Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE opens new pages and sound problems


  • This topic is locked This topic is locked
29 replies to this topic

#1 cggators52

cggators52

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 18 March 2010 - 02:22 PM

Hello all,

First thank you in advance for any help you can give small or large.

My problem started about 3 months ago and have tried multiple things to fix it. While browsing my IE opens new pages that are almost always something doing with me being a winner or some sort and I know I'm not that lucky... lol... I also find that it will not allow me to run windows update either. Also, which I find bizarre, after sometime of leaving my computer running the sound will go out. If I go into control panel all the sound options are ghosted as if I had nothing installed. Upon restart the sound returns and all is back to normal.

I have downloaded Malwarebytes and it removes several things everynow and then. I run it at least 3 times a week. I ran the Windows live protection center because one of my fiends said it was good and removed a bunch of stuff. I had AVG at one point and that found nothing as well. I deleted AVG and am only running Malwarebytes on my computer. Idk if it helps but I have about 45 processes running in task manager and like 5 are iexplore.exe and 6 are svchost.exe and one of the svchost is around 60,000 k. My computer is not killing me but it really bothers when I have to reboot for sound. I system restored once and it didnt help so i figured its in there too. So whenever you get a chance just let me know if you think of anything.


Thanks again,
Chris

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:10 PM

Posted 18 March 2010 - 03:31 PM

Hello and welcome.. I am moving this from XP to the Am I Infected forum...

You do need an Antivirus.. Please install and run a scan with AVira.,, AntiVir <<--link
I use this free version..

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cggators52

cggators52
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 18 March 2010 - 03:47 PM

When I try to download Avira, it takes me to a Internet Explorer cannot display the webpage. Doesn't let me. I update my Malwarebytes everytime before I run a scan.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:10 PM

Posted 18 March 2010 - 03:58 PM

Let's try an online scan first

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 cggators52

cggators52
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 18 March 2010 - 05:29 PM

So I ran the F-scan and found 11 spyware and was able to download the Avira and it has already found over 15 files and I havent even ran the program... It found them itself so I say I am on the right track... I am currently running the Avira scan now so plz bear with me if possible... but here is the report. Thank you again


Scanning Report
Thursday, March 18, 2010 17:15:57 - 18:25:44
Computer name: CHRIS
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

11 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Adbrite (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Statcounter (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 46895
System: 3643
Not scanned: 17
Actions:
Disinfected: 11
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\5078714437.DLL
C:\WINDOWS\TEMP\5078714437.DLL.DLL
C:\WINDOWS\SYSTEM32\APIPOASERR.DLL
C:\WINDOWS\SYSTEM32\BDLLANDJE.DLL
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\EBXGJME.DLL
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\UVJWCZM9\PPV8[1].HTM
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\BIAD6I0O\S4[1].HTM
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\HSPERFDATA_OWNER\2496
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\HSPERFDATA_OWNER\3756
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\5HWKFYTE\UPDATE[2].EXE
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\5HWKFYTE\UPDATE[1].EXE



Here is the Avira report as well if you wanted it.... sorry for so much writing





Avira AntiVir Personal
Report file date: Thursday, March 18, 2010 18:31

Scanning for 1876413 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CHRIS

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 15:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 14:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 15:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 14:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 11:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 21:12:20
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:12:28
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:12:31
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 21:12:35
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 21:12:35
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 21:12:35
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 21:12:36
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 21:12:36
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 21:12:36
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 21:12:36
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 21:12:36
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 21:12:36
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 21:12:37
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 21:12:37
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 21:12:37
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 21:12:38
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 21:12:38
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 21:12:38
VBASE019.VDF : 7.10.5.122 2048 Bytes 3/18/2010 21:12:39
VBASE020.VDF : 7.10.5.123 2048 Bytes 3/18/2010 21:12:39
VBASE021.VDF : 7.10.5.124 2048 Bytes 3/18/2010 21:12:39
VBASE022.VDF : 7.10.5.125 2048 Bytes 3/18/2010 21:12:39
VBASE023.VDF : 7.10.5.126 2048 Bytes 3/18/2010 21:12:39
VBASE024.VDF : 7.10.5.127 2048 Bytes 3/18/2010 21:12:39
VBASE025.VDF : 7.10.5.128 2048 Bytes 3/18/2010 21:12:39
VBASE026.VDF : 7.10.5.129 2048 Bytes 3/18/2010 21:12:40
VBASE027.VDF : 7.10.5.130 2048 Bytes 3/18/2010 21:12:40
VBASE028.VDF : 7.10.5.131 2048 Bytes 3/18/2010 21:12:40
VBASE029.VDF : 7.10.5.132 2048 Bytes 3/18/2010 21:12:40
VBASE030.VDF : 7.10.5.133 2048 Bytes 3/18/2010 21:12:40
VBASE031.VDF : 7.10.5.136 153600 Bytes 3/18/2010 21:12:41
Engineversion : 8.2.1.194
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/18/2010 21:12:49
AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/18/2010 21:12:49
AESCN.DLL : 8.1.5.0 127347 Bytes 3/18/2010 21:12:48
AESBX.DLL : 8.1.2.1 254323 Bytes 3/18/2010 21:12:49
AERDL.DLL : 8.1.4.3 541043 Bytes 3/18/2010 21:12:47
AEPACK.DLL : 8.2.1.0 426356 Bytes 3/18/2010 21:12:47
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/18/2010 21:12:46
AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/18/2010 21:12:45
AEHELP.DLL : 8.1.10.2 237941 Bytes 3/18/2010 21:12:42
AEGEN.DLL : 8.1.2.2 373107 Bytes 3/18/2010 21:12:42
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 11:38:26
AECORE.DLL : 8.1.12.3 188789 Bytes 3/18/2010 21:12:41
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 11:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 19:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/18/2010 21:12:50
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 14:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 19:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 14:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 19:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 14:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 19:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 16:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, March 18, 2010 18:31

Starting search for hidden objects.
'78256' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'installe1r.exe.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'novacomd.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '59' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\7170e083-229f8056
[0] Archive type: ZIP
--> myf/y/PayloadX.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Age.nad.1 Java virus
--> myf/y/LoaderX.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Age.nac.1 Java virus
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\61\17a0bb7d-36136c8c
[0] Archive type: ZIP
--> myf/y/LoaderX.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.AE Java virus
--> myf/y/PayloadX.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.AD Java virus
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP302\A0064178.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP302\A0064179.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP335\A0083827.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP335\A0083828.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP336\A0083838.exe
[DETECTION] Is the TR/Drop.Agen.uio.67 Trojan
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP336\A0084836.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP337\A0086859.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP337\A0086860.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP343\A0090924.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093013.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093014.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093015.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093016.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093017.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093018.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093019.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093020.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093021.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093022.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093023.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093024.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093025.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093026.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093027.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093028.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093029.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093030.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093031.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093032.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093033.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093034.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093035.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093036.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093037.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093038.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093039.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093040.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093041.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093042.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093043.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093044.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\WINDOWS\system32\apipoaserr.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\WINDOWS\system32\bdllandje.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\WINDOWS\system32\ebxgjme.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\WINDOWS\system32\nmklo.dll
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\5078714437.dll
[DETECTION] Contains recognition pattern of the WORM/Autorun.benm worm
C:\WINDOWS\Temp\5078714437.dll.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\WINDOWS\Temp\jar_cache1258004677861823052.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache1497308364774135254.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache1618626854640022111.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache1704732556474911523.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache1977883160124335364.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache3138984201503815691.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache4391870428329779718.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache4450603428971742344.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache4748699116965574827.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache5896561829774947613.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache6829815953884510757.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache6905364072575748057.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache6933193492717723645.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache7221285832991524937.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache7610057971385495211.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache824546109566061946.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache8282709978432574633.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache8484366692948972376.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache8739564713396898479.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\WINDOWS\Temp\jar_cache9150395737741473553.tmp
[0] Archive type: ZIP
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
Begin scan in 'D:\'

Beginning disinfection:
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\7170e083-229f8056
[NOTE] The file was moved to '4bd9be99.qua'!
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\61\17a0bb7d-36136c8c
[NOTE] The file was moved to '4c03be9f.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP302\A0064178.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4bd2be98.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP302\A0064179.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4a35eee1.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP335\A0083827.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ff9cf09.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP335\A0083828.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4a3ae6d9.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP336\A0083838.exe
[DETECTION] Is the TR/Drop.Agen.uio.67 Trojan
[NOTE] The file was moved to '4a37fe71.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP336\A0084836.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4a318fc1.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP337\A0086859.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4a053661.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP337\A0086860.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4a3687b9.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP343\A0090924.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2be99.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093013.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4ffc3672.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093014.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4ffd2e2a.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093015.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2be9a.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093016.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2be9b.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093017.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4a38d94c.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093018.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4fe1168c.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093019.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4fe61144.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093020.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2be9c.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093021.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2be9d.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093022.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2be9e.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093023.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4fea7067.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093024.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2be9f.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093025.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2bea0.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093026.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2bea2.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093027.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4fee50bb.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093028.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4fef4b43.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093029.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2bea3.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093030.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4f92bbd4.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093031.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2bea4.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093032.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4f90aba5.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093033.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4f91a26d.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093034.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4f969a35.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093035.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2bea6.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093036.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4f948a87.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093037.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2bea7.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093038.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4f9afd18.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093039.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2bea9.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093040.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4f98edea.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093041.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2beaa.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093042.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4f9edc7b.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093043.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2beab.qua'!
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP349\A0093044.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4bd2beac.qua'!
C:\WINDOWS\system32\apipoaserr.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4c0bbeef.qua'!
C:\WINDOWS\system32\bdllandje.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4c0ebee9.qua'!
C:\WINDOWS\system32\ebxgjme.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4855c4d1.qua'!
C:\WINDOWS\Temp\5078714437.dll
[DETECTION] Contains recognition pattern of the WORM/Autorun.benm worm
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4a3ff67f.qua'!
C:\WINDOWS\Temp\5078714437.dll.dll
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4f8f0e72.qua'!
C:\WINDOWS\Temp\jar_cache1258004677861823052.tmp
[NOTE] The file was moved to '4c14bf04.qua'!
C:\WINDOWS\Temp\jar_cache1497308364774135254.tmp
[NOTE] The file was moved to '48401e15.qua'!
C:\WINDOWS\Temp\jar_cache1618626854640022111.tmp
[NOTE] The file was moved to '4c14bf05.qua'!
C:\WINDOWS\Temp\jar_cache1704732556474911523.tmp
[NOTE] The file was moved to '484117de.qua'!
C:\WINDOWS\Temp\jar_cache1977883160124335364.tmp
[NOTE] The file was moved to '48c95e96.qua'!
C:\WINDOWS\Temp\jar_cache3138984201503815691.tmp
[NOTE] The file was moved to '48c866ce.qua'!
C:\WINDOWS\Temp\jar_cache4391870428329779718.tmp
[NOTE] The file was moved to '48ca565e.qua'!
C:\WINDOWS\Temp\jar_cache4450603428971742344.tmp
[NOTE] The file was moved to '4843076e.qua'!
C:\WINDOWS\Temp\jar_cache4748699116965574827.tmp
[NOTE] The file was moved to '484c7a46.qua'!
C:\WINDOWS\Temp\jar_cache5896561829774947613.tmp
[NOTE] The file was moved to '484d682e.qua'!
C:\WINDOWS\Temp\jar_cache6829815953884510757.tmp
[NOTE] The file was moved to '484e5616.qua'!
C:\WINDOWS\Temp\jar_cache6905364072575748057.tmp
[NOTE] The file was moved to '484f4aee.qua'!
C:\WINDOWS\Temp\jar_cache6933193492717723645.tmp
[NOTE] The file was moved to '4849bdc6.qua'!
C:\WINDOWS\Temp\jar_cache7221285832991524937.tmp
[NOTE] The file was moved to '484aabae.qua'!
C:\WINDOWS\Temp\jar_cache7610057971385495211.tmp
[NOTE] The file was moved to '484b9996.qua'!
C:\WINDOWS\Temp\jar_cache824546109566061946.tmp
[NOTE] The file was moved to '4874877e.qua'!
C:\WINDOWS\Temp\jar_cache8282709978432574633.tmp
[NOTE] The file was moved to '4875fa56.qua'!
C:\WINDOWS\Temp\jar_cache8484366692948972376.tmp
[NOTE] The file was moved to '4876e83e.qua'!
C:\WINDOWS\Temp\jar_cache8739564713396898479.tmp
[NOTE] The file was moved to '4877d626.qua'!
C:\WINDOWS\Temp\jar_cache9150395737741473553.tmp
[NOTE] The file was moved to '4870cafe.qua'!


End of the scan: Thursday, March 18, 2010 20:00
Used time: 1:28:13 Hour(s)

The scan has been done completely.

10533 Scanned directories
456315 Files were scanned
90 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
68 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
456222 Files not concerned
8538 Archives were scanned
8 Warnings
70 Notes
78256 Objects were scanned with rootkit scan
0 Hidden objects were found


Edited by cggators52, 18 March 2010 - 07:02 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:10 PM

Posted 19 March 2010 - 09:30 AM

Hi, we are making good progress..
I need to know what JAVA is on here.
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 cggators52

cggators52
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 19 March 2010 - 01:08 PM

Got a problem... Ran into blue screen saying unable to locate component... User32.dll c0000135... Won't restart so replying from phone... Lol

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:10 PM

Posted 19 March 2010 - 03:49 PM

I am asking someone about this

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,829 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:10 PM

Posted 20 March 2010 - 04:56 AM

Hello, I'm moving this topic so we can use some more advanced tools.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use Safelist
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 cggators52

cggators52
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 24 March 2010 - 02:47 PM

Sorry it took me so long... I didnt have a blank cd and it took me forever to get one. I'm sorry if it took me so long and any further help would be greatly appreciated! I ran the cd and ran OTLPE but it didnt ask me the first question. Just the "Do you wish to load remote user profile(s) for scanning". Dont know if that was fine or not




OTL logfile created on: 3/24/2010 4:15:58 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 61.00% Memory free
458.00 Mb Paging File | 336.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 33.13 Gb Free Space | 38.38% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 3.99 Gb Free Space | 58.41% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Auto] -- -- (avg8wd)
SRV - File not found [Auto] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/02 17:28:58 | 000,030,720 | ---- | M] () [Auto] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/16 20:31:11 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot] -- -- (Lbd)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/10 14:50:07 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/08/10 14:49:55 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/10 14:49:52 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/28 15:33:56 | 000,055,656 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/16 20:13:20 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/02/11 05:52:00 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/02 02:39:20 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/17 09:27:00 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/11/04 20:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/08 11:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/08/30 01:39:00 | 000,190,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/28 04:03:42 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/06/28 04:02:34 | 000,034,048 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/06/17 03:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 03:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 03:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.aol.com/?ncid=aolmas00050000000002 [binary data]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.CHRIS.000_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
IE - HKU\Administrator.CHRIS.000_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
IE - HKU\Administrator.CHRIS.000_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?src=customie7
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://my.aol.com/?ncid=aolmas00050000000002 [binary data]
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1




O1 HOSTS File: ([2010/01/23 03:34:05 | 000,000,167 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\Owner_ON_C..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\Owner_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\Owner_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Administrator.CHRIS.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: bafepewav - {71d90d35-ddf7-4c6c-8b73-efa68be41b13} - C:\WINDOWS\System32\paduyodi.dll File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\ebxgjme.dll File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\TEMP\5078714437.dll File not found
O22 - SharedTaskScheduler: {71d90d35-ddf7-4c6c-8b73-efa68be41b13} - tokatiluy - C:\WINDOWS\System32\paduyodi.dll File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 14:13:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\av.exe" /START "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/19 13:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/03/19 13:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/19 13:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/19 13:38:58 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/03/18 17:06:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/03/18 17:06:13 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/03/18 17:06:12 | 000,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/03/18 17:06:12 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/03/18 17:06:12 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/03/18 17:06:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/03/18 17:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/03/18 14:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/18 00:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/03/16 08:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/03/16 08:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/03/15 01:30:39 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/10 15:23:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NetworkService\Recent
[2010/03/10 15:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Start Menu
[2010/03/10 15:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop
[2010/03/09 22:16:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2010/03/09 22:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Start Menu
[2010/03/06 12:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2010/03/05 15:25:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.CHRIS.000\IETldCache
[2010/03/05 15:25:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Application Data\Microsoft
[2010/03/05 15:25:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\SendTo
[2010/03/05 15:25:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Recent
[2010/03/05 15:25:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Application Data
[2010/03/05 15:25:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\My Documents\My Pictures
[2010/03/05 15:25:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\My Documents\My Music
[2010/03/05 15:25:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\My Documents
[2010/03/05 15:25:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Favorites
[2010/03/05 15:25:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Cookies
[2010/03/05 15:25:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\PrintHood
[2010/03/05 15:25:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\NetHood
[2010/03/05 15:25:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Local Settings
[2010/03/05 15:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Application Data\Sun
[2010/03/05 15:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Application Data\SampleView
[2010/03/05 15:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Local Settings\Application Data\Microsoft Help
[2010/03/05 15:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Local Settings\Application Data\Microsoft
[2010/03/05 15:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Application Data\Identities
[2010/03/05 15:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Desktop
[2010/03/05 15:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Local Settings\Application Data\ApplicationHistory
[2010/03/05 15:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2010/03/05 15:25:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Start Menu
[2010/03/05 15:25:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\Templates
[2010/03/05 15:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.CHRIS.000\WINDOWS
[2010/03/01 20:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG8
[2010/03/01 20:53:22 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2010/03/01 12:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/02/28 19:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ESET
[2010/02/27 05:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/02/25 23:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/23 01:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/22 01:20:13 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/22 01:20:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/19 13:53:48 | 004,296,958 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/03/19 13:39:50 | 007,757,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/03/19 13:37:58 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/03/19 13:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/19 11:21:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/03/19 05:04:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/03/18 23:38:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/03/18 18:09:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\mqcd.dbt
[2010/03/18 18:08:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\veyi.r3
[2010/03/18 18:08:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\3fse.sr
[2010/03/18 18:08:19 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\fe6hbfe1.an
[2010/03/18 18:08:19 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\feq2.zt
[2010/03/18 18:08:18 | 000,080,384 | ---- | M] () -- C:\WINDOWS\System32\dfg5j.fw
[2010/03/18 18:07:56 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\nmklo.dll
[2010/03/18 18:07:46 | 000,236,544 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010/03/18 17:56:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/18 17:49:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/03/18 17:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\sppncbjj.job
[2010/03/18 16:57:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/18 16:56:14 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/18 16:56:14 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/18 16:56:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/18 16:56:03 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/03/18 14:57:45 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/03/18 13:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/16 18:10:40 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010/03/15 16:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/14 12:10:59 | 000,003,748 | ---- | M] () -- C:\WINDOWS\System32\ajenias.dat
[2010/03/14 12:09:40 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 12:09:40 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 12:09:40 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 12:04:32 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/05 17:03:20 | 000,013,034 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\04lB
[2010/03/05 15:28:08 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator.CHRIS.000\NTUSER.DAT
[2010/03/05 15:28:08 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.CHRIS.000\ntuser.ini
[2010/03/05 15:28:06 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.CHRIS.000\Local Settings\Application Data\IconCache.db
[2010/03/05 15:27:44 | 000,013,504 | -HS- | M] () -- C:\Documents and Settings\Administrator.CHRIS.000\Local Settings\Application Data\04lB
[2010/03/05 15:25:26 | 000,077,480 | ---- | M] () -- C:\Documents and Settings\Administrator.CHRIS.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/05 14:33:57 | 000,014,304 | -HS- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\04lB
[2010/03/03 21:52:29 | 000,011,090 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Tgc471L76b
[2010/03/02 17:04:27 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/02 01:42:48 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\My Computer.lnk
[2010/03/01 11:47:14 | 056,483,219 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\waduwupo
[2010/03/19 14:01:09 | 535,351,296 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/19 13:39:44 | 007,757,856 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/03/18 18:09:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mqcd.dbt
[2010/03/18 18:08:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\veyi.r3
[2010/03/18 18:08:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\3fse.sr
[2010/03/18 18:08:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fe6hbfe1.an
[2010/03/18 18:08:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\feq2.zt
[2010/03/18 18:08:18 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\dfg5j.fw
[2010/03/18 18:07:55 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\nmklo.dll
[2010/03/18 18:07:53 | 000,236,544 | ---- | C] () -- C:\WINDOWS\System32\cooper.mine
[2010/03/18 14:57:45 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/03/16 05:39:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/03/16 05:39:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/03/16 05:39:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/03/16 05:39:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/03/14 12:10:59 | 000,003,748 | ---- | C] () -- C:\WINDOWS\System32\ajenias.dat
[2010/03/05 15:25:23 | 000,013,504 | -HS- | C] () -- C:\Documents and Settings\Administrator.CHRIS.000\Local Settings\Application Data\04lB
[2010/03/05 15:25:01 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator.CHRIS.000\NTUSER.DAT
[2010/03/05 15:25:01 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator.CHRIS.000\ntuser.ini
[2010/03/05 15:15:52 | 000,013,034 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\04lB
[2010/03/05 11:33:12 | 000,014,304 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\04lB
[2010/03/04 03:29:54 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2010/03/03 21:50:14 | 000,011,090 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Tgc471L76b
[2010/03/02 01:42:47 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\My Computer.lnk
[2009/08/31 22:51:53 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/07/12 22:31:32 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/06/21 17:43:31 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 15:50:56 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/05/27 14:41:53 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/05/13 15:35:23 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/16 22:59:10 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/03/16 20:28:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/27 03:10:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 12:53:24 | 000,001,260 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 12:53:24 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/04 01:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys

========== LOP Check ==========

[2009/06/07 13:35:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2009/03/16 20:40:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
[2009/03/16 20:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.CHRIS.000\Application Data\SampleView
[2009/08/05 12:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/17 00:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/01/20 04:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2009/09/03 17:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CanuckSoftware
[2009/03/18 14:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/10/04 21:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HorizonWimba
[2009/10/30 10:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2009/09/22 18:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Kawa
[2009/03/16 20:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/07/12 22:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/03/15 16:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/03/19 05:04:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/03/18 23:38:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/03/18 17:49:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/03/19 11:21:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/03/19 13:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/03/18 17:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\sppncbjj.job

========== Purity Check ==========


< End of report >


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,829 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:10 PM

Posted 24 March 2010 - 03:25 PM

Hello again,

No problem, the log looks fine smile.gif

Well, at least as fine as it is supposed to look regarding the infections you have.

We have a nasty rootkit on board, but before we can fix it, we need to look for replacement copies.

Please re-run OTLPE and copy/paste the text in the codebox below into the "custom scan/fix" field. Click "None" and "Run Scan".
CODE
/md5start
atapi.sys
/md5stop


Post me the log (this will be a short one).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 cggators52

cggators52
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 24 March 2010 - 03:38 PM

Thanks for the speedy reply! I really appreciate it!


OTL logfile created on: 3/24/2010 5:31:51 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 264.00 Mb Available Physical Memory | 52.00% Memory free
458.00 Mb Paging File | 297.00 Mb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 33.13 Gb Free Space | 38.38% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 3.99 Gb Free Space | 58.41% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/01 09:28:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/04/01 09:28:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] () MD5=7F97530FF5FBFF49648513A3A9DC7141 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 16-03-09 1553\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
< End of report >


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,829 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:10 PM

Posted 24 March 2010 - 03:59 PM

Okay, now lets do some fixing smile.gif

Please re-run OTLPE, and copy/paste the text in the codebox below into the "custom scan/fix" field. Click "Run Fix".

CODE
:files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace

:otl
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O21 - SSODL: bafepewav - {71d90d35-ddf7-4c6c-8b73-efa68be41b13} - C:\WINDOWS\System32\paduyodi.dll File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\ebxgjme.dll File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\TEMP\5078714437.dll File not found
O22 - SharedTaskScheduler: {71d90d35-ddf7-4c6c-8b73-efa68be41b13} - tokatiluy - C:\WINDOWS\System32\paduyodi.dll File not found
O37 - HKLM\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\av.exe" /START "%1" %* File not found
[2010/03/19 13:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/19 11:21:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/03/19 05:04:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/03/18 23:38:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/03/18 18:09:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\mqcd.dbt
[2010/03/18 18:08:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\veyi.r3
[2010/03/18 18:08:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\3fse.sr
[2010/03/18 18:08:19 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\fe6hbfe1.an
[2010/03/18 18:08:19 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\feq2.zt
[2010/03/18 18:08:18 | 000,080,384 | ---- | M] () -- C:\WINDOWS\System32\dfg5j.fw
[2010/03/18 18:07:56 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\nmklo.dll
[2010/03/18 17:49:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/03/18 17:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\sppncbjj.job
[2010/03/14 12:10:59 | 000,003,748 | ---- | M] () -- C:\WINDOWS\System32\ajenias.dat
[2010/03/05 15:27:44 | 000,013,504 | -HS- | M] () -- C:\Documents and Settings\Administrator.CHRIS.000\Local Settings\Application Data\04lB
[2010/03/05 14:33:57 | 000,014,304 | -HS- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\04lB
[2010/03/03 21:52:29 | 000,011,090 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Tgc471L76b
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\waduwupo

:commands
[emptytemp]


Afterwards boot normally and let me know how everything is running. Do NOT attempt any other steps!

Edited by elise025, 24 March 2010 - 04:02 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 cggators52

cggators52
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 24 March 2010 - 04:08 PM

I ran the fix and when it finished rebooted(without the cd in) and still got the same blue screen saying Stop: c0000135 message about the USER32.dll

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,829 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:10 PM

Posted 24 March 2010 - 04:15 PM

Ouch, completely forgot to look for that file as well.

Please copy the following text into OTLPE and click "run scan". Post me the log afterwards.
CODE
/md5start
user32.dll
/md5stop

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users