Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer gives black screen and freezes


  • This topic is locked This topic is locked
8 replies to this topic

#1 3e3e

3e3e

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 01 June 2010 - 08:47 PM

Hi

Im having problems with my computer which is most likely affected by virus...
I now cannot boot my computer on it goes to login screen and when i try to click on user computer starts to freeze or it just gives black screen when i boot n freezess...
I tried to boot to safe mode but still no luck it doesnt work. somehow the safemode option does not appear..

Therefore i cant post hjackthis log yet ;\

Kind of dont know what to do now ? is there anything i could do to avoid reinstalling window ?

even tried reinstalling but doesnt seem to load cuz it also freezes n give black screen

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:54 PM

Posted 03 June 2010 - 05:28 AM

Hello there,

Please try to follow the steps below. I will move this topic to the appropriate forum.

Please download OTLPE (filesize 120,9 MB)
  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 3e3e

3e3e
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 03 June 2010 - 10:16 PM

I somehow managed too make the computer working i can boot normaly now but avg detects virus and it cannot remove it.
I tried to reformat but somehow it goes to press any key to boot n then goes black screen again.
so my question is should i continue ur step or shud i do something else ?

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:54 PM

Posted 04 June 2010 - 03:21 AM

Depending a bit on what you want to accomplish ultimately smile.gif

Do you want to reformat and reinstall windows, or do you want to fix your current installation.

If you want to fix/cleanup, yes continue with those steps. Please let me know also what AVG detects.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 3e3e

3e3e
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 06 June 2010 - 04:36 PM

OTL logfile created on: 6/6/2010 8:26:33 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 124.43 Gb Free Space | 53.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (ra5y0y5joilxnnyu)
SRV - File not found [Disabled] -- -- (Hel080acc)
SRV - [2010/06/03 14:46:09 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/03 14:46:04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/18 12:01:28 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/04/27 23:12:20 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3a\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/01/19 13:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/01/15 14:00:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 18:25:05 | 000,068,096 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (XDva347)
DRV - File not found [Kernel | On_Demand] -- -- (XDva332)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (sejt1)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (InCDRm)
DRV - File not found [Kernel | System] -- -- (InCDPass)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto] -- -- (hjfzatcjuyswgnz)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | Auto] -- -- (EagleNTr)
DRV - File not found [Kernel | Auto] -- -- (EagleNTq)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/06/03 15:02:55 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/03 15:02:54 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/03 14:47:43 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/04/12 23:51:26 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3a\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/01/15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/10/06 11:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/09/12 16:00:50 | 000,041,680 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2008/09/12 16:00:46 | 000,095,888 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2008/08/18 16:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 17:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/10/28 22:04:52 | 000,611,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2006/09/05 20:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006/09/05 20:08:40 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/05 20:07:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm)
DRV - [2006/09/05 20:07:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl)
DRV - [2006/09/05 20:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006/09/05 20:06:28 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)
DRV - [2006/09/05 20:06:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)
DRV - [2005/11/10 16:44:12 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/05/06 08:27:00 | 000,232,064 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/04/26 08:30:20 | 000,025,424 | R--- | M] (Integrated Technology Express, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2005/01/19 18:30:52 | 000,067,200 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2004/11/01 15:21:32 | 000,010,368 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2004/10/14 05:52:28 | 000,004,962 | R--- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/13 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 19:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2001/08/17 10:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/04/09 09:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\penclass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.17
FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: fr-classique@dictionaries.addons.mozilla.org:3.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/03 15:04:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/25 17:13:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 17:28:57 | 000,000,000 | ---D | M]

[2008/08/25 18:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2010/06/05 20:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\36gkzjgu.default\extensions
[2010/01/07 14:16:36 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\36gkzjgu.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/01/07 14:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\36gkzjgu.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/04/03 13:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\36gkzjgu.default\extensions\anttoolbar@ant.com
[2010/02/07 16:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\36gkzjgu.default\extensions\fr@dictionaries.addons.mozilla.org
[2010/06/03 14:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\36gkzjgu.default\extensions\fr-classique@dictionaries.addons.mozilla.org
[2009/06/05 13:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\36gkzjgu.default\extensions\searchrecs@veoh.com
[2010/06/05 20:43:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/06/03 15:55:45 | 000,402,959 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13964 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Admin_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Admin_ON_C..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\Admin\WINDOWS\Start Menu\Programs\Startup\Workrave.lnk = C:\Program Files\Workrave\lib\Workrave.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Admin_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/16 23:18:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{f4e730d3-45cb-11db-bf20-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f4e730d3-45cb-11db-bf20-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4e730d3-45cb-11db-bf20-806d6172696f}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/05 22:34:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/06/05 21:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\LolClient
[2010/06/05 21:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/05 21:37:39 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/06/05 20:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\LeagueOfLegends6.1
[2010/06/05 20:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\PMB Files
[2010/06/04 15:31:24 | 126,850,486 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Admin\Desktop\OTLPENet.exe
[2010/06/04 00:08:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/03 23:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\AVG9
[2010/06/03 23:08:11 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2010/06/03 22:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2010/06/03 22:45:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/03 22:45:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/03 22:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/03 15:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/06/03 15:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010/06/03 14:51:59 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/06/03 14:47:52 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/03 14:47:49 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/03 14:47:43 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/03 14:47:39 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/03 14:47:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/03 14:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/01 22:16:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/01 22:13:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/01 22:13:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/01 22:13:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/01 22:13:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/01 22:09:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/01 21:59:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/19 21:36:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP
[2010/05/19 18:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/13 16:12:35 | 000,000,000 | ---D | C] -- C:\Windows Server
[2010/05/10 16:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010/05/10 16:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\StarCraft II Beta
[2010/05/10 16:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Blizzard Entertainment
[2010/05/10 14:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\StarCraft II Beta enUS 13891 Installer
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 19:18:55 | 025,690,112 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/06/06 19:18:55 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/06/06 19:18:55 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/06/06 19:18:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 19:18:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/06 19:18:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/06/06 18:12:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\prvlcl.dat
[2010/06/06 17:45:38 | 060,763,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/06 17:42:49 | 000,200,059 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/05 20:44:53 | 002,181,120 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\LeagueofLegends6_1.exe
[2010/06/05 20:25:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/04 15:31:38 | 126,850,486 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Admin\Desktop\OTLPENet.exe
[2010/06/03 23:55:51 | 000,000,259 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/03 23:37:32 | 003,702,826 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2010/06/03 15:55:45 | 000,402,959 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/03 15:12:41 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\EVEREST Home Edition.lnk
[2010/06/03 15:08:46 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\DivX Movies.lnk
[2010/06/03 15:02:55 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/03 15:02:54 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/03 14:47:54 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/03 14:47:43 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/03 14:47:39 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/03 14:10:12 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/01 22:46:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100603-155545.backup
[2010/06/01 22:16:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/31 18:14:46 | 000,144,384 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2010/05/25 21:45:32 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/05/25 21:45:32 | 000,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/05/25 20:22:30 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to Sounds and Audio Devices.lnk
[2010/05/19 21:35:29 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/05/19 20:23:48 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Spybot - Search & Destroy.lnk
[2010/05/13 16:54:28 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\BUDGET.xls
[2010/05/10 12:55:03 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2010/05/10 12:55:03 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/05 20:44:41 | 002,181,120 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\LeagueofLegends6_1.exe
[2010/06/03 15:12:41 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\EVEREST Home Edition.lnk
[2010/06/03 15:08:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\prvlcl.dat
[2010/06/03 15:08:46 | 000,001,469 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\DivX Movies.lnk
[2010/06/03 14:47:39 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/03 14:47:30 | 060,763,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/01 22:16:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/01 22:16:35 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/01 22:13:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/01 22:13:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/01 22:13:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/01 22:13:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/01 22:13:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/25 20:22:30 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to Sounds and Audio Devices.lnk
[2010/05/24 13:16:27 | 000,206,793 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/05/19 21:15:38 | 003,702,826 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2010/05/19 20:23:48 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Spybot - Search & Destroy.lnk
[2010/03/21 11:54:00 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2009/07/30 13:50:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2009/06/17 18:49:45 | 000,000,145 | ---- | C] () -- C:\WINDOWS\game.INI
[2009/06/02 16:00:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/02/04 20:18:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\booksmart.log
[2009/02/01 21:08:53 | 000,217,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/01/14 00:35:16 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/04 13:12:04 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT.rdtmp.LOG
[2008/10/04 13:12:04 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT.rdtmp.LOG
[2008/10/04 13:12:04 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin\NTUSER.DAT.rdtmp.LOG
[2008/10/01 21:41:50 | 000,095,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2008/10/01 21:16:51 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\winscp.rnd
[2008/08/20 18:21:51 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/08/20 18:21:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/04/04 22:02:14 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/04/04 22:02:14 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\4137D2F871.sys
[2008/01/05 15:37:03 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2007/12/21 20:41:55 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\PnkBstrK.sys
[2007/11/02 16:22:41 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/09/13 21:25:19 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007/08/17 12:54:34 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2007/07/20 11:49:03 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/06/29 11:37:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/06/29 11:30:42 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/06/29 11:30:42 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/06/29 11:30:41 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/03/11 23:29:01 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Admin\default.pls
[2007/01/10 08:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006/12/31 16:11:48 | 000,000,052 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/12/26 13:27:26 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/24 14:20:05 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2006/12/02 21:31:37 | 000,000,037 | ---- | C] () -- C:\WINDOWS\PRISME.INI
[2006/09/30 16:50:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/19 17:32:31 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/16 23:49:02 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2006/09/16 23:49:02 | 000,004,962 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2006/09/16 23:39:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/16 23:36:44 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/09/16 23:36:43 | 000,026,059 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/09/16 23:36:38 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/09/16 23:31:05 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/16 23:31:05 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/16 23:31:05 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/16 23:31:05 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/16 23:29:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/16 23:29:21 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/09/16 23:26:37 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Admin\ntuser.ini
[2006/09/16 23:26:36 | 000,094,208 | -H-- | C] () -- C:\Documents and Settings\Admin\ntuser.dat.LOG
[2006/09/16 23:26:35 | 025,690,112 | ---- | C] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2006/09/16 23:26:35 | 021,233,664 | ---- | C] () -- C:\Documents and Settings\Admin\NTUSER.DAT.rdbkp
[2006/09/16 23:25:50 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2006/09/16 23:25:49 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/09/16 23:25:49 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT.rdbkp
[2006/09/16 23:25:49 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/09/16 23:21:44 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2006/09/16 23:21:43 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT.rdbkp
[2006/09/16 23:21:43 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/09/16 23:21:43 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/09/16 12:51:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/09/16 12:51:48 | 000,000,191 | ---- | C] () -- C:\WINDOWS\Antidote.ini
[2005/04/28 00:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/28 00:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/08/04 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/03/09 16:31:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2008/10/01 20:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\.emacs.d
[2010/06/03 23:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG9
[2007/08/31 15:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Bioshock
[2009/11/16 14:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Blender Foundation
[2006/09/25 20:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Design Science
[2009/07/07 14:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\dota-allstars.71E01812711E1682B196CE418CDA466F24682743.1
[2009/07/07 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\dota_allstars
[2006/09/16 12:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Druide
[2006/11/26 16:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\e frontier
[2008/09/03 14:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FFSJ
[2008/12/28 18:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Gearbox Software
[2008/08/18 23:04:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Admin\Application Data\ijjigame
[2007/08/22 21:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\iShell
[2008/08/06 17:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leadertech
[2008/02/03 17:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Lionhead Studios
[2010/06/05 21:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\LolClient
[2008/12/28 21:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Opera
[2008/07/25 20:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Teleca
[2009/03/20 20:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\The Creative Assembly
[2009/12/31 17:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TNK Software
[2009/06/02 15:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Uniblue
[2010/01/10 17:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\WinFF
[2008/01/16 12:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Workrave
[2008/03/29 17:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Zoom Player

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 349780 bytes -> C:\WINDOWS\Temp:temp
< End of report >


#6 3e3e

3e3e
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 06 June 2010 - 04:49 PM

AVG detects Trojan horse Crypt.VUB
smss.exe
svchost.exe
object is inaccessible

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:54 PM

Posted 07 June 2010 - 01:38 AM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:54 PM

Posted 10 June 2010 - 06:18 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:54 PM

Posted 15 June 2010 - 06:08 AM

Due to lack of activity this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users