---- | M] () -- C:\jklry54c108.bat
[2009/11/10 20:48:23 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2009/11/10 20:48:13 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\8282542.exe
[2009/11/10 20:48:04 | 00,000,120 | ---- | M] () -- C:\WINDOWS\System32\190453.BAT
[2009/11/10 20:47:54 | 00,089,088 | ---- | M] (USA) -- C:\WINDOWS\System32\4411824.exe
[2009/11/10 20:47:47 | 00,000,868 | ---- | M] () -- C:\WINDOWS\System32\3440363.exe
[2009/11/10 20:47:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\SC.INS
[2009/11/10 20:47:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\sc.exe
[2009/11/10 20:47:29 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS
[2009/11/10 20:47:29 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS
[2009/11/10 08:28:15 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2009/11/10 08:12:22 | 00,000,001 | ---- | M] () -- C:\Documents and Settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
[2009/11/10 08:09:04 | 00,026,935 | ---- | M] () -- C:\Documents and Settings\Administrator\restorer32_a.exe
[2009/11/10 08:09:03 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\Administrator\reader_s.exe
[2009/11/09 21:12:23 | 00,000,100 | ---- | M] () -- C:\seg5ywfxwx108.bat
[2009/11/09 21:12:01 | 00,153,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\nmme905.sys
[2009/11/09 21:12:00 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\5851054.exe
[2009/11/09 21:11:55 | 00,000,120 | ---- | M] () -- C:\WINDOWS\System32\418609.BAT
[2009/11/09 21:11:48 | 00,026,935 | ---- | M] () -- C:\WINDOWS\System32\restorer32_a.exe
[2009/11/09 21:11:42 | 00,089,088 | ---- | M] (USA) -- C:\WINDOWS\System32\8552907.exe
[2009/11/09 21:11:34 | 00,000,868 | ---- | M] () -- C:\WINDOWS\System32\3399011.exe
[2009/11/09 21:05:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/09 05:17:11 | 08,650,752 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009/11/09 05:17:11 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/09 05:15:16 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\frank (2).doc
[2009/11/09 05:08:53 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/11/08 14:19:01 | 00,071,168 | ---- | M] () -- C:\WINDOWS\System32\reader_s.exe
[2009/11/07 20:43:35 | 00,000,098 | ---- | M] () -- C:\dfuj4y54hscv108.bat
[2009/11/07 20:40:51 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\7266764.exe
[2009/11/07 20:39:50 | 00,000,868 | ---- | M] () -- C:\WINDOWS\System32\7707178.exe
[2009/11/06 19:23:43 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/11/06 18:44:14 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\7173866.exe
[2009/11/06 18:43:29 | 00,000,868 | ---- | M] () -- C:\WINDOWS\System32\7430689.exe
[2009/11/06 18:43:28 | 00,018,944 | -H-- | M] () -- C:\WINDOWS\System32\drivers\protect.sys
[2009/11/06 18:25:11 | 00,493,568 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/11/06 18:22:59 | 00,546,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/11/06 18:06:55 | 03,562,655 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/11/06 18:00:45 | 00,022,016 | ---- | M] () -- C:\WINDOWS\System32\tdlwsp.dll
[2009/11/06 17:00:42 | 00,000,350 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2009/11/06 17:00:42 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2009/11/06 15:58:52 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\7965797.exe
[2009/11/06 15:57:59 | 00,000,868 | ---- | M] () -- C:\WINDOWS\System32\951153.exe
[2009/11/04 23:55:41 | 00,356,738 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/04 23:55:41 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/04 23:55:41 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/04 22:15:32 | 00,000,100 | ---- | M] () -- C:\s1f108.bat
[2009/11/04 22:14:01 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\9929575.exe
[2009/11/04 22:13:38 | 00,061,440 | ---- | M] (USA) -- C:\WINDOWS\System32\msxm192z.dll
[2009/11/04 22:12:58 | 00,000,868 | ---- | M] () -- C:\WINDOWS\System32\4879877.exe
[2009/11/04 22:12:31 | 00,000,094 | ---- | M] () -- C:\Clone Cash System.url
[2009/11/04 22:12:22 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL
[2009/11/04 18:06:24 | 44,702,207 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/04 18:03:47 | 00,084,916 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/03 22:55:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/02 23:14:19 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/02 20:04:48 | 00,177,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\activescan2_en.exe
[2009/11/02 09:47:49 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\individual presentation.doc
[2009/11/02 01:56:31 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/11/02 00:23:10 | 00,018,755 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Group_Summary_Paper_(rough_draft)1.docx
[2009/11/01 18:00:41 | 00,000,574 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
[2009/11/01 10:21:15 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$ank (2).doc
[2009/11/01 10:21:13 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$frank2.doc
[2009/11/01 10:20:54 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$ank(2).doc
[2009/10/31 17:11:17 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/31 17:11:16 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/31 17:11:11 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/31 17:11:08 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/31 17:11:08 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/31 17:10:51 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/31 17:10:50 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/31 16:22:50 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/31 16:22:45 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/31 08:05:03 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\group research paper.doc
[2009/10/29 04:27:25 | 00,043,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\reflective anaylsis.doc
[2009/10/26 08:11:14 | 00,083,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\frank2.doc
[2009/10/26 08:11:10 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\frank(2).doc
[2009/10/26 01:08:44 | 00,347,115 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/26 01:08:24 | 00,347,115 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091026-020844.backup
[2009/10/26 01:00:58 | 00,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/26 00:52:19 | 00,053,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/25 14:54:41 | 00,037,602 | ---- | M] (Privat) -- C:\WINDOWS\System32\net.net
[2009/10/25 14:49:36 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Inudodusexuyod.dat
[2009/10/25 14:49:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Byudevubeq.bin
[2009/10/24 14:30:47 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$flective anaylsis.doc
[2009/10/23 05:04:05 | 00,089,327 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\27608374.pdf
[2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/20 05:16:06 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\frank (2).doc
[2009/10/14 00:24:52 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[35 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/10 20:48:41 | 00,000,100 | ---- | C] () -- C:\jklry54c108.bat
[2009/11/10 20:48:12 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\8282542.exe
[2009/11/10 20:48:04 | 00,000,120 | ---- | C] () -- C:\WINDOWS\System32\190453.BAT
[2009/11/10 20:47:47 | 00,000,868 | ---- | C] () -- C:\WINDOWS\System32\3440363.exe
[2009/11/10 08:09:04 | 00,026,935 | ---- | C] () -- C:\Documents and Settings\Administrator\restorer32_a.exe
[2009/11/09 21:12:23 | 00,000,100 | ---- | C] () -- C:\seg5ywfxwx108.bat
[2009/11/09 21:12:01 | 00,153,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\nmme905.sys
[2009/11/09 21:12:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\5851054.exe
[2009/11/09 21:11:54 | 00,000,120 | ---- | C] () -- C:\WINDOWS\System32\418609.BAT
[2009/11/09 21:11:48 | 00,026,935 | ---- | C] () -- C:\WINDOWS\System32\restorer32_a.exe
[2009/11/09 21:11:34 | 00,000,868 | ---- | C] () -- C:\WINDOWS\System32\3399011.exe
[2009/11/08 14:20:46 | 00,049,664 | ---- | C] () -- C:\WINDOWS\System32\userini.exe
[2009/11/07 20:43:35 | 00,000,098 | ---- | C] () -- C:\dfuj4y54hscv108.bat
[2009/11/07 20:40:51 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\7266764.exe
[2009/11/07 20:39:50 | 00,000,868 | ---- | C] () -- C:\WINDOWS\System32\7707178.exe
[2009/11/06 19:34:04 | 00,071,168 | ---- | C] () -- C:\Documents and Settings\Administrator\reader_s.exe
[2009/11/06 19:23:43 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/11/06 18:44:14 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\7173866.exe
[2009/11/06 18:43:29 | 00,000,868 | ---- | C] () -- C:\WINDOWS\System32\7430689.exe
[2009/11/06 18:43:28 | 00,018,944 | -H-- | C] () -- C:\WINDOWS\System32\drivers\protect.sys
[2009/11/06 18:22:59 | 00,546,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/11/06 18:06:52 | 03,562,655 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/11/06 18:00:45 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\tdlwsp.dll
[2009/11/06 17:00:42 | 00,000,350 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2009/11/06 17:00:42 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2009/11/06 15:58:52 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\7965797.exe
[2009/11/06 15:58:31 | 00,071,168 | ---- | C] () -- C:\WINDOWS\System32\reader_s.exe
[2009/11/06 15:57:59 | 00,000,868 | ---- | C] () -- C:\WINDOWS\System32\951153.exe
[2009/11/04 22:19:43 | 00,000,001 | ---- | C] () -- C:\Documents and Settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
[2009/11/04 22:15:32 | 00,000,100 | ---- | C] () -- C:\s1f108.bat
[2009/11/04 22:14:01 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\9929575.exe
[2009/11/04 22:12:58 | 00,000,868 | ---- | C] () -- C:\WINDOWS\System32\4879877.exe
[2009/11/04 22:12:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SC.INS
[2009/11/04 22:12:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\sc.exe
[2009/11/04 22:12:29 | 00,000,094 | ---- | C] () -- C:\Clone Cash System.url
[2009/11/02 20:04:47 | 00,177,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\activescan2_en.exe
[2009/11/02 03:41:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2009/11/02 01:56:30 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/11/02 00:23:05 | 00,018,755 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Group_Summary_Paper_(rough_draft)1.docx
[2009/11/02 00:22:32 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\individual presentation.doc
[2009/11/01 10:21:15 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$ank (2).doc
[2009/11/01 10:21:13 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$frank2.doc
[2009/11/01 10:20:54 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$ank(2).doc
[2009/10/31 20:10:57 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/31 17:11:07 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/31 17:10:51 | 44,702,207 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/31 17:10:51 | 00,084,916 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/31 17:10:50 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/31 17:10:49 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/31 16:29:08 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/31 08:05:02 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\group research paper.doc
[2009/10/26 01:26:36 | 00,051,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\frank(2).doc
[2009/10/25 14:49:36 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Inudodusexuyod.dat
[2009/10/25 14:49:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Byudevubeq.bin
[2009/10/24 23:02:01 | 08,650,752 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009/10/24 14:30:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$flective anaylsis.doc
[2009/10/23 05:04:05 | 00,089,327 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\27608374.pdf
[2009/10/23 05:00:45 | 00,043,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\reflective anaylsis.doc
[2009/10/20 05:16:23 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\frank (2).doc
[2009/10/20 05:15:51 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\frank (2).doc
[2009/10/20 04:40:10 | 00,083,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\frank2.doc
[2009/08/25 12:32:16 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll
[2009/08/25 12:32:05 | 00,000,119 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009/08/25 12:32:04 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/08/25 12:24:38 | 00,094,208 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2009/08/25 12:24:38 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2009/08/25 12:24:37 | 00,086,016 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2009/08/25 12:24:37 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2009/08/12 18:03:36 | 00,007,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SmarThruOptions.xml
[2008/03/21 15:30:08 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 15:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 15:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/01 00:16:16 | 00,014,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/09/26 21:28:43 | 00,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2007/04/09 12:35:04 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/12/14 22:29:49 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/10 20:04:08 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/12/09 20:38:14 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/09 20:38:10 | 00,062,464 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/09 20:03:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/12/09 20:02:07 | 00,053,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/12/08 14:12:08 | 00,000,187 | ---- | C] () -- C:\WINDOWS\EPSON CX6600 Installer.ini
[2006/12/08 12:36:50 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/12/08 12:36:45 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/12/08 12:35:34 | 00,000,489 | ---- | C] () -- C:\WINDOWS\demo.INI
[2006/12/08 12:16:33 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2006/12/08 12:16:33 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2006/12/08 12:16:32 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATKCheckDispIDs.dll
[2006/12/08 11:52:59 | 06,924,520 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2006/12/08 11:36:56 | 00,000,592 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/08 11:09:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2006/12/08 05:42:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/03 10:56:44 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\winntcmd_2_0.dll
[2004/08/03 10:56:44 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dxvars.dll
[2004/08/03 10:56:44 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\sysdiag.dll
[2004/08/03 10:56:44 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\ipcmd.dll
[2004/04/15 05:00:00 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/15 19:31:46 | 00,000,608 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/12/15 19:31:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/12/15 19:30:20 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys
[2001/09/24 07:59:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/09/18 17:12:40 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Files - Unicode (All) ==========
[2006/12/08 14:16:19 | 00,000,218 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\????? Startpage.co.kr ??????.url) -- C:\Documents and Settings\Administrator\Desktop\시작페이지 Startpage.co.kr 코리아인터넷.url
[2006/12/08 14:16:19 | 00,000,218 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\????? Startpage.co.kr ??????.url) -- C:\Documents and Settings\Administrator\Desktop\시작페이지 Startpage.co.kr 코리아인터넷.url

========== Alternate Data Streams ==========

@Alternate Data Stream - 49664 bytes -> C:\WINDOWS\explorer.exe:userini.exe
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23641A53
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:015DC393
< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:37 PM

Posted 11 November 2009 - 06:51 AM

Hi,

please run Combofix next, it should take a lot of the infections present on your system:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 rocho

rocho
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 11 November 2009 - 03:37 PM

hi myrti
i'm trying to run combo fix
this condensed message pops up: "alert it is not safe to continue. combo fix pkg compromised. please download new combofix @ bleeping computer. note: you may be infected with virus virut" and then it deletes from my computer.
i keep downloading the new one but it keeps doing the same thing.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:37 PM

Posted 11 November 2009 - 06:38 PM

Hi,

that doesn't sound good at all. :(

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


Please also run an online scan with Kaserpsky:
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
regards myrti

Edited by myrti, 11 November 2009 - 06:40 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 rocho

rocho
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 12 November 2009 - 05:20 PM

hi myrti!
thanks so much for replaying and i've tried all three links but all of them are unaccessible because of whatever has happened to my computer.
i receieve a page load error and this is what is shown in the browser: jar:file:///C:/Program%20Files/Mozilla%20Firefox/chrome/en-US.jar!/locale/browser-region/region.propertiesvirusscan.jotti.org.

i tried to put my computer into safe mode with networking or even revert back to the last good system configuration but my computer just reloads.
is there anything else i can possibly do?
thanks!!!

rojyan

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:37 PM

Posted 12 November 2009 - 06:29 PM

Hi,

please try to upload the files to virscan.org then.

Do you have another PC from which you could download clean files?
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 rocho

rocho
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 13 November 2009 - 10:48 PM

virus scan worked!!
here are the results:

File Name : explorer.exe
File Size : 1053184 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0858a0205537c862cbcc489e9957e1b4
SHA1 : 4b398c317d825efcc78780382242addb60e21bf9

Scanner results
Scanner results : 62% Scanner(s) (23/37) found malware!
Time : 2009/11/13 20:53:32 (CST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.5.0.8 20091114000235 2009-11-14 Trojan.Win32.Patched!IK 5.236
AhnLab V3 2009.11.14.00 2009.11.14 2009-11-14 Win32/Virut.F 1.195
AntiVir 8.2.1.65 7.1.6.235 2009-11-13 W32/Virut.Gen 0.522
Antiy 2.0.18 20091113.3257899 2009-11-13 - 0.124
Arcavir 2009 200911131819 2009-11-13 - 0.063
Authentium 5.1.1 200911132257 2009-11-13 W32/Virut.AI!Generic (Heuristic) 1.276
AVAST! 4.7.4 091113-1 2009-11-13 Win32:Vitro 0.053
AVG 8.5.288 270.14.64/2501 2009-11-14 - 1.511
BitDefender 7.81008.4544306 7.28912 2009-11-14 - 4.103
CA (VET) 35.1.0 7120 2009-11-13 Win32/Virut.17408 virus. 6.513
ClamAV 0.95.2 10022 2009-11-13 - 0.164
Comodo 3.12 2948 2009-11-14 - 1.810
CP Secure 1.3.0.5 2009.11.13 2009-11-13 - 0.422
Dr.Web 4.44.0.9170 2009.11.13 2009-11-13 Win32.Virut.56 6.819
F-Prot 4.4.4.56 20091113 2009-11-13 Possible W32/Virut.AI!Generic 1.298
F-Secure 7.02.73807 2009.11.13.15 2009-11-13 Virus.Win32.Virut.ce [AVP] 0.135
Fortinet 2.81-3.120 11.55 2009-11-13 - 0.395
GData 19.8824/19.556 20091114 2009-11-14 Virus.Win32.Virut.ce [Engine:A] 6.050
Ikarus T3.1.01.74 2009.11.13.74525 2009-11-13 Trojan.Win32.Patched 4.375
JiangMin 11.0.800 2009.11.13 2009-11-13 Win32/Virut.bo 11.942
Kaspersky 5.5.10 2009.11.13 2009-11-13 Virus.Win32.Virut.ce 0.070
KingSoft 2009.2.5.15 2009.11.13.22 2009-11-13 Win32.Virut.cr.61440 2.456
McAfee 5.3.00 5801 2009-11-13 W32/Virut.n.gen 3.493
Microsoft 1.5202 2009.11.14 2009-11-14 Virus:Win32/Virut.gen!O 6.833
Norman 6.01.09 6.01.00 2009-11-13 - 4.007
nProtect 20091113.01 6191652 2009-11-13 - 4.168
Panda 9.05.01 2009.11.12 2009-11-12 - 0.614
Quick Heal 10.00 2009.11.13 2009-11-13 W32.Virut.G 1.628
Rising 20.0 22.21.05.01 2009-11-14 Win32.Virut.cl 1.663
Sophos 3.00.1 4.46 2009-11-14 W32/Scribble-B 3.088
Sunbelt 5505 5505 2009-11-12 Virus.Win32.Virut.ce (v) 2.363
Symantec 1.3.0.24 20091113.003 2009-11-13 W32.Virut.CF 0.127
The Hacker 6.5.0.2 v00069 2009-11-13 - 0.727
Trend Micro 9.000-1003 6.624.05 2009-11-13 PE_VIRUX.J 0.038
VBA32 3.12.10.11 20091113.1444 2009-11-13 Virus.Win32.Virut.X7 2.019
ViRobot 20091113 2009.11.13 2009-11-13 - 0.427
VirusBuster 4.5.11.10 10.113.16/2013812 2009-11-13 - 3.602



File Name : AAWTray.exe
File Size : 788368 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 3acf4ef79afc707afb5d92ea26eab6aa
SHA1 : b7794a4d874a7541c600594b42aee349c6e6a726

Scanner results
Scanner results : Scanners did not find malware!
Time : 2009/11/13 21:29:24 (CST)

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:37 PM

Posted 15 November 2009 - 06:35 PM

Hi,

bad news :(

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Virux is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutThis kind of infection is contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smrgsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:If you need more information or help of some kind, please ask. :(
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:37 PM

Posted 24 November 2009 - 04:07 PM

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users